Merge pull request #1381 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.62.1

chore(deps): Bump @docker/actions-toolkit from 0.61.0 to 0.62.1
chore: update generated content
2025-06-09 21:00:40 +02:00 · 2025-05-27 18:32:33 +02:00 · 2025-05-27 18:24:03 +02:00 · 2025-05-27 18:23:18 +02:00 · 2025-05-27 16:21:00 +00:00 · 2025-05-15 15:48:50 +02:00
89 changed files with 15533 additions and 23344 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,2 +1,12 @@
 /coverage
-/node_modules
+
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/cache
 .yarn/unplugged
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
--- a/.eslintignore
+++ b/.eslintignore
@ -0,0 +1,3 @@
 /dist/**
 /coverage/**
 /node_modules/**
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -0,0 +1,24 @@
 {
  "env": {
    "node": true,
    "es6": true,
    "jest": true
  },
  "extends": [
    "eslint:recommended",
    "plugin:@typescript-eslint/eslint-recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:jest/recommended",
    "plugin:prettier/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": 2023,
    "sourceType": "module"
  },
  "plugins": [
    "@typescript-eslint",
    "jest",
    "prettier"
  ]
 }
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +1,4 @@
 /.yarn/releases/** binary
 /.yarn/plugins/** binary
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1 +0,0 @@
 *	@crazy-max
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@ -0,0 +1,3 @@
 # Code of conduct
 - [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@ -0,0 +1,101 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
 name: Bug Report
 description: Report a bug
 labels:
  - status/triage
 body:
  - type: markdown
    attributes:
      value: |
        Thank you for taking the time to report a bug!
        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
        Before submitting a bug report, check out the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
  - type: checkboxes
    attributes:
      label: Contributing guidelines
      description: >
        Make sure you've read the contributing guidelines before proceeding.
      options:
        - label: I've read the [contributing guidelines](https://github.com/docker/build-push-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
          required: true
  - type: checkboxes
    attributes:
      label: "I've found a bug, and:"
      description: |
        Make sure that your request fulfills all of the following requirements.
        If one requirement cannot be satisfied, explain in detail why.
      options:
        - label: The documentation does not mention anything about my problem
        - label: There are no open or closed issues that are related to my problem
  - type: textarea
    attributes:
      label: Description
      description: >
        Provide a brief description of the bug in 1-2 sentences.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Expected behaviour
      description: >
        Describe precisely what you'd expect to happen.
    validations:
      required: true
  - type: textarea
    attributes:
      label: Actual behaviour
      description: >
        Describe precisely what is actually happening.
    validations:
      required: true
  - type: input
    attributes:
      label: Repository URL
      description: >
        Enter the URL of the repository where you are experiencing the
        issue. If your repository is private, provide a link to a minimal
        repository that reproduces the issue.
  - type: input
    attributes:
      label: Workflow run URL
      description: >
        Enter the URL of the GitHub Action workflow run, if public.
  - type: textarea
    attributes:
      label: YAML workflow
      description: |
        Provide the YAML of the workflow that's causing the issue.
        Make sure to remove any sensitive information.
      render: yaml
    validations:
      required: true
  - type: textarea
    attributes:
      label: Workflow logs
      description: >
        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
        and make sure to remove any sensitive information.
  - type: textarea
    attributes:
      label: BuildKit logs
      description: >
        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
      render: text
  - type: textarea
    attributes:
      label: Additional info
      description: |
        Provide any additional information that could be useful.
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -1,37 +0,0 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 ---
 ### Troubleshooting
 Before submitting a bug report please read the [Troubleshooting doc](https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md).
 ### Behaviour
 #### Steps to reproduce this issue
 1.
 2.
 3.
 #### Expected behaviour
 > Tell us what should happen
 #### Actual behaviour
 > Tell us what happens instead
 ### Configuration
 * Repository URL (if public): 
 * Build URL (if public): 
 ```yml
 # paste your YAML workflow file here and remove sensitive data
 ```
 ### Logs
 > Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs) and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,9 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
 blank_issues_enabled: true
 contact_links:
  - name: Questions and Discussions
    url: https://github.com/docker/build-push-action/discussions/new
    about: Use Github Discussions to ask questions and/or open discussion topics.
  - name: Documentation
    url: https://docs.docker.com/build/ci/github-actions/
    about: Read the documentation.
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@ -0,0 +1,15 @@
 # https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
 name: Feature request
 description: Missing functionality? Come tell us about it!
 labels:
  - kind/enhancement
  - status/triage
 body:
  - type: textarea
    id: description
    attributes:
      label: Description
      description: What is the feature you want to see?
    validations:
      required: true
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -0,0 +1,12 @@
 # Reporting security issues
 The project maintainers take security seriously. If you discover a security
 issue, please bring it to their attention right away!
 **Please _DO NOT_ file a public issue**, instead send your report privately to
 [security@docker.com](mailto:security@docker.com).
 Security reports are greatly appreciated, and we will publicly thank you for it.
 We also like to send gifts&mdash;if you'd like Docker swag, make sure to let
 us know. We currently do not offer a paid security bounty program, but are not
 ruling it out in the future.
--- a/.github/SUPPORT.md
+++ b/.github/SUPPORT.md
@ -1,31 +0,0 @@
 # Support [![](https://isitmaintained.com/badge/resolution/docker/build-push-action.svg)](https://isitmaintained.com/project/docker/build-push-action)
 First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md).
 ## Reporting an issue
 Please do a search in [open issues](https://github.com/docker/build-push-action/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
 If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
 :+1: - upvote
 :-1: - downvote
 If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
 ## Writing good bug reports and feature requests
 File a single issue per problem and feature request.
 * Do not enumerate multiple bugs or feature requests in the same issue.
 * Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
 The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
 You are now ready to [create a new issue](https://github.com/docker/build-push-action/issues/new/choose)!
 ## Closure policy
 * Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
 * Issues that go a week without a response from original poster are subject to closure at our discretion.
--- a/.github/build-push-action.png
+++ b/.github/build-push-action.png
--- a/.github/build-push-summary.png
+++ b/.github/build-push-summary.png
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -11,6 +11,7 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
    versioning-strategy: "increase"
    allow:
      - dependency-type: "production"
    labels:
--- a/.github/e2e/distribution/env
+++ b/.github/e2e/distribution/env
@ -0,0 +1,5 @@
 REGISTRY_FQDN=localhost:8080
 REGISTRY_SLUG=localhost:8080/test-docker-action
 DISTRIBUTION_HOST=localhost
 DISTRIBUTION_PORT=8080
--- a/.github/e2e/distribution/install.sh
+++ b/.github/e2e/distribution/install.sh
@ -0,0 +1,13 @@
 #!/usr/bin/env bash
 set -eu
 : "${DISTRIBUTION_VERSION:=2}"
 : "${DISTRIBUTION_HOST:=localhost}"
 : "${DISTRIBUTION_PORT:=8080}"
 echo "::group::Starting registry:${DISTRIBUTION_VERSION}"
 (
  set -x
  docker run -d --name registry -p "${DISTRIBUTION_PORT}:5000" "registry:${DISTRIBUTION_VERSION}"
 )
 echo "::endgroup::"
--- a/.github/e2e/harbor/env
+++ b/.github/e2e/harbor/env
@ -0,0 +1,8 @@
 REGISTRY_FQDN=localhost:8081
 REGISTRY_USER=admin
 REGISTRY_PASSWORD=Harbor12345
 REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
 HARBOR_HOST=localhost
 HARBOR_PORT=8081
 HARBOR_PROJECT=test-docker-action
--- a/.github/e2e/harbor/install.sh
+++ b/.github/e2e/harbor/install.sh
@ -0,0 +1,79 @@
 #!/usr/bin/env bash
 set -eu
 : "${HARBOR_VERSION:=v2.7.0}"
 : "${HARBOR_HOST:=localhost}"
 : "${HARBOR_PORT:=49154}"
 : "${REGISTRY_USER:=admin}"
 : "${REGISTRY_PASSWORD:=Harbor12345}"
 : "${HARBOR_PROJECT:=test-docker-action}"
 project_post_data() {
  cat <<EOF
 {
  "project_name": "$HARBOR_PROJECT",
  "public": true
 }
 EOF
 }
 export TERM=xterm
 # download
 echo "::group::Downloading Harbor $HARBOR_VERSION"
 (
  cd /tmp
  set -x
  wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
  tar xvf harbor-online-installer.tgz
 )
 echo "::endgroup::"
 # config
 echo "::group::Configuring Harbor"
 (
  cd /tmp/harbor
  set -x
  cp harbor.yml.tmpl harbor.yml
  harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
  tee harbor.yml <<<"$harborConfig" >/dev/null
  yq --no-colors harbor.yml
 )
 echo "::endgroup::"
 # install and start
 echo "::group::Installing Harbor"
 (
  cd /tmp/harbor
  set -x
  ./install.sh
  sleep 10
  netstat -aptn
 )
 echo "::endgroup::"
 # compose config
 echo "::group::Compose config"
 (
  cd /tmp/harbor
  set -x
  docker compose config
 )
 echo "::endgroup::"
 # create project
 echo "::group::Creating project"
 (
  set -x
  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
 )
 echo "::endgroup::"
 # list projects
 echo "::group::List projects"
 (
  set -x
  curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
 )
 echo "::endgroup::"
--- a/.github/e2e/nexus/docker-compose.yml
+++ b/.github/e2e/nexus/docker-compose.yml
@ -0,0 +1,8 @@
 services:
  nexus:
    image: sonatype/nexus3:${NEXUS_VERSION:-latest}
    volumes:
      - "./data:/nexus-data"
    ports:
      - "8081:8081"
      - "8082:8082"
--- a/.github/e2e/nexus/env
+++ b/.github/e2e/nexus/env
@ -0,0 +1,9 @@
 REGISTRY_FQDN=localhost:8082
 REGISTRY_USER=admin
 REGISTRY_PASSWORD=Nexus12345
 REGISTRY_SLUG=localhost:8082/test-docker-action
 NEXUS_HOST=localhost
 NEXUS_PORT=8081
 NEXUS_REGISTRY_PORT=8082
 NEXUS_REPO=test-docker-action
--- a/.github/e2e/nexus/install.sh
+++ b/.github/e2e/nexus/install.sh
@ -0,0 +1,93 @@
 #!/usr/bin/env bash
 set -eu
 SCRIPT_DIR=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
 : "${NEXUS_VERSION:=3.47.1}"
 : "${NEXUS_HOST:=localhost}"
 : "${NEXUS_PORT:=8081}"
 : "${NEXUS_REGISTRY_PORT:=8082}"
 : "${REGISTRY_USER:=admin}"
 : "${REGISTRY_PASSWORD:=Nexus12345}"
 : "${NEXUS_REPO:=test-docker-action}"
 createrepo_post_data() {
  cat <<EOF
 {
  "name": "${NEXUS_REPO}",
  "online": true,
  "storage": {
    "blobStoreName": "default",
    "strictContentTypeValidation": true,
    "writePolicy": "ALLOW"
  },
  "docker": {
    "v1Enabled": false,
    "forceBasicAuth": true,
    "httpPort": ${NEXUS_REGISTRY_PORT},
    "httpsPort": null,
    "subdomain": null
  }
 }
 EOF
 }
 export NEXUS_VERSION
 mkdir -p /tmp/nexus/data
 chown 200:200 /tmp/nexus/data
 cp "${SCRIPT_DIR}/docker-compose.yml" /tmp/nexus/docker-compose.yml
 echo "::group::Pulling Nexus $NEXUS_VERSION"
 (
  cd /tmp/nexus
  set -x
  docker compose pull
 )
 echo "::endgroup::"
 echo "::group::Compose config"
 (
  cd /tmp/nexus
  set -x
  docker compose config
 )
 echo "::endgroup::"
 echo "::group::Running Nexus"
 (
  cd /tmp/nexus
  set -x
  docker compose up -d
 )
 echo "::endgroup::"
 echo "::group::Running Nexus"
 (
  cd /tmp/nexus
  set -x
  docker compose up -d
 )
 echo "::endgroup::"
 echo "::group::Waiting for Nexus to be ready"
 until $(curl --output /dev/null --silent --head --fail "http://$NEXUS_HOST:$NEXUS_PORT"); do
  printf '.'
  sleep 5
 done
 echo "::endgroup::"
 echo "::group::Change user's password"
 (
  set -x
  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$(cat /tmp/nexus/data/admin.password)" -X PUT -H 'Content-Type: text/plain' -d "$REGISTRY_PASSWORD" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/security/users/$REGISTRY_USER/change-password"
 )
 echo "::endgroup::"
 echo "::group::Create Docker repository"
 (
  set -x
  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H 'Content-Type: application/json' -d "$(createrepo_post_data)" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/repositories/docker/hosted"
 )
 echo "::endgroup::"
--- a/.github/workflows/.e2e-run.yml
+++ b/.github/workflows/.e2e-run.yml
@ -0,0 +1,134 @@
 # reusable workflow
 name: .e2e-run
 on:
  workflow_call:
    inputs:
      id:
        required: false
        type: string
      type:
        required: true
        type: string
      name:
        required: true
        type: string
      registry:
        required: false
        type: string
      slug:
        required: false
        type: string
      username_secret:
        required: false
        type: string
      password_secret:
        required: false
        type: string
 env:
  HARBOR_VERSION: v2.7.0
  NEXUS_VERSION: 3.47.1
  DISTRIBUTION_VERSION: 2.8.1
 jobs:
  run:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          -
            buildx_version: edge
            buildkit_image: moby/buildkit:latest
          -
            buildx_version: latest
            buildkit_image: moby/buildkit:buildx-stable-1
          -
            buildx_version: https://github.com/docker/buildx.git#master
            buildkit_image: moby/buildkit:master
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up env
        if: inputs.type == 'local'
        run: |
          cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV
      -
        name: Set up BuildKit config
        run: |
          touch /tmp/buildkitd.toml
          if [ "${{ inputs.type }}" = "local" ]; then
            echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
          fi
      -
        name: Set up Docker daemon
        if: inputs.type == 'local'
        run: |
          if [ ! -e /etc/docker/daemon.json ]; then
            echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
          fi
          DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
          sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
          cat /etc/docker/daemon.json
          sudo service docker restart
      -
        name: Install ${{ inputs.name }}
        if: inputs.type == 'local'
        run: |
          sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh
          sudo chown $(id -u):$(id -g) -R ~/.docker
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY_SLUG || inputs.slug }}
          tags: |
            type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
            type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
            type=raw,gh-runid-${{ github.run_id }}
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ matrix.buildx_version }}
          buildkitd-config: /tmp/buildkitd.toml
          buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
          driver-opts: |
            image=${{ matrix.buildkit_image }}
            network=host
      -
        name: Login to Registry
        if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != ''
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
          username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }}
          password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }}
      -
        name: Build and push
        uses: ./
        with:
          context: ./test
          file: ./test/multi.Dockerfile
          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || inputs.slug }}:master
          cache-to: type=inline
      -
        name: Inspect image
        run: |
          docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
          docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
      -
        name: Check manifest
        run: |
          docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -1,105 +1,107 @@
 name: e2e
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  workflow_dispatch:
  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
  push:
    branches:
-      - master
+      - 'master'
    tags:
-      - v*
+      - 'v*'
 jobs:
-  docker:
+  build:
-    runs-on: ubuntu-latest
+    uses: ./.github/workflows/.e2e-run.yml
    strategy:
      fail-fast: false
      matrix:
        include:
          -
            name: Distribution
            id: distribution
            type: local
          -
            name: Docker Hub
            registry: ''
            slug: ghactionstest/ghactionstest
            username_secret: DOCKERHUB_USERNAME
            password_secret: DOCKERHUB_TOKEN
            type: remote
          -
            name: GitHub
            registry: ghcr.io
            slug: ghcr.io/docker-ghactiontest/test
            username_secret: GHCR_USERNAME
            password_secret: GHCR_PAT
            type: remote
          -
            name: GitLab
            registry: registry.gitlab.com
            slug: registry.gitlab.com/test1716/test
            username_secret: GITLAB_USERNAME
            password_secret: GITLAB_TOKEN
            type: remote
          -
            name: AWS ECR
            registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
            slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
            username_secret: AWS_ACCESS_KEY_ID
            password_secret: AWS_SECRET_ACCESS_KEY
            type: remote
          -
            name: AWS ECR Public
            registry: public.ecr.aws
            slug: public.ecr.aws/q3b5f1u4/test-docker-action
            username_secret: AWS_ACCESS_KEY_ID
            password_secret: AWS_SECRET_ACCESS_KEY
            type: remote
          -
            name: Google Artifact Registry
            registry: us-east4-docker.pkg.dev
            slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
            username_secret: GAR_USERNAME
            password_secret: GAR_JSON_KEY
            type: remote
          -
-            registry: gcr.io
+            name: Azure Container Registry
-            slug: gcr.io/sandbox-298914/test-docker-action
+            registry: officialgithubactions.azurecr.io
-            username_secret: GCR_USERNAME
+            slug: officialgithubactions.azurecr.io/test-docker-action
-            password_secret: GCR_JSON_KEY
+            username_secret: AZURE_CLIENT_ID
-    steps:
+            password_secret: AZURE_CLIENT_SECRET
-      -
+            type: remote
-        name: Checkout
+          -
-        uses: actions/checkout@v2
+            name: Quay
-      -
+            registry: quay.io
-        name: Docker meta
+            slug: quay.io/docker_build_team/ghactiontest
-        id: meta
+            username_secret: QUAY_USERNAME
-        uses: docker/metadata-action@v3
+            password_secret: QUAY_TOKEN
-        with:
+            type: remote
-          images: ${{ matrix.slug }}
+          -
-      -
+            name: Artifactory
-        name: Set up QEMU
+            registry: infradock.jfrog.io
-        uses: docker/setup-qemu-action@v1
+            slug: infradock.jfrog.io/test-ghaction/build-push-action
-      -
+            username_secret: ARTIFACTORY_USERNAME
-        name: Set up Docker Buildx
+            password_secret: ARTIFACTORY_TOKEN
-        uses: docker/setup-buildx-action@v1
+            type: remote
-      -
+          -
-        name: Login to Registry
+            name: Harbor
-        if: github.event_name != 'pull_request'
+            id: harbor
-        uses: docker/login-action@v1
+            type: local
-        with:
+          -
-          registry: ${{ matrix.registry }}
+            name: Nexus
-          username: ${{ secrets[matrix.username_secret] }}
+            id: nexus
-          password: ${{ secrets[matrix.password_secret] }}
+            type: local
-      -
+    with:
-        name: Build and push
+      id: ${{ matrix.id }}
-        uses: ./
+      type: ${{ matrix.type }}
-        with:
+      name: ${{ matrix.name }}
-          context: ./test
+      registry: ${{ matrix.registry }}
-          file: ./test/multi.Dockerfile
+      slug: ${{ matrix.slug }}
-          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+      username_secret: ${{ matrix.username_secret }}
-          push: ${{ github.event_name != 'pull_request' }}
+      password_secret: ${{ matrix.password_secret }}
-          tags: ${{ steps.meta.outputs.tags }}
+    secrets: inherit
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=registry,ref=${{ matrix.slug }}:master
          cache-to: type=inline
      -
        name: Inspect image
        if: github.event_name != 'pull_request'
        run: |
          docker pull ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
          docker image inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
      -
        name: Check manifest
        if: github.event_name != 'pull_request'
        run: |
          docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
--- a/.github/workflows/example.yml
+++ b/.github/workflows/example.yml
@ -1,78 +0,0 @@
 # This workflow is provided just as an usage example and not for repo testing/verification
 name: example
 on:
  schedule:
    - cron: '0 10 * * 0' # everyday sunday at 10am
  push:
    branches:
      - '**'
    tags:
      - 'v*.*.*'
  pull_request:
 env:
  DOCKER_IMAGE: localhost:5000/name/app
 jobs:
  docker:
    runs-on: ubuntu-latest
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v3
        with:
          images: ${{ env.DOCKER_IMAGE }}
          tags: |
            type=schedule
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          driver-opts: network=host
      -
        name: Build and export to Docker client
        uses: ./
        with:
          context: ./test
          file: ./test/Dockerfile
          load: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
      -
        name: Build and push to local registry
        uses: ./
        with:
          context: ./test
          file: ./test/Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
      -
        name: Inspect image
        run: |
          docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
      -
        name: Check manifest
        if: github.event_name != 'pull_request'
        run: |
          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@ -0,0 +1,17 @@
 name: pr-assign-author
 permissions:
  contents: read
 on:
  pull_request_target:
    types:
      - opened
      - reopened
 jobs:
  run:
    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -0,0 +1,21 @@
 name: publish
 on:
  release:
    types:
      - published
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Publish
        uses: actions/publish-immutable-action@v0.0.4
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,12 +1,15 @@
 name: test
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
  pull_request:
    branches:
      - 'master'
 jobs:
  test:
@ -14,19 +17,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      -
        name: Validate
        uses: docker/bake-action@v1
        with:
          targets: validate
      -
        name: Test
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v6
        with:
          source: .
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v5
        with:
-          file: ./coverage/clover.xml
+          files: ./coverage/clover.xml
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -0,0 +1,43 @@
 name: validate
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
  pull_request:
 jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.generate.outputs.targets }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: List targets
        id: generate
        uses: docker/bake-action/subaction/list-targets@v6
        with:
          target: validate
  validate:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        target: ${{ fromJson(needs.prepare.outputs.targets) }}
    steps:
      -
        name: Validate
        uses: docker/bake-action@v6
        with:
          targets: ${{ matrix.target }}
--- a/.github/workflows/virtual-env.yml
+++ b/.github/workflows/virtual-env.yml
@ -1,38 +0,0 @@
 name: virtual-env
 on:
  workflow_dispatch:
  schedule:
    - cron: '0 10 * * *' # everyday at 10am
 jobs:
  os:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - ubuntu-20.04
          - ubuntu-18.04
          - ubuntu-16.04
    steps:
      -
        name: List install packages
        run: apt list --installed
      -
        name: Docker info
        run: docker info
      -
        name: Docker version
        run: docker version
      -
        name: buildx version
        run: docker buildx version
      -
        name: containerd version
        run: containerd --version
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
--- a/.gitignore
+++ b/.gitignore
@ -1,11 +1,5 @@
-node_modules
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
 lib
 # Jetbrains
 /.idea
 /*.iml
 # Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@ -13,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 .pnpm-debug.log*
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@ -23,34 +18,14 @@ pids
 *.seed
 *.pid.lock
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 # nyc test coverage
 .nyc_output
 # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
 .grunt
 # Bower dependency directory (https://bower.io/)
 bower_components
 # node-waf configuration
 .lock-wscript
 # Compiled binary addons (https://nodejs.org/api/addons.html)
 build/Release
 # Dependency directories
 node_modules/
 jspm_packages/
 # TypeScript v1 declaration files
 typings/
 # TypeScript cache
 *.tsbuildinfo
@ -60,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache
 # Optional REPL history
 .node_repl_history
 # Output of 'npm pack'
 *.tgz
 # Yarn Integrity file
 .yarn-integrity
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
 .env.test.local
 .env.production.local
 .env.local
-# parcel-bundler cache (https://parceljs.org/)
+# yarn v2
-.cache
+.yarn/cache
-
+.yarn/unplugged
-# next.js build output
+.yarn/build-state.yml
-.next
+.yarn/install-state.gz
-
+.pnp.*
 # nuxt.js build output
 .nuxt
 # vuepress build output
 .vuepress/dist
 # Serverless directories
 .serverless/
 # FuseBox cache
 .fusebox/
 # DynamoDB Local files
 .dynamodb/
--- a/.prettierignore
+++ b/.prettierignore
@ -0,0 +1,6 @@
 # Dependency directories
 node_modules/
 jspm_packages/
 # yarn v2
 .yarn/
--- a/.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+++ b/.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@ -0,0 +1,13 @@
 logFilters:
  - code: YN0013
    level: discard
  - code: YN0019
    level: discard
  - code: YN0076
    level: discard
 nodeLinker: node-modules
 plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
    spec: "@yarnpkg/plugin-interactive-tools"
--- a/README.md
+++ b/README.md
@ -1,23 +1,15 @@
 [![GitHub release](https://img.shields.io/github/release/docker/build-push-action.svg?style=flat-square)](https://github.com/docker/build-push-action/releases/latest)
 [![GitHub marketplace](https://img.shields.io/badge/marketplace-build--and--push--docker--images-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/build-and-push-docker-images)
-[![CI workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/ci?label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
+[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
-[![Test workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
+[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)
 ## Upgrade from v1
 `v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
 also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
 of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
 [Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
 `v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
 ## About
-GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
+GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx)
-features provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-platform
+with full support of the features provided by [Moby BuildKit](https://github.com/moby/buildkit)
-build, secrets, remote cache, etc. and different builder deployment/namespacing options.
+builder toolkit. This includes multi-platform build, secrets, remote cache, etc.
 and different builder deployment/namespacing options.
 ![Screenshot](.github/build-push-action.png)
@ -26,94 +18,98 @@ ___
 * [Usage](#usage)
  * [Git context](#git-context)
  * [Path context](#path-context)
-* [Advanced usage](#advanced-usage)
+* [Examples](#examples)
-  * [Multi-platform image](docs/advanced/multi-platform.md)
+* [Summaries](#summaries)
  * [Secrets](docs/advanced/secrets.md)
  * [Isolated builders](docs/advanced/isolated-builders.md)
  * [Push to multi-registries](docs/advanced/push-multi-registries.md)
  * [Copy between registries](docs/advanced/copy-between-registries.md)  
  * [Cache](docs/advanced/cache.md)
    * [Registry cache](docs/advanced/cache.md#registry-cache)
    * [GitHub cache](docs/advanced/cache.md#github-cache)
  * [Local registry](docs/advanced/local-registry.md)
  * [Export image to Docker](docs/advanced/export-docker.md)
  * [Share built image between jobs](docs/advanced/share-image-jobs.md)
  * [Handle tags and labels](docs/advanced/tags-labels.md)
  * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
  * [environment variables](#environment-variables)
 * [Troubleshooting](#troubleshooting)
-* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
+* [Contributing](#contributing)
 ## Usage
-By default, this action uses the [Git context](#git-context) so you don't need to use the
+In the examples below we are also using 3 other actions:
 [`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
 done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
 and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
-Be careful because **any file mutation in the steps that precede the build step will be ignored** since
+* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will
-the context is based on the git reference. However, you can use the [Path context](#path-context) using the
+  create and boot a builder using by default the [`docker-container` driver](https://docs.docker.com/build/building/drivers/docker-container/).
-[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+  This is **not required but recommended** using it to be able to build
-this restriction.
+  multi-platform images, export cache, etc.
-
+* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be
-In the examples below we are using 3 other actions:
+  useful if you want to add emulation support with QEMU to be able to build
-
+  against more platforms. 
-* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by 
+* [`login`](https://github.com/docker/login-action) action will take care to
-default the `docker-container` [builder driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
+  log in against a Docker registry.
 This is **not required but recommended** using it to be able to build multi-platform images, export cache, etc.
 * [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be useful if you want
 to add emulation support with QEMU to be able to build against more platforms. 
 * [`login`](https://github.com/docker/login-action) action will take care to log in against a Docker registry.
 ### Git context
 By default, this action uses the [Git context](https://docs.docker.com/engine/reference/commandline/build/#git-repositories),
 so you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
 action to check out the repository as this will be done directly by [BuildKit](https://github.com/moby/buildkit).
 The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
 and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
-        name: Set up QEMU
+        name: Login to Docker Hub
-        uses: docker/setup-qemu-action@v1
+        uses: docker/login-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build and push
-        id: docker_build
+        uses: docker/build-push-action@v6
        uses: docker/build-push-action@v2
        with:
          push: true
          tags: user/app:latest
      -
        name: Image digest
        run: echo ${{ steps.docker_build.outputs.digest }}
 ```
-Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+Be careful because **any file mutation in the steps that precede the build step
-so it does not need to be passed. If you want to authenticate against another private repository, you have to use
+will be ignored, including processing of the `.dockerignore` file** since
-a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+the context is based on the Git reference. However, you can use the
 [Path context](#path-context) using the [`context` input](#inputs) alongside
 the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
 this restriction.
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
 to the default Git context:
 ```yaml
      -
        name: Build and push
-        id: docker_build
+        uses: docker/build-push-action@v6
-        uses: docker/build-push-action@v2
+        with:
          context: "{{defaultContext}}:mysubdir"
          push: true
          tags: user/app:latest
 ```
 Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
 so it does not need to be passed. If you want to authenticate against another
 private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
 named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:
 ```yaml
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          push: true
          tags: user/app:latest
@ -121,9 +117,6 @@ a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authen
            GIT_AUTH_TOKEN=${{ secrets.MYTOKEN }}
 ```
 > :warning: Subdir for Git context is not yet supported ([moby/buildkit#1684](https://github.com/moby/buildkit/issues/1684))
 > but you can use the [path context](#path-context) in the meantime. More info on [Docker docs website](https://docs.docker.com/engine/reference/commandline/build/#git-repositories).
 ### Path context
 ```yaml
@ -131,8 +124,6 @@ name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
@ -140,49 +131,85 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      -
-        name: Set up QEMU
+        name: Login to Docker Hub
-        uses: docker/setup-qemu-action@v1
+        uses: docker/login-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: user/app:latest
 ```
-## Advanced usage
+## Examples
-* [Multi-platform image](docs/advanced/multi-platform.md)
+* [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)
-* [Secrets](docs/advanced/secrets.md)
+* [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)
-* [Isolated builders](docs/advanced/isolated-builders.md)
+* [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
-* [Push to multi-registries](docs/advanced/push-multi-registries.md)
+* [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
-* [Copy between registries](docs/advanced/copy-between-registries.md)
+* [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
-* [Cache](docs/advanced/cache.md)
+* [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
-  * [Registry cache](docs/advanced/cache.md#registry-cache)
+* [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
-  * [GitHub cache](docs/advanced/cache.md#github-cache)
+* [Validating build configuration](https://docs.docker.com/build/ci/github-actions/checks/)
-* [Local registry](docs/advanced/local-registry.md)
+* [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
-* [Export image to Docker](docs/advanced/export-docker.md)
+* [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
-* [Share built image between jobs](docs/advanced/share-image-jobs.md)
+* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
-* [Handle tags and labels](docs/advanced/tags-labels.md)
+* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
-* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
+* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
 * [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
 * [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
 * [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
 ## Summaries
 This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
 that provides a detailed overview of the build execution. The summary shows an
 overview of all the steps executed during the build, including the build inputs
 and eventual errors.
 ![build-push-action job summary](./.github/build-push-summary.png)
 The summary also includes a link for downloading the build record with
 additional details about the build, including build stats, logs, outputs, and
 more. The build record can be imported to Docker Desktop for inspecting the
 build in greater detail.
 > [!WARNING]
 >
 > If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
 > action in your workflow, you need to ignore the build record artifacts
 > if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
 > otherwise the action will fail:
 > ```yaml
 > - uses: actions/download-artifact@v4
 >   with:
 >     pattern: "!*.dockerbuild"
 > ```
 > More info: https://github.com/actions/toolkit/pull/1874
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 For more information about summaries, refer to the
 [documentation](https://docs.docker.com/go/build-summary/).
 ## Customizing
 ### inputs
-Following inputs can be used as `step.with` keys
+The following inputs can be used as `step.with` keys:
 > `List` type is a newline-delimited string
 > ```yaml
@ -196,53 +223,67 @@ Following inputs can be used as `step.with` keys
 > tags: name/app:latest,name/app:1.0.0
 > ```
-| Name                | Type     | Description                        |
+| Name               | Type        | Description                                                                                                                                                                       |
-|---------------------|----------|------------------------------------|
+|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `allow`             | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) |
+| `add-hosts`        | List/CSV    | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`)      |
-| `builder`           | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
+| `allow`            | List/CSV    | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`)                         |
-| `build-args`        | List     | List of build-time variables |
+| `annotations`      | List        | List of annotation to set to the image                                                                                                                                            |
-| `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) |
+| `attests`          | List        | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`)                                                                 | 
-| `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) |
+| `builder`          | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                                       |
-| `context`           | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
+| `build-args`       | List        | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg)                                                                      |
-| `file`              | String   | Path to the Dockerfile. (default `{context}/Dockerfile`) |
+| `build-contexts`   | List        | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`)                                         |
-| `labels`            | List     | List of metadata for an image |
+| `cache-from`       | List        | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`)                              |
-| `load`              | Bool     | [Load](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#load) is a shorthand for `--output=type=docker` (default `false`) |
+| `cache-to`         | List        | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`)                            |
-| `network`           | String   | Set the networking mode for the `RUN` instructions during build |
+| `call`             | String      | Set [method for evaluating build](https://docs.docker.com/reference/cli/docker/buildx/build/#call) (e.g., `check`)                                                                |
-| `no-cache`          | Bool     | Do not use cache when building the image (default `false`) |
+| `cgroup-parent`    | String      | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build              |
-| `outputs`           | List     | List of [output destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#output) (format: `type=local,dest=path`) |
+| `context`          | String      | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
-| `platforms`         | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build |
+| `file`             | String      | Path to the Dockerfile. (default `{context}/Dockerfile`)                                                                                                                          |
-| `pull`              | Bool     | Always attempt to pull a newer version of the image (default `false`) |
+| `labels`           | List        | List of metadata for an image                                                                                                                                                     |
-| `push`              | Bool     | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) |
+| `load`             | Bool        | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`)                                       |
-| `secrets`           | List     | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
+| `network`          | String      | Set the networking mode for the `RUN` instructions during build                                                                                                                   |
-| `secret-files`      | List     | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) |
+| `no-cache`         | Bool        | Do not use cache when building the image (default `false`)                                                                                                                        |
-| `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
+| `no-cache-filters` | List/CSV    | Do not cache specified stages                                                                                                                                                     |
-| `tags`              | List/CSV | List of tags |
+| `outputs`          | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         |
-| `target`            | String   | Sets the target stage to build |
+| `platforms`        | List/CSV    | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build                                                                 |
 | `provenance`       | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`)                           |
 | `pull`             | Bool        | Always attempt to pull all referenced images (default `false`)                                                                                                                    |
 | `push`             | Bool        | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`)                                     |
 | `sbom`             | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`)                                                  |
 | `secrets`          | List        | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`)                |
 | `secret-envs`      | List/CSV    | List of [secret env vars](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=envname`, `MY_SECRET=MY_ENV_VAR`)         |
 | `secret-files`     | List        | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`)         |
 | `shm-size`         | String      | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`)                                                                    |
 | `ssh`              | List        | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build                                                 |
 | `tags`             | List/CSV    | List of tags                                                                                                                                                                      |
 | `target`           | String      | Sets the target stage to build                                                                                                                                                    |
 | `ulimit`           | List        | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`)                                                            |
 | `github-token`     | String      | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                            |
 ### outputs
-Following outputs are available
+The following outputs are available:
-| Name          | Type    | Description                           |
+| Name       | Type    | Description           |
-|---------------|---------|---------------------------------------|
+|------------|---------|-----------------------|
-| `digest`      | String  | Image content-addressable identifier also called a digest |
+| `imageid`  | String  | Image ID              |
 | `digest`   | String  | Image digest          |
 | `metadata` | JSON    | Build result metadata |
 ### environment variables
 | Name                                 | Type   | Default | Description                                                                                                                                                                                                                                                        |
 |--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `DOCKER_BUILD_CHECKS_ANNOTATIONS`    | Bool   | `true`  | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/)                                                                                                                                                         |
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
 | `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |
 ## Troubleshooting
 See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)
-## Keep up-to-date with GitHub Dependabot
+## Contributing
-Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
+Want to contribute? Awesome! You can find information about contributing to
-has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
+this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
 to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
 ```yaml
 version: 2
 updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
 ```
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@ -3,6 +3,7 @@
 * [Cannot push to a registry](#cannot-push-to-a-registry)
  * [BuildKit container logs](#buildkit-container-logs)
  * [With containerd](#with-containerd)
 * [`repository name must be lowercase`](#repository-name-must-be-lowercase)
 ## Cannot push to a registry
@ -14,9 +15,11 @@ While pushing to a registry, you may encounter these kinds of issues:
 * `failed commit on ref "manifest-sha256:...": unexpected status: 401 Unauthorized`
 * `unexpected response: 401 Unauthorized`
-These issues are not directly related to this action but are rather linked to [buildx](https://github.com/docker/buildx),
+These issues are not directly related to this action but are rather linked to
-[buildkit](https://github.com/moby/buildkit), [containerd](https://github.com/containerd/containerd) or the registry
+[Buildx](https://github.com/docker/buildx), [BuildKit](https://github.com/moby/buildkit),
-on which you're pushing your image. The quality of error message depends on the registry and are usually not very informative.
+[containerd](https://github.com/containerd/containerd) or the registry on which
 you're pushing your image. The quality of error message depends on the registry
 and are usually not very informative.
 ### BuildKit container logs
@ -25,8 +28,9 @@ action step and attach BuildKit container logs to your issue.
 ### With containerd
-Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd) using the
+Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd)
-following workflow. If it works then open an issue on [buildkit](https://github.com/moby/buildkit) repository.
+using the following workflow. If it works then open an issue on [BuildKit](https://github.com/moby/buildkit)
 repository.
 ```yaml
 name: containerd
@ -40,21 +44,21 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
        with:
          buildkitd-flags: --debug
      -
        name: Set up containerd
-        uses: crazy-max/ghaction-setup-containerd@v1
+        uses: crazy-max/ghaction-setup-containerd@v2
      -
        name: Build Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
@ -69,3 +73,65 @@ jobs:
        run: |
          sudo ctr --debug i push --user "${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}" docker.io/user/app:latest
 ```
 ## `repository name must be lowercase`
 You may encounter this issue if you're using `github.repository` as a repo slug
 in your tag:
 ```
 #6 exporting to image
 #6 exporting layers
 #6 exporting layers 1.2s done
 #6 exporting manifest sha256:b47f7dfb97b89ccd5de553af3c8cd94c4795884cbe5693e93946b1d95a7b1d12 0.0s done
 #6 exporting config sha256:995e93fab8196893192f08a38deea6769dc4d98f86cf705eccc24ec96a3e271c 0.0s done
 #6 ERROR: invalid reference format: repository name must be lowercase
 ------
 > exporting to image:
 ------
 error: failed to solve: invalid reference format: repository name must be lowercase
 ```
 or a cache reference:
 ```
 #10 importing cache manifest from ghcr.io/My-Org/repo:main
 #10 ERROR: invalid reference format: repository name must be lowercase
 ```
 To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
 to generate sanitized tags:
 ```yaml
 - name: Docker meta
  id: meta
  uses: docker/metadata-action@v4
  with:
    images: ghcr.io/${{ github.repository }}
    tags: latest
 - name: Build and push
  uses: docker/build-push-action@v6
  with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
 ```
 Or a dedicated step to sanitize the slug:
 ```yaml
 - name: Sanitize repo slug
  uses: actions/github-script@v6
  id: repo_slug
  with:
    result-encoding: string
    script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
 - name: Build and push
  uses: docker/build-push-action@v6
  with:
    context: .
    push: true
    tags: ${{ steps.repo_slug.outputs.result }}:latest
 ```
--- a/UPGRADE.md
+++ b/UPGRADE.md
@ -1,147 +0,0 @@
 # Upgrade notes
 ## v1 to v2
 * Input `path` is now called `context` for consistency with other Docker build tools
 * `path` defaults to current git repository so checkout action is not required in a workflow
 * Rename `dockerfile` input to `file` for consistency with other Docker build tools
 * Rename `always_pull` input to `pull` for consistency with other Docker build tools
 * Add `builder` input to be able to choose a builder instance through our [setup-buildx action](https://github.com/docker/setup-buildx-action)
 * Add `platforms` input to support multi-platform builds
 * Add `allow` input
 * Add `load` input
 * Add `outputs` input
 * Add `cache-from` input (`cache_froms` removed)
 * Add `cache-to` input
 * Rename `build_args` input to `build-args` for consistency with other Docker build tools
 * Add `secrets` input
 * Review `tags` input
 * Remove `repository` input. See [Simple workflow](#simple-workflow) for migration
 * Remove `username`, `password` and `registry` inputs. Login support moved to [docker/login-action](https://github.com/docker/login-action) repo
 * Remove `tag_with_sha`, `tag_with_ref`, `add_git_labels` inputs. See [Tags with ref and Git labels](#tags-with-ref-and-git-labels) for migration
 * Handle Git context
 * Add `digest` output
 ### Simple workflow
 ```yaml
 # v1
 steps:
  -
    name: Checkout code
    uses: actions/checkout@v2
  -
    name: Build and push Docker images
    uses: docker/build-push-action@v1
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
      repository: myorg/myrepository
      always_pull: true
      build_args: arg1=value1,arg2=value2
      cache_froms: myorg/myrepository:latest
      tags: latest
 ```
 ```yaml
 # v2
 steps:
  -
    name: Checkout code
    uses: actions/checkout@v2
  -
    name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v1
  -
    name: Login to DockerHub
    uses: docker/login-action@v1
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
  -
    name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      pull: true
      push: true
      build-args: |
        arg1=value1
        arg2=value2
      cache-from: type=registry,ref=myorg/myrepository:latest
      cache-to: type=inline
      tags: myorg/myrepository:latest
 ```
 ### Tags with ref and Git labels
 ```yaml
 # v1
 steps:
  -
    name: Checkout code
    uses: actions/checkout@v2
  -
    name: Build and push Docker images
    uses: docker/build-push-action@v1
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
      repository: myorg/myrepository
      push: ${{ github.event_name != 'pull_request' }}
      tag_with_ref: true
      tag_with_sha: true
      add_git_labels: true
 ```
 ```yaml
 # v2
 steps:
  -
    name: Checkout
    uses: actions/checkout@v2
  -
    name: Prepare
    id: prep
    run: |
      DOCKER_IMAGE=myorg/myrepository
      VERSION=edge
      if [[ $GITHUB_REF == refs/tags/* ]]; then
        VERSION=${GITHUB_REF#refs/tags/}
      elif [[ $GITHUB_REF == refs/heads/* ]]; then
        VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
      elif [[ $GITHUB_REF == refs/pull/* ]]; then
        VERSION=pr-${{ github.event.number }}
      fi
      TAGS="${DOCKER_IMAGE}:${VERSION}"
      if [ "${{ github.event_name }}" = "push" ]; then
        TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
      fi
      echo ::set-output name=version::${VERSION}
      echo ::set-output name=tags::${TAGS}
      echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
  -
    name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v1
  -
    name: Login to DockerHub
    if: github.event_name != 'pull_request'
    uses: docker/login-action@v1 
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
  -
    name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      push: ${{ github.event_name != 'pull_request' }}
      tags: ${{ steps.prep.outputs.tags }}
      labels: |
        org.opencontainers.image.source=${{ github.event.repository.html_url }}
        org.opencontainers.image.created=${{ steps.prep.outputs.created }}
        org.opencontainers.image.revision=${{ github.sha }}
 ```
 > You can also use the [Docker meta action to handle tags and labels](docs/advanced/tags-labels.md) based on GitHub
 > actions events and Git metadata.
--- a/mocks/@actions/github.ts
+++ b/mocks/@actions/github.ts
@ -0,0 +1,207 @@
 import {jest} from '@jest/globals';
 export const context = {
  repo: {
    owner: 'docker',
    repo: 'build-push-action'
  },
  ref: 'refs/heads/master',
  runId: 123456789,
  payload: {
    after: '860c1904a1ce19322e91ac35af1ab07466440c37',
    base_ref: null,
    before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
    commits: [
      {
        author: {
          email: 'crazy-max@users.noreply.github.com',
          name: 'CrazyMax',
          username: 'crazy-max'
        },
        committer: {
          email: 'crazy-max@users.noreply.github.com',
          name: 'CrazyMax',
          username: 'crazy-max'
        },
        distinct: true,
        id: '860c1904a1ce19322e91ac35af1ab07466440c37',
        message: 'hello dev',
        timestamp: '2022-04-19T11:27:24+02:00',
        tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
        url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
      }
    ],
    compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
    created: false,
    deleted: false,
    forced: false,
    head_commit: {
      author: {
        email: 'crazy-max@users.noreply.github.com',
        name: 'CrazyMax',
        username: 'crazy-max'
      },
      committer: {
        email: 'crazy-max@users.noreply.github.com',
        name: 'CrazyMax',
        username: 'crazy-max'
      },
      distinct: true,
      id: '860c1904a1ce19322e91ac35af1ab07466440c37',
      message: 'hello dev',
      timestamp: '2022-04-19T11:27:24+02:00',
      tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
      url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
    },
    organization: {
      avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
      description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
      events_url: 'https://api.github.com/orgs/docker/events',
      hooks_url: 'https://api.github.com/orgs/docker/hooks',
      id: 5429470,
      issues_url: 'https://api.github.com/orgs/docker/issues',
      login: 'docker',
      members_url: 'https://api.github.com/orgs/docker/members{/member}',
      node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
      public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
      repos_url: 'https://api.github.com/orgs/docker/repos',
      url: 'https://api.github.com/orgs/docker'
    },
    pusher: {
      email: 'github@crazymax.dev',
      name: 'crazy-max'
    },
    ref: 'refs/heads/dev',
    repository: {
      allow_forking: true,
      archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
      archived: false,
      assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
      blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
      branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
      clone_url: 'https://github.com/docker/test-docker-action.git',
      collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
      comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
      commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
      compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
      contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
      contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
      created_at: 1596792180,
      default_branch: 'master',
      deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
      description: 'Test "Docker" Actions',
      disabled: false,
      downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
      events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
      fork: false,
      forks: 1,
      forks_count: 1,
      forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
      full_name: 'docker/test-docker-action',
      git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
      git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
      git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
      git_url: 'git://github.com/docker/test-docker-action.git',
      has_downloads: true,
      has_issues: true,
      has_pages: false,
      has_projects: true,
      has_wiki: true,
      homepage: '',
      hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
      html_url: 'https://github.com/docker/test-docker-action',
      id: 285789493,
      is_template: false,
      issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
      issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
      issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
      keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
      labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
      language: 'JavaScript',
      languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
      license: {
        key: 'mit',
        name: 'MIT License',
        node_id: 'MDc6TGljZW5zZTEz',
        spdx_id: 'MIT',
        url: 'https://api.github.com/licenses/mit'
      },
      master_branch: 'master',
      merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
      milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
      mirror_url: null,
      name: 'test-docker-action',
      node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
      notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
      open_issues: 6,
      open_issues_count: 6,
      organization: 'docker',
      owner: {
        avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
        email: 'info@docker.com',
        events_url: 'https://api.github.com/users/docker/events{/privacy}',
        followers_url: 'https://api.github.com/users/docker/followers',
        following_url: 'https://api.github.com/users/docker/following{/other_user}',
        gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
        gravatar_id: '',
        html_url: 'https://github.com/docker',
        id: 5429470,
        login: 'docker',
        name: 'docker',
        node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
        organizations_url: 'https://api.github.com/users/docker/orgs',
        received_events_url: 'https://api.github.com/users/docker/received_events',
        repos_url: 'https://api.github.com/users/docker/repos',
        site_admin: false,
        starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
        subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
        type: 'Organization',
        url: 'https://api.github.com/users/docker'
      },
      private: true,
      pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
      pushed_at: 1650360446,
      releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
      size: 796,
      ssh_url: 'git@github.com:docker/test-docker-action.git',
      stargazers: 0,
      stargazers_count: 0,
      stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
      statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
      subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
      subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
      svn_url: 'https://github.com/docker/test-docker-action',
      tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
      teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
      topics: [],
      trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
      updated_at: '2022-04-19T09:05:09Z',
      url: 'https://github.com/docker/test-docker-action',
      visibility: 'private',
      watchers: 0,
      watchers_count: 0
    },
    sender: {
      avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
      events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
      followers_url: 'https://api.github.com/users/crazy-max/followers',
      following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
      gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
      gravatar_id: '',
      html_url: 'https://github.com/crazy-max',
      id: 1951866,
      login: 'crazy-max',
      node_id: 'MDQ6VXNlcjE5NTE4NjY=',
      organizations_url: 'https://api.github.com/users/crazy-max/orgs',
      received_events_url: 'https://api.github.com/users/crazy-max/received_events',
      repos_url: 'https://api.github.com/users/crazy-max/repos',
      site_admin: false,
      starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
      subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
      type: 'User',
      url: 'https://api.github.com/users/crazy-max'
    }
  }
 };
 export const getOctokit = jest.fn();
--- a/tests/buildx.test.ts
+++ b/tests/buildx.test.ts
@ -1,176 +0,0 @@
 import * as fs from 'fs';
 import * as path from 'path';
 import * as semver from 'semver';
 import * as exec from '@actions/exec';
 import * as buildx from '../src/buildx';
 import * as context from '../src/context';
 const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
 const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
 jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
  const tmpDir = path.join('/tmp/.docker-build-push-jest').split(path.sep).join(path.posix.sep);
  if (!fs.existsSync(tmpDir)) {
    fs.mkdirSync(tmpDir, {recursive: true});
  }
  return tmpDir;
 });
 jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
  return tmpNameSync;
 });
 describe('getImageID', () => {
  it('matches', async () => {
    const imageIDFile = await buildx.getImageIDFile();
    console.log(`imageIDFile: ${imageIDFile}`);
    await fs.writeFileSync(imageIDFile, digest);
    const imageID = await buildx.getImageID();
    console.log(`imageID: ${imageID}`);
    expect(imageID).toEqual(digest);
  });
 });
 describe('isLocalOrTarExporter', () => {
  // prettier-ignore
  test.each([
    [
      [
        'type=registry,ref=user/app',
      ],
      false
    ],
    [
      [
        'type=docker',
      ],
      false
    ],
    [
      [
        'type=local,dest=./release-out'
      ],
      true
    ],
    [
      [
        'type=tar,dest=/tmp/image.tar'
      ],
      true
    ],
    [
      [
        'type=docker',
        'type=tar,dest=/tmp/image.tar'
      ],
      true
    ],
    [
      [
        '"type=tar","dest=/tmp/image.tar"'
      ],
      true
    ],
    [
      [
        '" type= local" , dest=./release-out'
      ],
      true
    ],
    [
      [
        '.'
      ],
      true
    ],
  ])(
    'given %p returns %p',
    async (outputs: Array<string>, expected: boolean) => {
      expect(buildx.isLocalOrTarExporter(outputs)).toEqual(expected);
    }
  );
 });
 describe('isAvailable', () => {
  const execSpy: jest.SpyInstance = jest.spyOn(exec, 'getExecOutput');
  buildx.isAvailable();
  expect(execSpy).toHaveBeenCalledWith(`docker`, ['buildx'], {
    silent: true,
    ignoreReturnCode: true
  });
 });
 describe('getVersion', () => {
  async function isDaemonRunning() {
    return await exec
      .getExecOutput(`docker`, ['version', '--format', '{{.Server.Os}}'], {
        ignoreReturnCode: true,
        silent: true
      })
      .then(res => {
        return !res.stdout.includes(' ') && res.exitCode == 0;
      });
  }
  (isDaemonRunning() ? it : it.skip)(
    'valid',
    async () => {
      const version = await buildx.getVersion();
      console.log(`version: ${version}`);
      expect(semver.valid(version)).not.toBeNull();
    },
    100000
  );
 });
 describe('parseVersion', () => {
  test.each([
    ['github.com/docker/buildx 0.4.1+azure bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
    ['github.com/docker/buildx v0.4.1 bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
    ['github.com/docker/buildx v0.4.2 fb7b670b764764dc4716df3eba07ffdae4cc47b2', '0.4.2'],
    ['github.com/docker/buildx f117971 f11797113e5a9b86bd976329c5dbb8a8bfdfadfa', 'f117971']
  ])('given %p', async (stdout, expected) => {
    expect(buildx.parseVersion(stdout)).toEqual(expected);
  });
 });
 describe('satisfies', () => {
  test.each([
    ['0.4.1', '>=0.3.2', true],
    ['bda4882a65349ca359216b135896bddc1d92461c', '>0.1.0', false],
    ['f117971', '>0.6.0', true]
  ])('given %p', async (version, range, expected) => {
    expect(buildx.satisfies(version, range)).toBe(expected);
  });
 });
 describe('getSecret', () => {
  test.each([
    ['A_SECRET=abcdef0123456789', false, 'A_SECRET', 'abcdef0123456789', false],
    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', false, 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', false, 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
    ['aaaaaaaa', false, '', '', true],
    ['aaaaaaaa=', false, '', '', true],
    ['=bbbbbbb', false, '', '', true],
    [`foo=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`, true, 'foo', 'bar', false],
    [`notfound=secret`, true, '', '', true]
  ])('given %p key and %p secret', async (kvp, file, exKey, exValue, invalid) => {
    try {
      let secret: string;
      if (file) {
        secret = await buildx.getSecretFile(kvp);
      } else {
        secret = await buildx.getSecretString(kvp);
      }
      expect(true).toBe(!invalid);
      console.log(`secret: ${secret}`);
      expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
      const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
      console.log(`secretValue: ${secretValue}`);
      expect(secretValue).toEqual(exValue);
    } catch (err) {
      expect(true).toBe(invalid);
    }
  });
 });
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
--- a/tests/fixtures/github-repo.json
+++ b/tests/fixtures/github-repo.json
@ -0,0 +1,362 @@
 {
  "id": 1296269,
  "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
  "name": "Hello-World",
  "full_name": "octocat/Hello-World",
  "owner": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  },
  "private": false,
  "html_url": "https://github.com/octocat/Hello-World",
  "description": "This your first repo!",
  "fork": false,
  "url": "https://api.github.com/repos/octocat/Hello-World",
  "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
  "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
  "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
  "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
  "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
  "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
  "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
  "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
  "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
  "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
  "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
  "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
  "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
  "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
  "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
  "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
  "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
  "git_url": "git:github.com/octocat/Hello-World.git",
  "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
  "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
  "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
  "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
  "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
  "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
  "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
  "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
  "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
  "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
  "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
  "ssh_url": "git@github.com:octocat/Hello-World.git",
  "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
  "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
  "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
  "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
  "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
  "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
  "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
  "clone_url": "https://github.com/octocat/Hello-World.git",
  "mirror_url": "git:git.example.com/octocat/Hello-World",
  "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
  "svn_url": "https://svn.github.com/octocat/Hello-World",
  "homepage": "https://github.com",
  "language": null,
  "forks_count": 9,
  "stargazers_count": 80,
  "watchers_count": 80,
  "size": 108,
  "default_branch": "master",
  "open_issues_count": 0,
  "is_template": true,
  "topics": [
    "octocat",
    "atom",
    "electron",
    "api"
  ],
  "has_issues": true,
  "has_projects": true,
  "has_wiki": true,
  "has_pages": false,
  "has_downloads": true,
  "archived": false,
  "disabled": false,
  "visibility": "public",
  "pushed_at": "2011-01-26T19:06:43Z",
  "created_at": "2011-01-26T19:01:12Z",
  "updated_at": "2011-01-26T19:14:43Z",
  "permissions": {
    "pull": true,
    "triage": true,
    "push": false,
    "maintain": false,
    "admin": false
  },
  "allow_rebase_merge": true,
  "template_repository": null,
  "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
  "allow_squash_merge": true,
  "delete_branch_on_merge": true,
  "allow_merge_commit": true,
  "subscribers_count": 42,
  "network_count": 0,
  "license": {
    "key": "mit",
    "name": "MIT License",
    "spdx_id": "MIT",
    "url": "https://api.github.com/licenses/mit",
    "node_id": "MDc6TGljZW5zZW1pdA=="
  },
  "organization": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "Organization",
    "site_admin": false
  },
  "parent": {
    "id": 1296269,
    "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
    "name": "Hello-World",
    "full_name": "octocat/Hello-World",
    "owner": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "private": false,
    "html_url": "https://github.com/octocat/Hello-World",
    "description": "This your first repo!",
    "fork": false,
    "url": "https://api.github.com/repos/octocat/Hello-World",
    "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
    "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
    "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
    "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
    "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
    "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
    "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
    "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
    "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
    "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
    "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
    "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
    "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
    "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
    "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
    "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
    "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
    "git_url": "git:github.com/octocat/Hello-World.git",
    "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
    "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
    "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
    "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
    "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
    "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
    "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
    "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
    "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
    "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
    "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
    "ssh_url": "git@github.com:octocat/Hello-World.git",
    "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
    "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
    "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
    "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
    "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
    "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
    "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
    "clone_url": "https://github.com/octocat/Hello-World.git",
    "mirror_url": "git:git.example.com/octocat/Hello-World",
    "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
    "svn_url": "https://svn.github.com/octocat/Hello-World",
    "homepage": "https://github.com",
    "language": null,
    "forks_count": 9,
    "stargazers_count": 80,
    "watchers_count": 80,
    "size": 108,
    "default_branch": "master",
    "open_issues_count": 0,
    "is_template": true,
    "topics": [
      "octocat",
      "atom",
      "electron",
      "api"
    ],
    "has_issues": true,
    "has_projects": true,
    "has_wiki": true,
    "has_pages": false,
    "has_downloads": true,
    "archived": false,
    "disabled": false,
    "visibility": "public",
    "pushed_at": "2011-01-26T19:06:43Z",
    "created_at": "2011-01-26T19:01:12Z",
    "updated_at": "2011-01-26T19:14:43Z",
    "permissions": {
      "admin": false,
      "push": false,
      "pull": true
    },
    "allow_rebase_merge": true,
    "template_repository": null,
    "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
    "allow_squash_merge": true,
    "delete_branch_on_merge": true,
    "allow_merge_commit": true,
    "subscribers_count": 42,
    "network_count": 0
  },
  "source": {
    "id": 1296269,
    "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
    "name": "Hello-World",
    "full_name": "octocat/Hello-World",
    "owner": {
      "login": "octocat",
      "id": 1,
      "node_id": "MDQ6VXNlcjE=",
      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
      "gravatar_id": "",
      "url": "https://api.github.com/users/octocat",
      "html_url": "https://github.com/octocat",
      "followers_url": "https://api.github.com/users/octocat/followers",
      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
      "organizations_url": "https://api.github.com/users/octocat/orgs",
      "repos_url": "https://api.github.com/users/octocat/repos",
      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
      "received_events_url": "https://api.github.com/users/octocat/received_events",
      "type": "User",
      "site_admin": false
    },
    "private": false,
    "html_url": "https://github.com/octocat/Hello-World",
    "description": "This your first repo!",
    "fork": false,
    "url": "https://api.github.com/repos/octocat/Hello-World",
    "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
    "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
    "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
    "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
    "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
    "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
    "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
    "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
    "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
    "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
    "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
    "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
    "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
    "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
    "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
    "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
    "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
    "git_url": "git:github.com/octocat/Hello-World.git",
    "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
    "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
    "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
    "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
    "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
    "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
    "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
    "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
    "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
    "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
    "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
    "ssh_url": "git@github.com:octocat/Hello-World.git",
    "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
    "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
    "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
    "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
    "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
    "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
    "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
    "clone_url": "https://github.com/octocat/Hello-World.git",
    "mirror_url": "git:git.example.com/octocat/Hello-World",
    "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
    "svn_url": "https://svn.github.com/octocat/Hello-World",
    "homepage": "https://github.com",
    "language": null,
    "forks_count": 9,
    "stargazers_count": 80,
    "watchers_count": 80,
    "size": 108,
    "default_branch": "master",
    "open_issues_count": 0,
    "is_template": true,
    "topics": [
      "octocat",
      "atom",
      "electron",
      "api"
    ],
    "has_issues": true,
    "has_projects": true,
    "has_wiki": true,
    "has_pages": false,
    "has_downloads": true,
    "archived": false,
    "disabled": false,
    "visibility": "public",
    "pushed_at": "2011-01-26T19:06:43Z",
    "created_at": "2011-01-26T19:01:12Z",
    "updated_at": "2011-01-26T19:14:43Z",
    "permissions": {
      "admin": false,
      "push": false,
      "pull": true
    },
    "allow_rebase_merge": true,
    "template_repository": null,
    "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
    "allow_squash_merge": true,
    "delete_branch_on_merge": true,
    "allow_merge_commit": true,
    "subscribers_count": 42,
    "network_count": 0
  }
 }
--- a/action.yml
+++ b/action.yml
@ -7,20 +7,38 @@ branding:
  color: 'blue'
 inputs:
  add-hosts:
    description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
    required: false
  allow:
-    description: "List of extra privileged entitlement (eg. network.host,security.insecure)"
+    description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
    required: false
  annotations:
    description: "List of annotation to set to the image"
    required: false
  attests:
    description: "List of attestation parameters (e.g., type=sbom,generator=image)"
    required: false
  build-args:
    description: "List of build-time variables"
    required: false
  build-contexts:
    description: "List of additional build contexts (e.g., name=path)"
    required: false
  builder:
    description: "Builder instance"
    required: false
  cache-from:
-    description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)"
+    description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
    required: false
  cache-to:
-    description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
+    description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
    required: false
  call:
    description: "Set method for evaluating build (e.g., check)"
    required: false
  cgroup-parent:
    description: "Optional parent cgroup for the container used in the build"
    required: false
  context:
    description: "Build's context is the set of files located in the specified PATH or URL"
@ -42,25 +60,40 @@ inputs:
    description: "Do not use cache when building the image"
    required: false
    default: 'false'
  no-cache-filters:
    description: "Do not cache specified stages"
    required: false
  outputs:
    description: "List of output destinations (format: type=local,dest=path)"
    required: false
  platforms:
    description: "List of target platforms for build"
    required: false
  provenance:
    description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
    required: false
  pull:
-    description: "Always attempt to pull a newer version of the image"
+    description: "Always attempt to pull all referenced images"
    required: false
    default: 'false'
  push:
    description: "Push is a shorthand for --output=type=registry"
    required: false
    default: 'false'
  sbom:
    description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
    required: false
  secrets:
-    description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)"
+    description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
    required: false
  secret-envs:
    description: "List of secret env vars to expose to the build (e.g., key=envname, MY_SECRET=MY_ENV_VAR)"
    required: false
  secret-files:
-    description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)"
+    description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
    required: false
  shm-size:
    description: "Size of /dev/shm (e.g., 2g)"
    required: false
  ssh:
    description: "List of SSH agent socket or keys to expose to the build"
@ -71,16 +104,23 @@ inputs:
  target:
    description: "Sets the target stage to build"
    required: false
  ulimit:
    description: "Ulimit options (e.g., nofile=1024:1024)"
    required: false
  github-token:
    description: "GitHub Token used to authenticate against a repository for Git context"
    default: ${{ github.token }}
    required: false
 outputs:
  imageid:
    description: 'Image ID'
  digest:
-    description: 'Image content-addressable identifier also called a digest'
+    description: 'Image digest'
  metadata:
    description: 'Build result metadata'
 runs:
-  using: 'node12'
+  using: 'node20'
  main: 'dist/index.js'
  post: 'dist/index.js'
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@ -0,0 +1,80 @@
 # syntax=docker/dockerfile:1
 ARG NODE_VERSION=20
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache <<EOT
  corepack enable
  yarn --version
  yarn config set --home enableTelemetry 0
 EOT
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /vendor && cp yarn.lock /vendor
 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
 FROM deps AS vendor-validate
 RUN --mount=type=bind,target=.,rw <<EOT
  set -e
  git add -A
  cp -rf /vendor/* .
  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
    git status --porcelain -- yarn.lock
    exit 1
  fi
 EOT
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/
 FROM scratch AS build-update
 COPY --from=build /out /
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw <<EOT
  set -e
  git add -A
  cp -rf /out/* .
  if [ -n "$(git status --porcelain -- dist)" ]; then
    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
    git status --porcelain -- dist
    exit 1
  fi
 EOT
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 FROM scratch AS format-update
 COPY --from=format /out /
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run lint
 FROM deps AS test
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run test --coverage --coverageDirectory=/tmp/coverage
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/sourcemap-register.js
+++ b/dist/sourcemap-register.js
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,10 +1,6 @@
-variable "NODE_VERSION" {
+target "_common" {
  default = "12"
 }
 target "node-version" {
  args = {
-    NODE_VERSION = NODE_VERSION
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
  }
 }
@ -13,55 +9,58 @@ group "default" {
 }
 group "pre-checkin" {
-  targets = ["vendor-update", "format", "build"]
+  targets = ["vendor", "format", "build"]
 }
 group "validate" {
-  targets = ["format-validate", "build-validate", "vendor-validate"]
+  targets = ["lint", "build-validate", "vendor-validate"]
 }
 target "build" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "build-update"
  output = ["."]
 }
 target "build-validate" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "build-validate"
  output = ["type=cacheonly"]
 }
 target "format" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "format-update"
  output = ["."]
 }
-target "format-validate" {
+target "lint" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
-  target = "format-validate"
+  target = "lint"
  output = ["type=cacheonly"]
 }
-target "vendor-update" {
+target "vendor" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/vendor.Dockerfile"
+  dockerfile = "dev.Dockerfile"
-  target = "update"
+  target = "vendor-update"
  output = ["."]
 }
 target "vendor-validate" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/vendor.Dockerfile"
+  dockerfile = "dev.Dockerfile"
-  target = "validate"
+  target = "vendor-validate"
  output = ["type=cacheonly"]
 }
 target "test" {
-  inherits = ["node-version"]
+  inherits = ["_common"]
-  dockerfile = "./hack/test.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "test-coverage"
  output = ["./coverage"]
 }
--- a/docs/advanced/cache.md
+++ b/docs/advanced/cache.md
@ -1,107 +0,0 @@
 # Cache
 * [Registry cache](#registry-cache)
 * [GitHub cache](#github-cache)
 > More info about buildx cache: https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from
 ## Registry cache
 You can import/export cache from a cache manifest or (special) image configuration on the registry.
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: user/app:latest
          cache-from: type=registry,ref=user/app:latest
          cache-to: type=inline
 ```
 ## GitHub cache
 > :warning: At the moment caches are copied over the existing cache so it [keeps growing](https://github.com/docker/build-push-action/issues/252).
 > The `Move cache` step is used as a temporary fix (see https://github.com/moby/buildkit/issues/1896).
 > :rocket: There is a new cache backend using GitHub cache being developed that will lighten your workflow.
 > More info: https://github.com/docker/buildx/pull/535
 You can leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
 using [actions/cache](https://github.com/actions/cache) with this action:
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: user/app:latest
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
      -
        # Temp fix
        # https://github.com/docker/build-push-action/issues/252
        # https://github.com/moby/buildkit/issues/1896
        name: Move cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 ```
--- a/docs/advanced/copy-between-registries.md
+++ b/docs/advanced/copy-between-registries.md
@ -1,73 +0,0 @@
 # Copy images between registries
 Multi-platform images built using buildx can be copied from one registry to another without
 changing the image SHA using the [tag-push-action](https://github.com/akhilerm/tag-push-action).
 The following workflow will first push the image to dockerhub, run some tests using the images
 and then push to quay and ghcr
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - 
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - # quay and ghcr logins for pushing image after testing
        name: Login to Quay Registry
        uses: docker/login-action@v1 
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_TOKEN }}
      -
        name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            user/app:latest
            user/app:1.0.0
      - # run tests using image from docker hub
        name: Run Tests
        run: make tests
      - # copy multiplatform image from dockerhub to quay and ghcr
        name: Push Image to multiple registries
        uses: akhilerm/tag-push-action@v1.0.0
        with:
          src: docker.io/user/app:1.0.0
          dst: |
            quay.io/user/app:latest
            quay.io/user/app:1.0.0
            ghcr.io/user/app:latest
            ghcr.io/user/app:1.0.0
 ```
--- a/docs/advanced/dockerhub-desc.md
+++ b/docs/advanced/dockerhub-desc.md
@ -1,48 +0,0 @@
 # Update DockerHub repo description
 You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
 a third party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
 with this action:
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: user/app:latest
      -
        name: Update repo description
        uses: peter-evans/dockerhub-description@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
          repository: user/app
 ```
--- a/docs/advanced/export-docker.md
+++ b/docs/advanced/export-docker.md
@ -1,35 +0,0 @@
 # Export image to Docker
 You may want your build result to be available in the Docker client through `docker images` to be able to use it
 in another step of your workflow:
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Build
        uses: docker/build-push-action@v2
        with:
          context: .
          load: true
          tags: myimage:latest
      -
        name: Inspect
        run: |
          docker image inspect myimage:latest
 ```
--- a/docs/advanced/isolated-builders.md
+++ b/docs/advanced/isolated-builders.md
@ -1,44 +0,0 @@
 # Isolated builders
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        uses: docker/setup-buildx-action@v1
        id: builder1
      -
        uses: docker/setup-buildx-action@v1
        id: builder2
      -
        name: Builder 1 name
        run: echo ${{ steps.builder1.outputs.name }}
      -
        name: Builder 2 name
        run: echo ${{ steps.builder2.outputs.name }}
      -
        name: Build against builder1
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.builder1.outputs.name }}
          context: .
          target: mytarget1
      -
        name: Build against builder2
        uses: docker/build-push-action@v2
        with:
          builder: ${{ steps.builder2.outputs.name }}
          context: .
          target: mytarget2
 ```
--- a/docs/advanced/local-registry.md
+++ b/docs/advanced/local-registry.md
@ -1,44 +0,0 @@
 # Local registry
 For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          driver-opts: network=host
      -
        name: Build and push to local registry
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: localhost:5000/name/app:latest
      -
        name: Inspect
        run: |
          docker buildx imagetools inspect localhost:5000/name/app:latest
 ```
--- a/docs/advanced/multi-platform.md
+++ b/docs/advanced/multi-platform.md
@ -1,44 +0,0 @@
 # Multi-platform image
 You can build multi-platform images using the [`platforms` input](../../README.md#inputs) as described below.
 > :bulb: List of available platforms will be displayed and available through our [setup-buildx](https://github.com/docker/setup-buildx-action#about) action.
 > :bulb: If you want support for more platforms, you can use QEMU with our [setup-qemu](https://github.com/docker/setup-qemu-action) action.
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: user/app:latest
 ```
--- a/docs/advanced/push-multi-registries.md
+++ b/docs/advanced/push-multi-registries.md
@ -1,57 +0,0 @@
 # Push to multi-registries
 * [Docker Hub and GHCR](#docker-hub-and-ghcr)
 ## Docker Hub and GHCR
 The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
 and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
 image to these registries.
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GitHub Container Registry
        uses: docker/login-action@v1 
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            user/app:latest
            user/app:1.0.0
            ghcr.io/user/app:latest
            ghcr.io/user/app:1.0.0
 ```
--- a/docs/advanced/secrets.md
+++ b/docs/advanced/secrets.md
@ -1,84 +0,0 @@
 # Secrets
 In the following example we will expose and use the [GITHUB_TOKEN secret](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret)
 as provided by GitHub in your workflow.
 First let's create our `Dockerfile` to use our secret:
 ```Dockerfile
 #syntax=docker/dockerfile:1.2
 FROM alpine
 RUN --mount=type=secret,id=github_token \
  cat /run/secrets/github_token
 ```
 As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
 the [`secrets` input](../../README.md#inputs):
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Build
        uses: docker/build-push-action@v2
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          tags: user/app:latest
          secrets: |
            "github_token=${{ secrets.GITHUB_TOKEN }}"
 ```
 > :bulb: You can also expose a secret file to the build with [`secret-files`](../../README.md#inputs) input:
 > ```yaml
 > secret-files: |
 >   "MY_SECRET=./secret.txt"
 > ```
 If you're using [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) and need to handle
 multi-line value, you will need to place the key-value pair between quotes:
 ```yaml
 secrets: |
  "MYSECRET=${{ secrets.GPG_KEY }}"
  GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
  "MYSECRET=aaaaaaaa
  bbbbbbb
  ccccccccc"
  FOO=bar
  "EMPTYLINE=aaaa
  bbbb
  ccc"
  "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
 ```
 | Key                | Value                                            |
 |--------------------|--------------------------------------------------|
 | `MYSECRET`         | `***********************` |
 | `GIT_AUTH_TOKEN`   | `abcdefghi,jklmno=0123456789` |
 | `MYSECRET`         | `aaaaaaaa\nbbbbbbb\nccccccccc` |
 | `FOO`              | `bar` |
 | `EMPTYLINE`        | `aaaa\n\nbbbb\nccc` |
 | `JSON_SECRET`      | `{"key1":"value1","key2":"value2"}` |
 > :bulb: All quote signs need to be doubled for escaping.
--- a/docs/advanced/share-image-jobs.md
+++ b/docs/advanced/share-image-jobs.md
@ -1,58 +0,0 @@
 # Share built image between jobs
 As each job is isolated in its own runner you cannot use your built image between jobs (except for [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners)).
 However, you can [pass data between jobs in a workflow](https://docs.github.com/en/actions/guides/storing-workflow-data-as-artifacts#passing-data-between-jobs-in-a-workflow)
 using the [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact)
 actions:
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'master'
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Build and export
        uses: docker/build-push-action@v2
        with:
          context: .
          tags: myimage:latest
          outputs: type=docker,dest=/tmp/myimage.tar
      -
        name: Upload artifact
        uses: actions/upload-artifact@v2
        with:
          name: myimage
          path: /tmp/myimage.tar
  use:
    runs-on: ubuntu-latest
    needs: build
    steps:
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Download artifact
        uses: actions/download-artifact@v2
        with:
          name: myimage
          path: /tmp
      -
        name: Load image
        run: |
          docker load --input /tmp/myimage.tar
          docker image ls -a
 ```
--- a/docs/advanced/tags-labels.md
+++ b/docs/advanced/tags-labels.md
@ -1,77 +0,0 @@
 # Handle tags and labels
 If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
 "automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
 for labels, you can do it in a dedicated step. The following workflow will use the [Docker metadata action](https://github.com/docker/metadata-action)
 to handle tags and labels based on GitHub actions events and Git metadata.
 ```yaml
 name: ci
 on:
  schedule:
    - cron: '0 10 * * *' # everyday at 10am
  push:
    branches:
      - '**'
    tags:
      - 'v*.*.*'
  pull_request:
    branches:
      - 'master'
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v3
        with:
          # list of Docker images to use as base name for tags
          images: |
            name/app
            ghcr.io/username/app
          # generate Docker tags based on the following events/attributes
          tags: |
            type=schedule
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v1 
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GHCR
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
 ```
--- a/hack/build.Dockerfile
+++ b/hack/build.Dockerfile
@ -1,42 +0,0 @@
 # syntax=docker/dockerfile:1.2
 ARG NODE_VERSION
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/
 FROM scratch AS build-update
 COPY --from=build /out /
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw \
  git add -A && cp -rf /out/* .; \
  if [ -n "$(git status --porcelain -- dist)" ]; then \
    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \
    git status --porcelain -- dist; \
    exit 1; \
  fi
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
 FROM scratch AS format-update
 COPY --from=format /out /
 FROM deps AS format-validate
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run format-check \
--- a/hack/test.Dockerfile
+++ b/hack/test.Dockerfile
@ -1,23 +0,0 @@
 # syntax=docker/dockerfile:1.2
 ARG NODE_VERSION
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache git
 WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install
 FROM deps AS test
 ENV RUNNER_TEMP=/tmp/github_runner
 ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  --mount=type=bind,from=crazymax/docker,source=/usr/libexec/docker/cli-plugins/docker-buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
  --mount=type=bind,from=crazymax/docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
  yarn run test --coverageDirectory=/tmp/coverage
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
--- a/hack/vendor.Dockerfile
+++ b/hack/vendor.Dockerfile
@ -1,23 +0,0 @@
 # syntax=docker/dockerfile:1.2
 ARG NODE_VERSION
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache git
 WORKDIR /src
 FROM base AS vendored
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /out && cp yarn.lock /out
 FROM scratch AS update
 COPY --from=vendored /out /
 FROM vendored AS validate
 RUN --mount=type=bind,target=.,rw \
  git add -A && cp -rf /out/* .; \
  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \
    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \
    git status --porcelain -- yarn.lock; \
    exit 1; \
  fi
--- a/jest.config.js
+++ b/jest.config.js
@ -1,12 +0,0 @@
 module.exports = {
  clearMocks: false,
  moduleFileExtensions: ['js', 'ts'],
  setupFiles: ["dotenv/config"],
  testEnvironment: 'node',
  testMatch: ['**/*.test.ts'],
  testRunner: 'jest-circus/runner',
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
  verbose: false
 }
--- a/jest.config.ts
+++ b/jest.config.ts
@ -0,0 +1,30 @@
 import fs from 'fs';
 import os from 'os';
 import path from 'path';
 const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-action-'));
 process.env = Object.assign({}, process.env, {
  TEMP: tmpDir,
  GITHUB_REPOSITORY: 'docker/build-push-action',
  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
 }) as {
  [key: string]: string;
 };
 module.exports = {
  clearMocks: false,
  testEnvironment: 'node',
  moduleFileExtensions: ['js', 'ts'],
  testMatch: ['**/*.test.ts'],
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
  moduleNameMapper: {
    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
  },
  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
  verbose: true
 };
--- a/package.json
+++ b/package.json
@ -1,13 +1,16 @@
 {
  "name": "docker-build-push",
  "description": "Build and push Docker images",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
  "scripts": {
-    "build": "tsc && ncc build",
+    "build": "ncc build --source-map --minify --license licenses.txt",
-    "format": "prettier --write **/*.ts",
+    "lint": "yarn run prettier && yarn run eslint",
-    "format-check": "prettier --check **/*.ts",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
-    "test": "jest --coverage",
+    "eslint": "eslint --max-warnings=0 .",
-    "pre-checkin": "yarn run format && yarn run build"
+    "eslint:fix": "eslint --fix .",
    "prettier": "prettier --check \"./**/*.ts\"",
    "prettier:fix": "prettier --write \"./**/*.ts\"",
    "test": "jest"
  },
  "repository": {
    "type": "git",
@ -19,35 +22,27 @@
    "build",
    "push"
  ],
-  "author": "Docker",
+  "author": "Docker Inc.",
  "contributors": [
    {
      "name": "CrazyMax",
      "url": "https://crazymax.dev"
    }
  ],
  "license": "Apache-2.0",
  "packageManager": "yarn@3.6.3",
  "dependencies": {
-    "@actions/core": "^1.4.0",
+    "@actions/core": "^1.11.1",
-    "@actions/exec": "^1.1.0",
+    "@docker/actions-toolkit": "0.62.1",
-    "@actions/github": "^5.0.0",
+    "handlebars": "^4.7.7"
    "csv-parse": "^4.16.0",
    "semver": "^7.3.5",
    "tmp": "^0.2.1"
  },
  "devDependencies": {
-    "@types/csv-parse": "^1.2.2",
+    "@types/node": "^20.12.12",
-    "@types/jest": "^26.0.23",
+    "@typescript-eslint/eslint-plugin": "^7.9.0",
-    "@types/node": "^14.17.4",
+    "@typescript-eslint/parser": "^7.9.0",
-    "@types/tmp": "^0.2.0",
+    "@vercel/ncc": "^0.38.1",
-    "@vercel/ncc": "^0.28.6",
+    "eslint": "^8.57.0",
-    "dotenv": "^8.6.0",
+    "eslint-config-prettier": "^9.1.0",
-    "jest": "^26.6.3",
+    "eslint-plugin-jest": "^28.5.0",
-    "jest-circus": "^26.6.3",
+    "eslint-plugin-prettier": "^5.1.3",
-    "jest-runtime": "^26.6.3",
+    "jest": "^29.7.0",
-    "prettier": "^2.3.1",
+    "prettier": "^3.2.5",
-    "ts-jest": "^26.5.6",
+    "ts-jest": "^29.1.2",
-    "typescript": "^4.3.4",
+    "ts-node": "^10.9.2",
-    "typescript-formatter": "^7.2.2"
+    "typescript": "^5.4.5"
  }
 }
--- a/src/buildx.ts
+++ b/src/buildx.ts
@ -1,120 +0,0 @@
 import csvparse from 'csv-parse/lib/sync';
 import fs from 'fs';
 import path from 'path';
 import * as semver from 'semver';
 import * as exec from '@actions/exec';
 import * as context from './context';
 export async function getImageIDFile(): Promise<string> {
  return path.join(context.tmpDir(), 'iidfile').split(path.sep).join(path.posix.sep);
 }
 export async function getImageID(): Promise<string | undefined> {
  const iidFile = await getImageIDFile();
  if (!fs.existsSync(iidFile)) {
    return undefined;
  }
  return fs.readFileSync(iidFile, {encoding: 'utf-8'});
 }
 export async function getSecretString(kvp: string): Promise<string> {
  return getSecret(kvp, false);
 }
 export async function getSecretFile(kvp: string): Promise<string> {
  return getSecret(kvp, true);
 }
 export async function getSecret(kvp: string, file: boolean): Promise<string> {
  const delimiterIndex = kvp.indexOf('=');
  const key = kvp.substring(0, delimiterIndex);
  let value = kvp.substring(delimiterIndex + 1);
  if (key.length == 0 || value.length == 0) {
    throw new Error(`${kvp} is not a valid secret`);
  }
  if (file) {
    if (!fs.existsSync(value)) {
      throw new Error(`secret file ${value} not found`);
    }
    value = fs.readFileSync(value, {encoding: 'utf-8'});
  }
  const secretFile = context.tmpNameSync({
    tmpdir: context.tmpDir()
  });
  fs.writeFileSync(secretFile, value);
  return `id=${key},src=${secretFile}`;
 }
 export function isLocalOrTarExporter(outputs: string[]): Boolean {
  for (let output of csvparse(outputs.join(`\n`), {
    delimiter: ',',
    trim: true,
    columns: false,
    relaxColumnCount: true
  })) {
    // Local if no type is defined
    // https://github.com/docker/buildx/blob/d2bf42f8b4784d83fde17acb3ed84703ddc2156b/build/output.go#L29-L43
    if (output.length == 1 && !output[0].startsWith('type=')) {
      return true;
    }
    for (let [key, value] of output.map(chunk => chunk.split('=').map(item => item.trim()))) {
      if (key == 'type' && (value == 'local' || value == 'tar')) {
        return true;
      }
    }
  }
  return false;
 }
 export function hasGitAuthToken(secrets: string[]): Boolean {
  for (let secret of secrets) {
    if (secret.startsWith('GIT_AUTH_TOKEN=')) {
      return true;
    }
  }
  return false;
 }
 export async function isAvailable(): Promise<Boolean> {
  return await exec
    .getExecOutput('docker', ['buildx'], {
      ignoreReturnCode: true,
      silent: true
    })
    .then(res => {
      if (res.stderr.length > 0 && res.exitCode != 0) {
        return false;
      }
      return res.exitCode == 0;
    });
 }
 export async function getVersion(): Promise<string> {
  return await exec
    .getExecOutput('docker', ['buildx', 'version'], {
      ignoreReturnCode: true,
      silent: true
    })
    .then(res => {
      if (res.stderr.length > 0 && res.exitCode != 0) {
        throw new Error(res.stderr.trim());
      }
      return parseVersion(res.stdout);
    });
 }
 export function parseVersion(stdout: string): string {
  const matches = /\sv?([0-9a-f]{7}|[0-9.]+)/.exec(stdout);
  if (!matches) {
    throw new Error(`Cannot parse buildx version`);
  }
  return matches[1];
 }
 export function satisfies(version: string, range: string): boolean {
  return semver.satisfies(version, range) || /^[0-9a-f]{7}$/.exec(version) !== null;
 }
--- a/src/context.ts
+++ b/src/context.ts
@ -1,216 +1,286 @@
 import csvparse from 'csv-parse/lib/sync';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
 import * as semver from 'semver';
 import * as tmp from 'tmp';
 import * as core from '@actions/core';
-import {issueCommand} from '@actions/core/lib/command';
+import * as handlebars from 'handlebars';
 import * as github from '@actions/github';
-import * as buildx from './buildx';
+import {Build} from '@docker/actions-toolkit/lib/buildx/build';
-
+import {Context} from '@docker/actions-toolkit/lib/context';
-let _defaultContext, _tmpDir: string;
+import {GitHub} from '@docker/actions-toolkit/lib/github';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Util} from '@docker/actions-toolkit/lib/util';
 export interface Inputs {
  'add-hosts': string[];
  allow: string[];
-  buildArgs: string[];
+  annotations: string[];
  attests: string[];
  'build-args': string[];
  'build-contexts': string[];
  builder: string;
-  cacheFrom: string[];
+  'cache-from': string[];
-  cacheTo: string[];
+  'cache-to': string[];
  call: string;
  'cgroup-parent': string;
  context: string;
  file: string;
  labels: string[];
  load: boolean;
  network: string;
-  noCache: boolean;
+  'no-cache': boolean;
  'no-cache-filters': string[];
  outputs: string[];
  platforms: string[];
  provenance: string;
  pull: boolean;
  push: boolean;
  sbom: string;
  secrets: string[];
-  secretFiles: string[];
+  'secret-envs': string[];
  'secret-files': string[];
  'shm-size': string;
  ssh: string[];
  tags: string[];
  target: string;
-  githubToken: string;
+  ulimit: string[];
  'github-token': string;
 }
-export function defaultContext(): string {
+export async function getInputs(): Promise<Inputs> {
  if (!_defaultContext) {
    let ref = github.context.ref;
    if (github.context.sha && ref && !ref.startsWith('refs/')) {
      ref = `refs/heads/${github.context.ref}`;
    }
    if (github.context.sha && !ref.startsWith(`refs/pull/`)) {
      ref = github.context.sha;
    }
    _defaultContext = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}.git#${ref}`;
  }
  return _defaultContext;
 }
 export function tmpDir(): string {
  if (!_tmpDir) {
    _tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-')).split(path.sep).join(path.posix.sep);
  }
  return _tmpDir;
 }
 export function tmpNameSync(options?: tmp.TmpNameOptions): string {
  return tmp.tmpNameSync(options);
 }
 export async function getInputs(defaultContext: string): Promise<Inputs> {
  return {
-    allow: await getInputList('allow'),
+    'add-hosts': Util.getInputList('add-hosts'),
-    buildArgs: await getInputList('build-args', true),
+    allow: Util.getInputList('allow'),
    annotations: Util.getInputList('annotations', {ignoreComma: true}),
    attests: Util.getInputList('attests', {ignoreComma: true}),
    'build-args': Util.getInputList('build-args', {ignoreComma: true}),
    'build-contexts': Util.getInputList('build-contexts', {ignoreComma: true}),
    builder: core.getInput('builder'),
-    cacheFrom: await getInputList('cache-from', true),
+    'cache-from': Util.getInputList('cache-from', {ignoreComma: true}),
-    cacheTo: await getInputList('cache-to', true),
+    'cache-to': Util.getInputList('cache-to', {ignoreComma: true}),
-    context: core.getInput('context') || defaultContext,
+    call: core.getInput('call'),
    'cgroup-parent': core.getInput('cgroup-parent'),
    context: core.getInput('context') || Context.gitContext(),
    file: core.getInput('file'),
-    labels: await getInputList('labels', true),
+    labels: Util.getInputList('labels', {ignoreComma: true}),
    load: core.getBooleanInput('load'),
    network: core.getInput('network'),
-    noCache: core.getBooleanInput('no-cache'),
+    'no-cache': core.getBooleanInput('no-cache'),
-    outputs: await getInputList('outputs', true),
+    'no-cache-filters': Util.getInputList('no-cache-filters'),
-    platforms: await getInputList('platforms'),
+    outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
    platforms: Util.getInputList('platforms'),
    provenance: Build.getProvenanceInput('provenance'),
    pull: core.getBooleanInput('pull'),
    push: core.getBooleanInput('push'),
-    secrets: await getInputList('secrets', true),
+    sbom: core.getInput('sbom'),
-    secretFiles: await getInputList('secret-files', true),
+    secrets: Util.getInputList('secrets', {ignoreComma: true}),
-    ssh: await getInputList('ssh'),
+    'secret-envs': Util.getInputList('secret-envs'),
-    tags: await getInputList('tags'),
+    'secret-files': Util.getInputList('secret-files', {ignoreComma: true}),
    'shm-size': core.getInput('shm-size'),
    ssh: Util.getInputList('ssh'),
    tags: Util.getInputList('tags'),
    target: core.getInput('target'),
-    githubToken: core.getInput('github-token')
+    ulimit: Util.getInputList('ulimit', {ignoreComma: true}),
    'github-token': core.getInput('github-token')
  };
 }
-export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
+export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
-  let args: Array<string> = ['buildx'];
+  const context = handlebars.compile(inputs.context)({
-  args.push.apply(args, await getBuildArgs(inputs, defaultContext, buildxVersion));
+    defaultContext: Context.gitContext()
-  args.push.apply(args, await getCommonArgs(inputs));
+  });
-  args.push(inputs.context);
+  // prettier-ignore
-  return args;
+  return [
    ...await getBuildArgs(inputs, context, toolkit),
    ...await getCommonArgs(inputs, toolkit),
    context
  ];
 }
-async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
+async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> {
-  let args: Array<string> = ['build'];
+  const args: Array<string> = ['build'];
-  await asyncForEach(inputs.buildArgs, async buildArg => {
+  await Util.asyncForEach(inputs['add-hosts'], async addHost => {
    args.push('--add-host', addHost);
  });
  await Util.asyncForEach(inputs.allow, async allow => {
    args.push('--allow', allow);
  });
  if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
    await Util.asyncForEach(inputs.annotations, async annotation => {
      args.push('--annotation', annotation);
    });
  } else if (inputs.annotations.length > 0) {
    core.warning("Annotations are only supported by buildx >= 0.12.0; the input 'annotations' is ignored.");
  }
  await Util.asyncForEach(inputs['build-args'], async buildArg => {
    args.push('--build-arg', buildArg);
  });
-  await asyncForEach(inputs.labels, async label => {
+  if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
    await Util.asyncForEach(inputs['build-contexts'], async buildContext => {
      args.push(
        '--build-context',
        handlebars.compile(buildContext)({
          defaultContext: Context.gitContext()
        })
      );
    });
  } else if (inputs['build-contexts'].length > 0) {
    core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
  }
  await Util.asyncForEach(inputs['cache-from'], async cacheFrom => {
    args.push('--cache-from', cacheFrom);
  });
  await Util.asyncForEach(inputs['cache-to'], async cacheTo => {
    args.push('--cache-to', cacheTo);
  });
  if (inputs.call) {
    if (!(await toolkit.buildx.versionSatisfies('>=0.15.0'))) {
      throw new Error(`Buildx >= 0.15.0 is required to use the call flag.`);
    }
    args.push('--call', inputs.call);
  }
  if (inputs['cgroup-parent']) {
    args.push('--cgroup-parent', inputs['cgroup-parent']);
  }
  await Util.asyncForEach(inputs['secret-envs'], async secretEnv => {
    try {
      args.push('--secret', Build.resolveSecretEnv(secretEnv));
    } catch (err) {
      core.warning(err.message);
    }
  });
  if (inputs.file) {
    args.push('--file', inputs.file);
  }
  if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
    args.push('--iidfile', toolkit.buildxBuild.getImageIDFilePath());
  }
  await Util.asyncForEach(inputs.labels, async label => {
    args.push('--label', label);
  });
-  await asyncForEach(inputs.tags, async tag => {
+  await Util.asyncForEach(inputs['no-cache-filters'], async noCacheFilter => {
    args.push('--no-cache-filter', noCacheFilter);
  });
  await Util.asyncForEach(inputs.outputs, async output => {
    args.push('--output', output);
  });
  if (inputs.platforms.length > 0) {
    args.push('--platform', inputs.platforms.join(','));
  }
  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
    args.push(...(await getAttestArgs(inputs, toolkit)));
  } else {
    core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored.");
  }
  await Util.asyncForEach(inputs.secrets, async secret => {
    try {
      args.push('--secret', Build.resolveSecretString(secret));
    } catch (err) {
      core.warning(err.message);
    }
  });
  await Util.asyncForEach(inputs['secret-files'], async secretFile => {
    try {
      args.push('--secret', Build.resolveSecretFile(secretFile));
    } catch (err) {
      core.warning(err.message);
    }
  });
  if (inputs['github-token'] && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
    args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs['github-token']}`));
  }
  if (inputs['shm-size']) {
    args.push('--shm-size', inputs['shm-size']);
  }
  await Util.asyncForEach(inputs.ssh, async ssh => {
    args.push('--ssh', ssh);
  });
  await Util.asyncForEach(inputs.tags, async tag => {
    args.push('--tag', tag);
  });
  if (inputs.target) {
    args.push('--target', inputs.target);
  }
-  if (inputs.allow.length > 0) {
+  await Util.asyncForEach(inputs.ulimit, async ulimit => {
-    args.push('--allow', inputs.allow.join(','));
+    args.push('--ulimit', ulimit);
  }
  if (inputs.platforms.length > 0) {
    args.push('--platform', inputs.platforms.join(','));
  }
  await asyncForEach(inputs.outputs, async output => {
    args.push('--output', output);
  });
  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
    args.push('--iidfile', await buildx.getImageIDFile());
  }
  await asyncForEach(inputs.cacheFrom, async cacheFrom => {
    args.push('--cache-from', cacheFrom);
  });
  await asyncForEach(inputs.cacheTo, async cacheTo => {
    args.push('--cache-to', cacheTo);
  });
  await asyncForEach(inputs.secrets, async secret => {
    try {
      args.push('--secret', await buildx.getSecretString(secret));
    } catch (err) {
      core.warning(err.message);
    }
  });
  await asyncForEach(inputs.secretFiles, async secretFile => {
    try {
      args.push('--secret', await buildx.getSecretFile(secretFile));
    } catch (err) {
      core.warning(err.message);
    }
  });
  if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
    args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
  }
  await asyncForEach(inputs.ssh, async ssh => {
    args.push('--ssh', ssh);
  });
  if (inputs.file) {
    args.push('--file', inputs.file);
  }
  return args;
 }
-async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
+async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
-  let args: Array<string> = [];
+  const args: Array<string> = [];
  if (inputs.noCache) {
    args.push('--no-cache');
  }
  if (inputs.builder) {
    args.push('--builder', inputs.builder);
  }
  if (inputs.pull) {
    args.push('--pull');
  }
  if (inputs.load) {
    args.push('--load');
  }
  if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
    args.push('--metadata-file', toolkit.buildxBuild.getMetadataFilePath());
  }
  if (inputs.network) {
    args.push('--network', inputs.network);
  }
  if (inputs['no-cache']) {
    args.push('--no-cache');
  }
  if (inputs.pull) {
    args.push('--pull');
  }
  if (inputs.push) {
    args.push('--push');
  }
  return args;
 }
-export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
+async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
-  let res: Array<string> = [];
+  const args: Array<string> = [];
-  const items = core.getInput(name);
+  // check if provenance attestation is set in attests input
-  if (items == '') {
+  let hasAttestProvenance = false;
-    return res;
+  await Util.asyncForEach(inputs.attests, async (attest: string) => {
-  }
+    if (Build.hasAttestationType('provenance', attest)) {
-
+      hasAttestProvenance = true;
  for (let output of (await csvparse(items, {
    columns: false,
    relax: true,
    relaxColumnCount: true,
    skipLinesWithEmptyValues: true
  })) as Array<string[]>) {
    if (output.length == 1) {
      res.push(output[0]);
      continue;
    } else if (!ignoreComma) {
      res.push(...output);
      continue;
    }
-    res.push(output.join(','));
+  });
  let provenanceSet = false;
  let sbomSet = false;
  if (inputs.provenance) {
    args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
    provenanceSet = true;
  } else if (!hasAttestProvenance && !noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
    // if provenance not specified in provenance or attests inputs and BuildKit
    // version compatible for attestation, set default provenance. Also needs
    // to make sure user doesn't want to explicitly load the image to docker.
    if (GitHub.context.payload.repository?.private ?? false) {
      // if this is a private repository, we set the default provenance
      // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
      args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
    } else {
      // for a public repository, we set max provenance mode.
      args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
    }
  }
  if (inputs.sbom) {
    args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
    sbomSet = true;
  }
-  return res.filter(item => item).map(pat => pat.trim());
+  // set attests but check if provenance or sbom types already set as
  // provenance and sbom inputs take precedence over attests input.
  await Util.asyncForEach(inputs.attests, async (attest: string) => {
    if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
      args.push('--attest', Build.resolveAttestationAttrs(attest));
    } else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
      args.push('--attest', Build.resolveProvenanceAttrs(attest));
    } else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
      args.push('--attest', attest);
    }
  });
  return args;
 }
-export const asyncForEach = async (array, callback) => {
+function noDefaultAttestations(): boolean {
-  for (let index = 0; index < array.length; index++) {
+  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
-    await callback(array[index], index, array);
+    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
  }
-};
+  return false;
 // FIXME: Temp fix https://github.com/actions/toolkit/issues/777
 export function setOutput(name: string, value: any): void {
  issueCommand('set-output', {name}, value);
 }
--- a/src/main.ts
+++ b/src/main.ts
@ -1,60 +1,306 @@
 import * as fs from 'fs';
-import * as buildx from './buildx';
+import * as path from 'path';
 import * as context from './context';
 import * as stateHelper from './state-helper';
 import * as core from '@actions/core';
-import * as exec from '@actions/exec';
+import * as actionsToolkit from '@docker/actions-toolkit';
-async function run(): Promise<void> {
+import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
-  try {
+import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
-    core.startGroup(`Docker info`);
+import {Context} from '@docker/actions-toolkit/lib/context';
-    await exec.exec('docker', ['version']);
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
-    await exec.exec('docker', ['info']);
+import {Exec} from '@docker/actions-toolkit/lib/exec';
-    core.endGroup();
+import {GitHub} from '@docker/actions-toolkit/lib/github';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Util} from '@docker/actions-toolkit/lib/util';
-    if (!(await buildx.isAvailable())) {
+import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
 import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
 import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
 import * as context from './context';
 actionsToolkit.run(
  // main
  async () => {
    const startedTime = new Date();
    const inputs: context.Inputs = await context.getInputs();
    stateHelper.setSummaryInputs(inputs);
    core.debug(`inputs: ${JSON.stringify(inputs)}`);
    const toolkit = new Toolkit();
    await core.group(`GitHub Actions runtime token ACs`, async () => {
      try {
        await GitHub.printActionsRuntimeTokenACs();
      } catch (e) {
        core.warning(e.message);
      }
    });
    await core.group(`Docker info`, async () => {
      try {
        await Docker.printVersion();
        await Docker.printInfo();
      } catch (e) {
        core.info(e.message);
      }
    });
    await core.group(`Proxy configuration`, async () => {
      let dockerConfig: ConfigFile | undefined;
      let dockerConfigMalformed = false;
      try {
        dockerConfig = await Docker.configFile();
      } catch (e) {
        dockerConfigMalformed = true;
        core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
      }
      if (dockerConfig && dockerConfig.proxies) {
        for (const host in dockerConfig.proxies) {
          let prefix = '';
          if (Object.keys(dockerConfig.proxies).length > 1) {
            prefix = '  ';
            core.info(host);
          }
          for (const key in dockerConfig.proxies[host]) {
            core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
          }
        }
      } else if (!dockerConfigMalformed) {
        core.info('No proxy configuration found');
      }
    });
    if (!(await toolkit.buildx.isAvailable())) {
      core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
      return;
    }
    stateHelper.setTmpDir(context.tmpDir());
-    const buildxVersion = await buildx.getVersion();
+    stateHelper.setTmpDir(Context.tmpDir());
    const defContext = context.defaultContext();
    let inputs: context.Inputs = await context.getInputs(defContext);
-    const args: string[] = await context.getArgs(inputs, defContext, buildxVersion);
+    await core.group(`Buildx version`, async () => {
-    await exec
+      await toolkit.buildx.printVersion();
-      .getExecOutput('docker', args, {
+    });
-        ignoreReturnCode: true
+
-      })
+    let builder: BuilderInfo;
-      .then(res => {
+    await core.group(`Builder info`, async () => {
-        if (res.stderr.length > 0 && res.exitCode != 0) {
+      builder = await toolkit.builder.inspect(inputs.builder);
-          throw new Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)![0].trim()}`);
+      stateHelper.setBuilderDriver(builder.driver ?? '');
      stateHelper.setBuilderEndpoint(builder.nodes?.[0]?.endpoint ?? '');
      core.info(JSON.stringify(builder, null, 2));
    });
    const args: string[] = await context.getArgs(inputs, toolkit);
    core.debug(`context.getArgs: ${JSON.stringify(args)}`);
    const buildCmd = await toolkit.buildx.getCommand(args);
    core.debug(`buildCmd.command: ${buildCmd.command}`);
    core.debug(`buildCmd.args: ${JSON.stringify(buildCmd.args)}`);
    let err: Error | undefined;
    await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
      ignoreReturnCode: true,
      env: Object.assign({}, process.env, {
        BUILDX_METADATA_WARNINGS: 'true'
      }) as {
        [key: string]: string;
      }
    }).then(res => {
      if (res.exitCode != 0) {
        if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
          // checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
          // take the first line with the message summaryzing the warnings
          err = new Error(res.stdout.split('\n')[0]?.trim());
        } else if (res.stderr.length > 0) {
          err = new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
        }
      }
    });
    const imageID = toolkit.buildxBuild.resolveImageID();
    const metadata = toolkit.buildxBuild.resolveMetadata();
    const digest = toolkit.buildxBuild.resolveDigest(metadata);
    if (imageID) {
      await core.group(`ImageID`, async () => {
        core.info(imageID);
        core.setOutput('imageid', imageID);
      });
    }
    if (digest) {
      await core.group(`Digest`, async () => {
        core.info(digest);
        core.setOutput('digest', digest);
      });
    }
    if (metadata) {
      await core.group(`Metadata`, async () => {
        const metadatadt = JSON.stringify(metadata, null, 2);
        core.info(metadatadt);
        core.setOutput('metadata', metadatadt);
      });
    }
    let ref: string | undefined;
    await core.group(`Reference`, async () => {
      ref = await buildRef(toolkit, startedTime, inputs.builder);
      if (ref) {
        core.info(ref);
        stateHelper.setBuildRef(ref);
      } else {
        core.info('No build reference found');
      }
    });
    if (buildChecksAnnotationsEnabled()) {
      const warnings = toolkit.buildxBuild.resolveWarnings(metadata);
      if (ref && warnings && warnings.length > 0) {
        const annotations = await Buildx.convertWarningsToGitHubAnnotations(warnings, [ref]);
        core.debug(`annotations: ${JSON.stringify(annotations, null, 2)}`);
        if (annotations && annotations.length > 0) {
          await core.group(`Generating GitHub annotations (${annotations.length} build checks found)`, async () => {
            for (const annotation of annotations) {
              core.warning(annotation.message, annotation);
            }
          });
        }
      }
    }
    await core.group(`Check build summary support`, async () => {
      if (!buildSummaryEnabled()) {
        core.info('Build summary disabled');
      } else if (inputs.call && inputs.call !== 'build') {
        core.info(`Build summary skipped for ${inputs.call} subrequest`);
      } else if (GitHub.isGHES) {
        core.info('Build summary is not yet supported on GHES');
      } else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
        core.info('Build summary requires Buildx >= 0.13.0');
      } else if (!ref) {
        core.info('Build summary requires a build reference');
      } else {
        core.info('Build summary supported!');
        stateHelper.setSummarySupported();
      }
    });
    if (err) {
      throw err;
    }
  },
  // post
  async () => {
    if (stateHelper.isSummarySupported) {
      await core.group(`Generating build summary`, async () => {
        try {
          const recordUploadEnabled = buildRecordUploadEnabled();
          let recordRetentionDays: number | undefined;
          if (recordUploadEnabled) {
            recordRetentionDays = buildRecordRetentionDays();
          }
          const buildxHistory = new BuildxHistory();
          const exportRes = await buildxHistory.export({
            refs: stateHelper.buildRef ? [stateHelper.buildRef] : [],
            useContainer: buildExportLegacy()
          });
          core.info(`Build record written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
          let uploadRes: UploadArtifactResponse | undefined;
          if (recordUploadEnabled) {
            uploadRes = await GitHub.uploadArtifact({
              filename: exportRes.dockerbuildFilename,
              mimeType: 'application/gzip',
              retentionDays: recordRetentionDays
            });
          }
          await GitHub.writeBuildSummary({
            exportRes: exportRes,
            uploadRes: uploadRes,
            inputs: stateHelper.summaryInputs,
            driver: stateHelper.builderDriver,
            endpoint: stateHelper.builderEndpoint
          });
        } catch (e) {
          core.warning(e.message);
        }
      });
    const imageID = await buildx.getImageID();
    if (imageID) {
      core.startGroup(`Extracting digest`);
      core.info(`${imageID}`);
      context.setOutput('digest', imageID);
      core.endGroup();
    }
-  } catch (error) {
+    if (stateHelper.tmpDir.length > 0) {
-    core.setFailed(error.message);
+      await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
        try {
          fs.rmSync(stateHelper.tmpDir, {recursive: true});
        } catch (e) {
          core.warning(`Failed to remove temp folder ${stateHelper.tmpDir}`);
        }
      });
    }
  }
 );
 async function buildRef(toolkit: Toolkit, since: Date, builder?: string): Promise<string> {
  // get ref from metadata file
  const ref = toolkit.buildxBuild.resolveRef();
  if (ref) {
    return ref;
  }
  // otherwise, look for the very first build ref since the build has started
  if (!builder) {
    const currentBuilder = await toolkit.builder.inspect();
    builder = currentBuilder.name;
  }
  const refs = Buildx.refs({
    dir: Buildx.refsDir,
    builderName: builder,
    since: since
  });
  return Object.keys(refs).length > 0 ? Object.keys(refs)[0] : '';
 }
 function buildChecksAnnotationsEnabled(): boolean {
  if (process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS) {
    return Util.parseBool(process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS);
  }
  return true;
 }
 function buildSummaryEnabled(): boolean {
  if (process.env.DOCKER_BUILD_NO_SUMMARY) {
    core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
    return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
  } else if (process.env.DOCKER_BUILD_SUMMARY) {
    return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
  }
  return true;
 }
 function buildRecordUploadEnabled(): boolean {
  if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
    return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
  }
  return true;
 }
 function buildRecordRetentionDays(): number | undefined {
  let val: string | undefined;
  if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
    core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
    val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
  } else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
    val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
  }
  if (val) {
    const res = parseInt(val);
    if (isNaN(res)) {
      throw new Error(`Invalid build record retention days: ${val}`);
    }
    return res;
  }
 }
-async function cleanup(): Promise<void> {
+function buildExportLegacy(): boolean {
-  if (stateHelper.tmpDir.length > 0) {
+  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
-    core.startGroup(`Removing temp folder ${stateHelper.tmpDir}`);
+    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
    fs.rmdirSync(stateHelper.tmpDir, {recursive: true});
    core.endGroup();
  }
-}
+  return false;
 if (!stateHelper.IsPost) {
  run();
 } else {
  cleanup();
 }
--- a/src/state-helper.ts
+++ b/src/state-helper.ts
@ -1,12 +1,70 @@
 import * as core from '@actions/core';
-export const IsPost = !!process.env['STATE_isPost'];
+import {Build} from '@docker/actions-toolkit/lib/buildx/build';
 import {Inputs} from './context';
 export const tmpDir = process.env['STATE_tmpDir'] || '';
 export const builderDriver = process.env['STATE_builderDriver'] || '';
 export const builderEndpoint = process.env['STATE_builderEndpoint'] || '';
 export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
 export const buildRef = process.env['STATE_buildRef'] || '';
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
 export function setTmpDir(tmpDir: string) {
  core.saveState('tmpDir', tmpDir);
 }
-if (!IsPost) {
+export function setBuilderDriver(builderDriver: string) {
-  core.saveState('isPost', 'true');
+  core.saveState('builderDriver', builderDriver);
 }
 export function setBuilderEndpoint(builderEndpoint: string) {
  core.saveState('builderEndpoint', builderEndpoint);
 }
 export function setBuildRef(buildRef: string) {
  core.saveState('buildRef', buildRef);
 }
 export function setSummarySupported() {
  core.saveState('isSummarySupported', 'true');
 }
 export function setSummaryInputs(inputs: Inputs) {
  const res = {};
  for (const key of Object.keys(inputs)) {
    if (key === 'github-token') {
      continue;
    }
    const value: string | string[] | boolean = inputs[key];
    if (typeof value === 'boolean' && !value) {
      continue;
    } else if (Array.isArray(value)) {
      if (value.length === 0) {
        continue;
      } else if (key === 'secrets' && value.length > 0) {
        const secretKeys: string[] = [];
        for (const secret of value) {
          try {
            // eslint-disable-next-line @typescript-eslint/no-unused-vars
            const [skey, _] = Build.parseSecretKvp(secret, true);
            secretKeys.push(skey);
          } catch (err) {
            // ignore invalid secret
          }
        }
        if (secretKeys.length > 0) {
          res[key] = secretKeys;
        }
        continue;
      }
    } else if (!value) {
      continue;
    }
    res[key] = value;
  }
  core.saveState('summaryInputs', JSON.stringify(res));
 }
--- a/test/Dockerfile
+++ b/test/Dockerfile
@ -1,3 +1,3 @@
 # syntax=docker/dockerfile:1
 FROM alpine
 RUN echo "Hello world!"
--- a/test/addhost.Dockerfile
+++ b/test/addhost.Dockerfile
@ -0,0 +1,3 @@
 # syntax=docker/dockerfile:1
 FROM busybox
 RUN cat /etc/hosts
--- a/test/cgroup.Dockerfile
+++ b/test/cgroup.Dockerfile
@ -0,0 +1,3 @@
 # syntax=docker/dockerfile:1
 FROM alpine
 RUN cat /proc/self/cgroup
--- a/test/go/Dockerfile
+++ b/test/go/Dockerfile
@ -0,0 +1,19 @@
 # syntax=docker/dockerfile:1
 FROM golang:alpine AS base
 ENV CGO_ENABLED=0
 RUN apk add --no-cache file git
 WORKDIR /src
 FROM base AS build
 RUN --mount=type=bind,target=/src \
    --mount=type=cache,target=/root/.cache/go-build \
    go build -ldflags "-s -w" -o /usr/bin/app .
 FROM scratch AS binary
 COPY --from=build /usr/bin/app /bin/app
 FROM alpine AS image
 COPY --from=build /usr/bin/app /bin/app
 EXPOSE 8080
 ENTRYPOINT ["/bin/app"]
--- a/test/go/go.mod
+++ b/test/go/go.mod
@ -0,0 +1,3 @@
 module github.com/docker/build-push-action/test/go
 go 1.18
--- a/test/go/main.go
+++ b/test/go/main.go
@ -0,0 +1,14 @@
 package main
 import (
 	"fmt"
 	"log"
 	"net/http"
 )
 func main() {
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintf(w, "Hello, Go!")
 	})
 	log.Fatal(http.ListenAndServe(":8080", nil))
 }
--- a/test/lint.Dockerfile
+++ b/test/lint.Dockerfile
@ -0,0 +1,12 @@
 frOM busybox as base
 cOpy lint.Dockerfile .
 from scratch
 MAINTAINER moby@example.com
 COPy --from=base \
  /lint.Dockerfile \
  /
 CMD [ "echo", "Hello, Norway!" ]
 CMD [ "echo", "Hello, Sweden!" ]
 ENTRYPOINT my-program start
--- a/test/multi-sudo.Dockerfile
+++ b/test/multi-sudo.Dockerfile
@ -1,9 +1,9 @@
-FROM --platform=$BUILDPLATFORM golang:alpine AS build
+# syntax=docker/dockerfile:1
 FROM --platform=$BUILDPLATFORM alpine AS build
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
 RUN apk --update --no-cache add \
    shadow \
    sudo \
@ -13,10 +13,9 @@ RUN apk --update --no-cache add \
  && rm -rf /tmp/* /var/cache/apk/*
 USER buildx
-RUN sudo chown buildx. /log
+RUN sudo chown buildx: /log
 USER root
 FROM alpine
 COPY --from=build /log /log
 RUN ls -al /log
--- a/test/multi.Dockerfile
+++ b/test/multi.Dockerfile
@ -1,3 +1,4 @@
 # syntax=docker/dockerfile:1
 FROM --platform=$BUILDPLATFORM golang:alpine AS build
 ARG TARGETPLATFORM
--- a/test/named-context-base.Dockerfile
+++ b/test/named-context-base.Dockerfile
@ -0,0 +1,4 @@
 # syntax=docker/dockerfile:1
 FROM debian
 RUN echo "Hello debian!"
--- a/test/named-context.Dockerfile
+++ b/test/named-context.Dockerfile
@ -0,0 +1,4 @@
 # syntax=docker/dockerfile:1
 FROM alpine
 RUN cat /etc/*release
--- a/test/nocachefilter.Dockerfile
+++ b/test/nocachefilter.Dockerfile
@ -0,0 +1,9 @@
 # syntax=docker/dockerfile:1
 FROM busybox AS base
 RUN echo "Hello world!" > /hello
 FROM alpine AS build
 COPY --from=base /hello /hello
 RUN uname -a
 FROM build
--- a/test/proxy.Dockerfile
+++ b/test/proxy.Dockerfile
@ -0,0 +1,9 @@
 # syntax=docker/dockerfile:1
 FROM alpine
 RUN apk add --no-cache curl net-tools
 ARG HTTP_PROXY
 ARG HTTPS_PROXY
 RUN printenv HTTP_PROXY
 RUN printenv HTTPS_PROXY
 RUN netstat -aptn
 RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com
--- a/test/secret.Dockerfile
+++ b/test/secret.Dockerfile
@ -0,0 +1,4 @@
 # syntax=docker/dockerfile:1
 FROM busybox
 RUN --mount=type=secret,id=MYSECRET \
  echo "MYSECRET=$(cat /run/secrets/MYSECRET)"
--- a/test/shmsize.Dockerfile
+++ b/test/shmsize.Dockerfile
@ -0,0 +1,3 @@
 # syntax=docker/dockerfile:1
 FROM busybox
 RUN mount | grep /dev/shm
--- a/test/ulimit.Dockerfile
+++ b/test/ulimit.Dockerfile
@ -0,0 +1,3 @@
 # syntax=docker/dockerfile:1
 FROM busybox
 RUN ulimit -a
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,21 +1,22 @@
 {
  "compilerOptions": {
    "esModuleInterop": true,
    "target": "es6",
    "module": "commonjs",
-    "lib": [
+    "strict": true,
      "es6",
      "dom"
    ],
    "newLine": "lf",
    "outDir": "./lib",
    "rootDir": "./src",
-    "strict": true,
+    "forceConsistentCasingInFileNames": true,
    "noImplicitAny": false,
-    "esModuleInterop": true,
+    "resolveJsonModule": true,
-    "sourceMap": true
+    "useUnknownInCatchVariables": false,
  },
  "exclude": [
    "./__mocks__/**/*",
    "./__tests__/**/*",
    "./lib/**/*",
    "node_modules",
-    "**/*.test.ts"
+    "jest.config.ts"
  ]
 }
--- a/yarn.lock
+++ b/yarn.lock
		`@ -0,0 +1,3 @@`
							`# Code of conduct`

							`- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)`
		`@ -0,0 +1,3 @@`
							`module github.com/docker/build-push-action/test/go`

							`go 1.18`