Merge pull request #563 from crazy-max/new-inputs

`build-contexts` input

.github/workflows/ci.yml

@@ -4,10 +4,10 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - master
+      - 'master'
   pull_request:
     branches:
-      - master
+      - 'master'
 
 jobs:
   minimal:
@@ -15,7 +15,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: action
       -
@@ -26,10 +26,6 @@ jobs:
         uses: ./action
         with:
           file: ./test/Dockerfile
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   git-context:
     runs-on: ubuntu-latest
@@ -41,7 +37,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: action
       -
@@ -77,10 +73,6 @@ jobs:
             echo "::error::Digest should not be empty"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   git-context-secret:
     runs-on: ubuntu-latest
@@ -92,7 +84,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: action
       -
@@ -137,10 +129,6 @@ jobs:
             echo "::error::Digest should not be empty"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   path-context:
     runs-on: ubuntu-latest
@@ -158,7 +146,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -192,17 +180,13 @@ jobs:
             echo "::error::Digest should not be empty"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   error:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Stop docker
         run: |
@@ -223,17 +207,13 @@ jobs:
             echo "::error::Should have failed"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   error-buildx:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -259,10 +239,6 @@ jobs:
             echo "::error::Should have failed"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   docker-driver:
     runs-on: ubuntu-latest
@@ -274,7 +250,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Build
         id: docker_build
@@ -284,17 +260,13 @@ jobs:
           file: ./test/Dockerfile
           push: true
           tags: localhost:5000/name/app:latest
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   export-docker:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Build
         uses: ./
@@ -307,17 +279,13 @@ jobs:
         name: Inspect
         run: |
           docker image inspect myimage:latest
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   network:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
@@ -331,10 +299,115 @@ jobs:
           context: ./test
           tags: name/app:latest
           network: host
+
+  shm-size:
+    runs-on: ubuntu-latest
+    steps:
       -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: v0.7.0
+          driver-opts: |
+            image=moby/buildkit:master
+      -
+        name: Build
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/shmsize.Dockerfile
+          tags: name/app:latest
+          shm-size: 2g
+
+  ulimit:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: v0.7.0
+          driver-opts: |
+            image=moby/buildkit:master
+      -
+        name: Build
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/ulimit.Dockerfile
+          tags: name/app:latest
+          ulimit: |
+            nofile=1024:1024
+            nproc=3
+
+  cgroup-parent:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: v0.7.0
+          driver-opts: |
+            image=moby/buildkit:master
+      -
+        name: Build
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/cgroup.Dockerfile
+          tags: name/app:latest
+          cgroup-parent: foo
+
+  add-hosts:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Build
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/addhost.Dockerfile
+          tags: name/app:latest
+          add-hosts: |
+            docker:10.180.0.1
+            foo:10.0.0.1
+
+  build-contexts:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: v0.8.0
+      -
+        name: Build
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/buildcontext.Dockerfile
+          build-contexts: |
+            alpine=docker-image://debian:stable-slim
+          tags: name/app:latest
 
   multi:
     runs-on: ubuntu-latest
@@ -355,7 +428,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -390,10 +463,94 @@ jobs:
             echo "::error::Digest should not be empty"
             exit 1
           fi
+
+  digest:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_IMAGE: localhost:5000/name/app
+    strategy:
+      fail-fast: false
+      matrix:
+        driver:
+          - docker
+          - docker-container
+        load:
+          - true
+          - false
+        push:
+          - true
+          - false
+        exclude:
+          - driver: docker
+            load: true
+            push: true
+          - driver: docker-container
+            load: true
+            push: true
+          - driver: docker
+            load: false
+            push: false
+          - driver: docker-container
+            load: false
+            push: false
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
       -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: v0.8.0
+          driver: ${{ matrix.driver }}
+          driver-opts: |
+            network=host
+      -
+        name: Build
+        id: docker_build
+        uses: ./
+        with:
+          context: ./test
+          load: ${{ matrix.load }}
+          push: ${{ matrix.push }}
+          tags: ${{ env.DOCKER_IMAGE }}:latest
+          platforms: ${{ matrix.platforms }}
+      -
+        name: Docker images
+        run: |
+          docker image ls --no-trunc
+      -
+        name: Check digest
+        if: ${{ matrix.push }}
+        run: |
+          if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
+            echo "::error::Digest should not be empty"
+            exit 1
+          fi
+      -
+        name: Check manifest
+        if: ${{ matrix.push }}
+        run: |
+          set -x
+          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}@${{ steps.docker_build.outputs.digest }} --format '{{json .}}'
+      -
+        name: Check image ID
+        run: |
+          if [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then
+            echo "::error::Image ID should not be empty"
+            exit 1
+          fi
+      -
+        name: Inspect image
+        if: ${{ matrix.load }}
+        run: |
+          set -x
+          docker image inspect ${{ steps.docker_build.outputs.imageid }}
 
   registry-cache:
     runs-on: ubuntu-latest
@@ -405,7 +562,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -480,10 +637,6 @@ jobs:
             echo "::error::Digests should be identical"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   local-cache-first:
     runs-on: ubuntu-latest
@@ -497,7 +650,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -546,10 +699,6 @@ jobs:
             echo "::error::Digest should not be empty"
             exit 1
           fi
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   local-cache-hit:
     runs-on: ubuntu-latest
@@ -562,7 +711,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -619,10 +768,6 @@ jobs:
       -
         name: Cache hit
         run: echo ${{ steps.cache.outputs.cache-hit }}
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
 
   github-cache:
     runs-on: ubuntu-latest
@@ -640,7 +785,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -669,7 +814,3 @@ jobs:
         name: Inspect
         run: |
           docker buildx imagetools inspect localhost:5000/name/app:1.0.0
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1

.github/workflows/e2e.yml

@@ -3,10 +3,10 @@ name: e2e
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
   push:
     branches:
-      - master
+      - 'master'
     tags:
       - v*
 
@@ -52,10 +52,15 @@ jobs:
             slug: gcr.io/sandbox-298914/test-docker-action
             username_secret: GCR_USERNAME
             password_secret: GCR_JSON_KEY
+          -
+            registry: officialgithubactions.azurecr.io
+            slug: officialgithubactions.azurecr.io/test-docker-action
+            username_secret: AZURE_CLIENT_ID
+            password_secret: AZURE_CLIENT_SECRET
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Docker meta
         id: meta

.github/workflows/example.yml

@@ -1,9 +1,9 @@
-# This workflow is provided just as an usage example and not for repo testing/verification
+# This workflow is provided just as an example and not for repo testing/verification
 name: example
 
 on:
   schedule:
-    - cron: '0 10 * * 0' # everyday sunday at 10am
+    - cron: '0 10 * * 0'
   push:
     branches:
       - '**'
@@ -25,7 +25,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Docker meta
         id: meta

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Validate
         uses: docker/bake-action@v1

.github/workflows/virtual-env.yml

@@ -3,7 +3,7 @@ name: virtual-env
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
 
 jobs:
   os:
@@ -15,8 +15,10 @@ jobs:
           - ubuntu-latest
           - ubuntu-20.04
           - ubuntu-18.04
-          - ubuntu-16.04
     steps:
+      -
+        name: File system
+        run: df -ah
       -
         name: List install packages
         run: apt list --installed
@@ -32,6 +34,9 @@ jobs:
       -
         name: containerd version
         run: containerd --version
+      -
+        name: Docker images
+        run: docker image ls
       -
         name: Dump context
         if: always()

README.md

@@ -4,15 +4,6 @@
 [![Test workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)
 
-## Upgrade from v1
-
-`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
-also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
-of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
-
-[Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
-`v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
-
 ## About
 
 GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
@@ -36,6 +27,7 @@ ___
   * [Local registry](docs/advanced/local-registry.md)
   * [Export image to Docker](docs/advanced/export-docker.md)
   * [Share built image between jobs](docs/advanced/share-image-jobs.md)
+  * [Test your image before pushing it](docs/advanced/test-before-push.md)
   * [Handle tags and labels](docs/advanced/tags-labels.md)
   * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
 * [Customizing](#customizing)
@@ -46,17 +38,7 @@ ___
 
 ## Usage
 
-By default, this action uses the [Git context](#git-context) so you don't need to use the
-[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
-done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
-and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
-
-Be careful because **any file mutation in the steps that precede the build step will be ignored, including processing of the `.dockerignore` file** since
-the context is based on the git reference. However, you can use the [Path context](#path-context) using the
-[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
-this restriction.
-
-In the examples below we are using 3 other actions:
+In the examples below we are also using 3 other actions:
 
 * [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by 
 default the `docker-container` [builder driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
@@ -67,13 +49,20 @@ to add emulation support with QEMU to be able to build against more platforms.
 
 ### Git context
 
+By default, this action uses the [Git context](#git-context) so you don't need
+to use the [`actions/checkout`](https://github.com/actions/checkout/) action to
+check out the repository because this will be done directly by [BuildKit](https://github.com/moby/buildkit).
+
+The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
+and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+
 ```yaml
 name: ci
 
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -93,21 +82,42 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        id: docker_build
         uses: docker/build-push-action@v2
         with:
           push: true
           tags: user/app:latest
 ```
 
-Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
-so it does not need to be passed. If you want to authenticate against another private repository, you have to use
-a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+Be careful because **any file mutation in the steps that precede the build step
+will be ignored, including processing of the `.dockerignore` file** since
+the context is based on the Git reference. However, you can use the
+[Path context](#path-context) using the [`context` input](#inputs) alongside
+the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+this restriction.
+
+Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
+expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
+to the default Git context:
+
+```yaml
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: "{{defaultContext}}:mysubdir"
+          push: true
+          tags: user/app:latest
+```
+> :warning: Subdirectory for Git context is not yet available for the buildx [`docker` driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
+
+Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+so it does not need to be passed. If you want to authenticate against another
+private repository, you have to use a [secret](docs/advanced/secrets.md) named
+`GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
 
 ```yaml
       -
         name: Build and push
-        id: docker_build
         uses: docker/build-push-action@v2
         with:
           push: true
@@ -124,7 +134,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -165,6 +175,7 @@ jobs:
 * [Local registry](docs/advanced/local-registry.md)
 * [Export image to Docker](docs/advanced/export-docker.md)
 * [Share built image between jobs](docs/advanced/share-image-jobs.md)
+* [Test your image before pushing it](docs/advanced/test-before-push.md)
 * [Handle tags and labels](docs/advanced/tags-labels.md)
 * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
 
@@ -188,11 +199,14 @@ Following inputs can be used as `step.with` keys
 
 | Name                | Type     | Description                        |
 |---------------------|----------|------------------------------------|
-| `allow`             | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) |
+| `add-hosts`         | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
+| `allow`             | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`) |
 | `builder`           | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
-| `build-args`        | List     | List of build-time variables |
-| `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) |
-| `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) |
+| `build-args`        | List     | List of [build-time variables](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#build-arg) |
+| `build-contexts`    | List     | List of additional [build contexts](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#build-context) (e.g., `name=path`) |
+| `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`) |
+| `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`) |
+| `cgroup-parent`     | String   | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
 | `context`           | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
 | `file`              | String   | Path to the Dockerfile. (default `{context}/Dockerfile`) |
 | `labels`            | List     | List of metadata for an image |
@@ -201,13 +215,16 @@ Following inputs can be used as `step.with` keys
 | `no-cache`          | Bool     | Do not use cache when building the image (default `false`) |
 | `outputs`           | List     | List of [output destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#output) (format: `type=local,dest=path`) |
 | `platforms`         | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build |
-| `pull`              | Bool     | Always attempt to pull a newer version of the image (default `false`) |
+| `pull`              | Bool     | Always attempt to pull all referenced images (default `false`) |
 | `push`              | Bool     | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) |
-| `secrets`           | List     | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
-| `secret-files`      | List     | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) |
-| `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
+| `secrets`           | List     | List of [secrets](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
+| `secret-files`      | List     | List of [secret files](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
+| `shm-size`          | String   | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) |
+| `ssh`               | List     | List of [SSH agent socket or keys](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#ssh) to expose to the build |
 | `tags`              | List/CSV | List of tags |
 | `target`            | String   | Sets the target stage to build |
+| `ulimit`            | List     | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) |
+| `github-token`      | String   | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
 
 ### outputs
 
@@ -215,7 +232,8 @@ Following outputs are available
 
 | Name              | Type    | Description                           |
 |-------------------|---------|---------------------------------------|
-| `digest`          | String  | Image content-addressable identifier also called a digest |
+| `imageid`         | String  | Image ID |
+| `digest`          | String  | Image digest |
 | `metadata`        | JSON    | Build result metadata |
 
 ## Troubleshooting

TROUBLESHOOTING.md

@@ -100,7 +100,25 @@ or a cache reference:
 ```
 
 To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
-to generate sanitized tags, or a dedicated step to sanitize the slug:
+to generate sanitized tags:
+
+```yaml
+- name: Docker meta
+  id: meta
+  uses: docker/metadata-action@v3
+  with:
+    images: ghcr.io/${{ github.repository }}
+    tags: latest
+
+- name: Build and push
+  uses: docker/build-push-action@v2
+  with:
+    context: .
+    push: true
+    tags: ${{ steps.meta.outputs.tags }}
+```
+
+Or a dedicated step to sanitize the slug:
 
 ```yaml
 - name: Sanitize repo slug
@@ -108,7 +126,7 @@ to generate sanitized tags, or a dedicated step to sanitize the slug:
   id: repo_slug
   with:
     result-encoding: string
-    script: return `ghcr.io/${github.repository.toLowerCase()}`
+    script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
 
 - name: Build and push
   uses: docker/build-push-action@v2

UPGRADE.md

@@ -28,7 +28,7 @@
 # v1
 steps:
   -
-    name: Checkout code
+    name: Checkout
     uses: actions/checkout@v2
   -
     name: Build and push Docker images
@@ -47,7 +47,7 @@ steps:
 # v2
 steps:
   -
-    name: Checkout code
+    name: Checkout
     uses: actions/checkout@v2
   -
     name: Set up Docker Buildx
@@ -79,7 +79,7 @@ steps:
 # v1
 steps:
   -
-    name: Checkout code
+    name: Checkout
     uses: actions/checkout@v2
   -
     name: Build and push Docker images

__tests__/buildx.test.ts

@@ -7,7 +7,7 @@ import * as buildx from '../src/buildx';
 import * as context from '../src/context';
 
 const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
-const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
+const imageID = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
 const metadata = `{
   "containerimage.config.digest": "sha256:059b68a595b22564a1cbc167af369349fdc2ecc1f7bc092c2235cbf601a795fd",
   "containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
@@ -28,25 +28,30 @@ jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
 describe('getImageID', () => {
   it('matches', async () => {
     const imageIDFile = await buildx.getImageIDFile();
-    console.log(`imageIDFile: ${imageIDFile}`);
-    await fs.writeFileSync(imageIDFile, digest);
-    const imageID = await buildx.getImageID();
-    console.log(`imageID: ${imageID}`);
-    expect(imageID).toEqual(digest);
+    await fs.writeFileSync(imageIDFile, imageID);
+    const expected = await buildx.getImageID();
+    expect(expected).toEqual(imageID);
   });
 });
 
 describe('getMetadata', () => {
   it('matches', async () => {
     const metadataFile = await buildx.getMetadataFile();
-    console.log(`metadataFile: ${metadataFile}`);
     await fs.writeFileSync(metadataFile, metadata);
     const expected = await buildx.getMetadata();
-    console.log(`metadata: ${expected}`);
     expect(expected).toEqual(metadata);
   });
 });
 
+describe('getDigest', () => {
+  it('matches', async () => {
+    const metadataFile = await buildx.getMetadataFile();
+    await fs.writeFileSync(metadataFile, metadata);
+    const expected = await buildx.getDigest(metadata);
+    expect(expected).toEqual('sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c');
+  });
+});
+
 describe('isLocalOrTarExporter', () => {
   // prettier-ignore
   test.each([
@@ -132,7 +137,6 @@ describe('getVersion', () => {
     'valid',
     async () => {
       const version = await buildx.getVersion();
-      console.log(`version: ${version}`);
       expect(semver.valid(version)).not.toBeNull();
     },
     100000
@@ -179,10 +183,8 @@ describe('getSecret', () => {
         secret = await buildx.getSecretString(kvp);
       }
       expect(true).toBe(!invalid);
-      console.log(`secret: ${secret}`);
       expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
       const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
-      console.log(`secretValue: ${secretValue}`);
       expect(secretValue).toEqual(exValue);
     } catch (err) {
       expect(true).toBe(invalid);

__tests__/context.test.ts

@@ -140,13 +140,14 @@ describe('getArgs', () => {
   // prettier-ignore
   test.each([
     [
+      0,
       '0.4.1',
       new Map<string, string>([
         ['context', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -156,13 +157,14 @@ describe('getArgs', () => {
       ]
     ],
     [
+      1,
       '0.4.2',
       new Map<string, string>([
         ['build-args', 'MY_ARG=val1,val2,val3\nARG=val'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -174,24 +176,26 @@ describe('getArgs', () => {
       ]
     ],
     [
+      2,
       '0.4.2',
       new Map<string, string>([
         ['tags', 'name/app:7.4, name/app:latest'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
         'build',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         '--tag', 'name/app:7.4',
         '--tag', 'name/app:latest',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
       ]
     ],
     [
+      3,
       '0.4.2',
       new Map<string, string>([
         ['context', '.'],
@@ -200,7 +204,7 @@ describe('getArgs', () => {
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -212,6 +216,7 @@ describe('getArgs', () => {
       ]
     ],
     [
+      4,
       '0.4.1',
       new Map<string, string>([
         ['context', '.'],
@@ -219,7 +224,7 @@ describe('getArgs', () => {
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -229,13 +234,14 @@ describe('getArgs', () => {
       ]
     ],
     [
+      5,
       '0.4.1',
       new Map<string, string>([
         ['context', '.'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -245,6 +251,7 @@ describe('getArgs', () => {
       ]
     ],
     [
+      6,
       '0.4.2',
       new Map<string, string>([
         ['context', '.'],
@@ -252,7 +259,7 @@ describe('getArgs', () => {
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -263,6 +270,7 @@ describe('getArgs', () => {
       ]
     ],
     [
+      7,
       '0.4.2',
       new Map<string, string>([
         ['github-token', 'abcdefghijklmno0123456789'],
@@ -270,7 +278,7 @@ describe('getArgs', () => {
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -281,6 +289,7 @@ describe('getArgs', () => {
       ]
     ],
     [
+      8,
       '0.4.2',
       new Map<string, string>([
         ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@@ -292,21 +301,22 @@ describe('getArgs', () => {
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
         'build',
-        '--platform', 'linux/amd64,linux/arm64',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--file', './test/Dockerfile',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--platform', 'linux/amd64,linux/arm64',
+        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--builder', 'builder-git-context-2',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
       ]
     ],
     [
+      9,
       '0.4.2',
       new Map<string, string>([
         ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@@ -326,24 +336,25 @@ ccc"`],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
         'build',
-        '--platform', 'linux/amd64,linux/arm64',
+        '--file', './test/Dockerfile',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--platform', 'linux/amd64,linux/arm64',
         '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--file', './test/Dockerfile',
         '--builder', 'builder-git-context-2',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
       ]
     ],
     [
+      10,
       '0.4.2',
       new Map<string, string>([
         ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@@ -363,24 +374,25 @@ ccc`],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
         'build',
-        '--platform', 'linux/amd64,linux/arm64',
+        '--file', './test/Dockerfile',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--platform', 'linux/amd64,linux/arm64',
         '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
         '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--file', './test/Dockerfile',
         '--builder', 'builder-git-context-2',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
       ]
     ],
     [
+      11,
       '0.5.1',
       new Map<string, string>([
         ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@@ -392,14 +404,14 @@ ccc`],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
         'build',
+        '--file', './test/Dockerfile',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         '--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--file', './test/Dockerfile',
         '--builder', 'builder-git-context-2',
         '--network', 'host',
         '--push',
@@ -407,6 +419,7 @@ ccc`],
       ]
     ],
     [
+      12,
       '0.4.2',
       new Map<string, string>([
         ['context', '.'],
@@ -415,7 +428,7 @@ ccc`],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
       ]),
       [
         'buildx',
@@ -427,39 +440,90 @@ ccc`],
       ]
     ],
     [
+      13,
       '0.6.0',
       new Map<string, string>([
         ['context', '.'],
         ['tag', 'localhost:5000/name/app:latest'],
         ['file', './test/Dockerfile'],
+        ['add-hosts', 'docker:10.180.0.1,foo:10.0.0.1'],
         ['network', 'host'],
         ['load', 'false'],
         ['no-cache', 'false'],
         ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
+      ]),
+      [
+        'buildx',
+        'build',
+        '--add-host', 'docker:10.180.0.1',
+        '--add-host', 'foo:10.0.0.1',
+        '--file', './test/Dockerfile',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
+        '--network', 'host',
+        '--push',
+        '.'
+      ]
+    ],
+    [
+      14,
+      '0.7.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['file', './test/Dockerfile'],
+        ['add-hosts', 'docker:10.180.0.1\nfoo:10.0.0.1'],
+        ['cgroup-parent', 'foo'],
+        ['shm-size', '2g'],
+        ['ulimit', `nofile=1024:1024
+nproc=3`],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'buildx',
+        'build',
+        '--add-host', 'docker:10.180.0.1',
+        '--add-host', 'foo:10.0.0.1',
+        '--cgroup-parent', 'foo',
+        '--file', './test/Dockerfile',
+        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--shm-size', '2g',
+        '--ulimit', 'nofile=1024:1024',
+        '--ulimit', 'nproc=3',
+        '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
+        '.'
+      ]
+    ],
+    [
+      15,
+      '0.7.0',
+      new Map<string, string>([
+        ['context', '{{defaultContext}}:docker'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
       ]),
       [
         'buildx',
         'build',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
-        '--file', './test/Dockerfile',
-        '--network', 'host',
-        '--push',
-        '.'
+        'https://github.com/docker/build-push-action.git#refs/heads/test-jest:docker'
       ]
     ],
   ])(
-    'given %p with %p as inputs, returns %p',
-    async (buildxVersion: string, inputs: Map<string, any>, expected: Array<string>) => {
+    '[%d] given %p with %p as inputs, returns %p',
+    async (num: number, buildxVersion: string, inputs: Map<string, any>, expected: Array<string>) => {
       await inputs.forEach((value: string, name: string) => {
         setInput(name, value);
       });
       const defContext = context.defaultContext();
       const inp = await context.getInputs(defContext);
-      console.log(inp);
       const res = await context.getArgs(inp, defContext, buildxVersion);
-      console.log(res);
       expect(res).toEqual(expected);
     }
   );
@@ -469,63 +533,54 @@ describe('getInputList', () => {
   it('single line correctly', async () => {
     await setInput('foo', 'bar');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar']);
   });
 
   it('multiline correctly', async () => {
     setInput('foo', 'bar\nbaz');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
   it('empty lines correctly', async () => {
     setInput('foo', 'bar\n\nbaz');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
   it('comma correctly', async () => {
     setInput('foo', 'bar,baz');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
   it('empty result correctly', async () => {
     setInput('foo', 'bar,baz,');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
   it('different new lines correctly', async () => {
     setInput('foo', 'bar\r\nbaz');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar', 'baz']);
   });
 
   it('different new lines and comma correctly', async () => {
     setInput('foo', 'bar\r\nbaz,bat');
     const res = await context.getInputList('foo');
-    console.log(res);
     expect(res).toEqual(['bar', 'baz', 'bat']);
   });
 
   it('multiline and ignoring comma correctly', async () => {
     setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
     const res = await context.getInputList('cache-from', true);
-    console.log(res);
     expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
   });
 
   it('different new lines and ignoring comma correctly', async () => {
     setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
     const res = await context.getInputList('cache-from', true);
-    console.log(res);
     expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
   });
 
@@ -539,7 +594,6 @@ ccccccccc"
 FOO=bar`
     );
     const res = await context.getInputList('secrets', true);
-    console.log(res);
     expect(res).toEqual([
       'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
       `MYSECRET=aaaaaaaa
@@ -563,7 +617,6 @@ bbbb
 ccc"`
     );
     const res = await context.getInputList('secrets', true);
-    console.log(res);
     expect(res).toEqual([
       'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
       `MYSECRET=aaaaaaaa
@@ -587,7 +640,6 @@ ccccccccc
 FOO=bar`
     );
     const res = await context.getInputList('secrets', true);
-    console.log(res);
     expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']);
   });
 
@@ -598,7 +650,6 @@ FOO=bar`
 FOO=bar`
     );
     const res = await context.getInputList('secrets', true);
-    console.log(res);
     expect(res).toEqual([`GPG_KEY=${pgp}`, 'FOO=bar']);
   });
 
@@ -612,7 +663,6 @@ ccccccccc"
 FOO=bar`
     );
     const res = await context.getInputList('secrets', true);
-    console.log(res);
     expect(res).toEqual([
       'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
       `MYSECRET=aaaaaaaa

action.yml

@@ -7,20 +7,29 @@ branding:
   color: 'blue'
 
 inputs:
+  add-hosts:
+    description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
+    required: false
   allow:
-    description: "List of extra privileged entitlement (eg. network.host,security.insecure)"
+    description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
     required: false
   build-args:
     description: "List of build-time variables"
     required: false
+  build-contexts:
+    description: "List of additional build contexts (e.g., name=path)"
+    required: false
   builder:
     description: "Builder instance"
     required: false
   cache-from:
-    description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)"
+    description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
     required: false
   cache-to:
-    description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
+    description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
+    required: false
+  cgroup-parent:
+    description: "Optional parent cgroup for the container used in the build"
     required: false
   context:
     description: "Build's context is the set of files located in the specified PATH or URL"
@@ -49,7 +58,7 @@ inputs:
     description: "List of target platforms for build"
     required: false
   pull:
-    description: "Always attempt to pull a newer version of the image"
+    description: "Always attempt to pull all referenced images"
     required: false
     default: 'false'
   push:
@@ -57,10 +66,13 @@ inputs:
     required: false
     default: 'false'
   secrets:
-    description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)"
+    description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
     required: false
   secret-files:
-    description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)"
+    description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
+    required: false
+  shm-size:
+    description: "Size of /dev/shm (e.g., 2g)"
     required: false
   ssh:
     description: "List of SSH agent socket or keys to expose to the build"
@@ -71,14 +83,19 @@ inputs:
   target:
     description: "Sets the target stage to build"
     required: false
+  ulimit:
+    description: "Ulimit options (e.g., nofile=1024:1024)"
+    required: false
   github-token:
     description: "GitHub Token used to authenticate against a repository for Git context"
     default: ${{ github.token }}
     required: false
 
 outputs:
+  imageid:
+    description: 'Image ID'
   digest:
-    description: 'Image content-addressable identifier also called a digest'
+    description: 'Image digest'
   metadata:
     description: 'Build result metadata'
 

docker-bake.hcl

@@ -31,6 +31,7 @@ target "build-validate" {
   inherits = ["node-version"]
   dockerfile = "./hack/build.Dockerfile"
   target = "build-validate"
+  output = ["type=cacheonly"]
 }
 
 target "format" {
@@ -44,24 +45,26 @@ target "format-validate" {
   inherits = ["node-version"]
   dockerfile = "./hack/build.Dockerfile"
   target = "format-validate"
+  output = ["type=cacheonly"]
 }
 
 target "vendor-update" {
   inherits = ["node-version"]
-  dockerfile = "./hack/vendor.Dockerfile"
-  target = "update"
+  dockerfile = "./hack/build.Dockerfile"
+  target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
   inherits = ["node-version"]
-  dockerfile = "./hack/vendor.Dockerfile"
-  target = "validate"
+  dockerfile = "./hack/build.Dockerfile"
+  target = "vendor-validate"
+  output = ["type=cacheonly"]
 }
 
 target "test" {
   inherits = ["node-version"]
-  dockerfile = "./hack/test.Dockerfile"
+  dockerfile = "./hack/build.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]
 }

docs/advanced/cache.md

@@ -10,7 +10,7 @@
 
 ## Inline cache
 
-In most case you want to use the [`type=inline` cache exporter](https://github.com/moby/buildkit#inline-push-image-and-cache-together).
+In most cases you want to use the [`type=inline` cache exporter](https://github.com/moby/buildkit#inline-push-image-and-cache-together).
 However, note that the `inline` cache exporter only supports `min` cache mode. To enable `max` cache mode, push the
 image and the cache separately by using the `registry` cache exporter as shown in the [next example](#registry-cache).
 
@@ -20,7 +20,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -60,7 +60,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -110,7 +110,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -154,7 +154,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/copy-between-registries.md

@@ -12,7 +12,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -62,7 +62,7 @@ jobs:
         run: make tests
       - # copy multiplatform image from dockerhub to quay and ghcr
         name: Push Image to multiple registries
-        uses: akhilerm/tag-push-action@v1.0.0
+        uses: akhilerm/tag-push-action@v2.0.0
         with:
           src: docker.io/user/app:1.0.0
           dst: |

docs/advanced/dockerhub-desc.md

@@ -10,7 +10,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/export-docker.md

@@ -9,7 +9,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/isolated-builders.md

@@ -6,7 +6,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/local-registry.md

@@ -8,7 +8,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/multi-platform.md

@@ -12,7 +12,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/push-multi-registries.md

@@ -14,7 +14,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/secrets.md

@@ -22,7 +22,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/share-image-jobs.md

@@ -11,7 +11,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   build:

docs/advanced/tags-labels.md

@@ -1,7 +1,6 @@
 # Handle tags and labels
 
-If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
-"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
+If you want an "automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
 for labels, you can do it in a dedicated step. The following workflow will use the [Docker metadata action](https://github.com/docker/metadata-action)
 to handle tags and labels based on GitHub actions events and Git metadata.
 
@@ -10,7 +9,7 @@ name: ci
 
 on:
   schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
   push:
     branches:
       - '**'
@@ -18,7 +17,7 @@ on:
       - 'v*.*.*'
   pull_request:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/test-before-push.md

@@ -0,0 +1,64 @@
+# Test your image before pushing it
+
+In some cases, you might want to validate that the image works as expected
+before pushing it.
+
+The workflow below will be composed of several steps to achieve this:
+* Build and export the image to Docker
+* Test your image
+* Multi-platform build and push the image
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches:
+      - 'main'
+
+env:
+  TEST_TAG: user/myapp:test
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and export to Docker
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          load: true
+          tags: ${{ env.TEST_TAG }}
+      -
+        name: Test
+        run: |
+          docker run --rm ${{ env.TEST_TAG }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: user/app:latest
+```
+
+> :bulb: Build time will not be increased with this workflow because internal
+> cache for `linux/amd64` will be used from previous step on `Build and push`
+> step so only `linux/arm64` will be actually built.

hack/build.Dockerfile

@@ -1,5 +1,8 @@
-# syntax=docker/dockerfile:1.2
+# syntax=docker/dockerfile:1.3-labs
+
 ARG NODE_VERSION
+ARG DOCKER_VERSION=20.10.10
+ARG BUILDX_VERSION=0.7.0
 
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
@@ -8,7 +11,22 @@ WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/node_modules \
-  yarn install
+  yarn install && mkdir /vendor && cp yarn.lock /vendor
+
+FROM scratch AS vendor-update
+COPY --from=deps /vendor /
+
+FROM deps AS vendor-validate
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /vendor/* .
+if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+  git status --porcelain -- yarn.lock
+  exit 1
+fi
+EOT
 
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
@@ -19,13 +37,16 @@ FROM scratch AS build-update
 COPY --from=build /out /
 
 FROM build AS build-validate
-RUN --mount=type=bind,target=.,rw \
-  git add -A && cp -rf /out/* .; \
-  if [ -n "$(git status --porcelain -- dist)" ]; then \
-    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \
-    git status --porcelain -- dist; \
-    exit 1; \
-  fi
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /out/* .
+if [ -n "$(git status --porcelain -- dist)" ]; then
+  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+  git status --porcelain -- dist
+  exit 1
+fi
+EOT
 
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
@@ -39,4 +60,19 @@ COPY --from=format /out /
 FROM deps AS format-validate
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/node_modules \
-  yarn run format-check \
+  yarn run format-check
+
+FROM docker:${DOCKER_VERSION} as docker
+FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
+
+FROM deps AS test
+ENV RUNNER_TEMP=/tmp/github_runner
+ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
+  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
+  yarn run test --coverageDirectory=/tmp/coverage
+
+FROM scratch AS test-coverage
+COPY --from=test /tmp/coverage /

hack/test.Dockerfile

@@ -1,28 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-ARG DOCKER_VERSION=20.10.7
-ARG BUILDX_VERSION=0.6.0
-
-FROM docker:${DOCKER_VERSION} as docker
-FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache git
-WORKDIR /src
-
-FROM base AS deps
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install
-
-FROM deps AS test
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
-  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
-  yarn run test --coverageDirectory=/tmp/coverage
-
-FROM scratch AS test-coverage
-COPY --from=test /tmp/coverage /

hack/vendor.Dockerfile

@@ -1,23 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache git
-WORKDIR /src
-
-FROM base AS vendored
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /out && cp yarn.lock /out
-
-FROM scratch AS update
-COPY --from=vendored /out /
-
-FROM vendored AS validate
-RUN --mount=type=bind,target=.,rw \
-  git add -A && cp -rf /out/* .; \
-  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \
-    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \
-    git status --porcelain -- yarn.lock; \
-    exit 1; \
-  fi

package.json

@@ -28,10 +28,11 @@
   ],
   "license": "Apache-2.0",
   "dependencies": {
-    "@actions/core": "^1.5.0",
+    "@actions/core": "^1.6.0",
     "@actions/exec": "^1.1.0",
     "@actions/github": "^5.0.0",
-    "csv-parse": "^4.16.0",
+    "csv-parse": "^4.16.3",
+    "handlebars": "^4.7.7",
     "semver": "^7.3.5",
     "tmp": "^0.2.1"
   },

src/buildx.ts

@@ -15,7 +15,7 @@ export async function getImageID(): Promise<string | undefined> {
   if (!fs.existsSync(iidFile)) {
     return undefined;
   }
-  return fs.readFileSync(iidFile, {encoding: 'utf-8'});
+  return fs.readFileSync(iidFile, {encoding: 'utf-8'}).trim();
 }
 
 export async function getMetadataFile(): Promise<string> {
@@ -27,7 +27,22 @@ export async function getMetadata(): Promise<string | undefined> {
   if (!fs.existsSync(metadataFile)) {
     return undefined;
   }
-  return fs.readFileSync(metadataFile, {encoding: 'utf-8'});
+  const content = fs.readFileSync(metadataFile, {encoding: 'utf-8'}).trim();
+  if (content === 'null') {
+    return undefined;
+  }
+  return content;
+}
+
+export async function getDigest(metadata: string | undefined): Promise<string | undefined> {
+  if (metadata === undefined) {
+    return undefined;
+  }
+  const metadataJSON = JSON.parse(metadata);
+  if (metadataJSON['containerimage.digest']) {
+    return metadataJSON['containerimage.digest'];
+  }
+  return undefined;
 }
 
 export async function getSecretString(kvp: string): Promise<string> {

src/context.ts

@@ -9,15 +9,19 @@ import {issueCommand} from '@actions/core/lib/command';
 import * as github from '@actions/github';
 
 import * as buildx from './buildx';
+import * as handlebars from 'handlebars';
 
 let _defaultContext, _tmpDir: string;
 
 export interface Inputs {
+  addHosts: string[];
   allow: string[];
   buildArgs: string[];
+  buildContexts: string[];
   builder: string;
   cacheFrom: string[];
   cacheTo: string[];
+  cgroupParent: string;
   context: string;
   file: string;
   labels: string[];
@@ -30,9 +34,11 @@ export interface Inputs {
   push: boolean;
   secrets: string[];
   secretFiles: string[];
+  shmSize: string;
   ssh: string[];
   tags: string[];
   target: string;
+  ulimit: string[];
   githubToken: string;
 }
 
@@ -63,11 +69,14 @@ export function tmpNameSync(options?: tmp.TmpNameOptions): string {
 
 export async function getInputs(defaultContext: string): Promise<Inputs> {
   return {
+    addHosts: await getInputList('add-hosts'),
     allow: await getInputList('allow'),
     buildArgs: await getInputList('build-args', true),
+    buildContexts: await getInputList('build-contexts', true),
     builder: core.getInput('builder'),
     cacheFrom: await getInputList('cache-from', true),
     cacheTo: await getInputList('cache-to', true),
+    cgroupParent: core.getInput('cgroup-parent'),
     context: core.getInput('context') || defaultContext,
     file: core.getInput('file'),
     labels: await getInputList('labels', true),
@@ -80,9 +89,11 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
     push: core.getBooleanInput('push'),
     secrets: await getInputList('secrets', true),
     secretFiles: await getInputList('secret-files', true),
+    shmSize: core.getInput('shm-size'),
     ssh: await getInputList('ssh'),
     tags: await getInputList('tags'),
     target: core.getInput('target'),
+    ulimit: await getInputList('ulimit', true),
     githubToken: core.getInput('github-token')
   };
 }
@@ -90,39 +101,26 @@ export async function getInputs(defaultContext: string): Promise<Inputs> {
 export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
   let args: Array<string> = ['buildx'];
   args.push.apply(args, await getBuildArgs(inputs, defaultContext, buildxVersion));
-  args.push.apply(args, await getCommonArgs(inputs));
-  args.push(inputs.context);
+  args.push.apply(args, await getCommonArgs(inputs, buildxVersion));
+  args.push(handlebars.compile(inputs.context)({defaultContext}));
   return args;
 }
 
 async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
   let args: Array<string> = ['build'];
-  await asyncForEach(inputs.buildArgs, async buildArg => {
-    args.push('--build-arg', buildArg);
+  await asyncForEach(inputs.addHosts, async addHost => {
+    args.push('--add-host', addHost);
   });
-  await asyncForEach(inputs.labels, async label => {
-    args.push('--label', label);
-  });
-  await asyncForEach(inputs.tags, async tag => {
-    args.push('--tag', tag);
-  });
-  if (inputs.target) {
-    args.push('--target', inputs.target);
-  }
   if (inputs.allow.length > 0) {
     args.push('--allow', inputs.allow.join(','));
   }
-  if (inputs.platforms.length > 0) {
-    args.push('--platform', inputs.platforms.join(','));
-  }
-  await asyncForEach(inputs.outputs, async output => {
-    args.push('--output', output);
+  await asyncForEach(inputs.buildArgs, async buildArg => {
+    args.push('--build-arg', buildArg);
   });
-  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
-    args.push('--iidfile', await buildx.getImageIDFile());
-  }
-  if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
-    args.push('--metadata-file', await buildx.getMetadataFile());
+  if (buildx.satisfies(buildxVersion, '>=0.8.0')) {
+    await asyncForEach(inputs.buildContexts, async buildContext => {
+      args.push('--build-context', buildContext);
+    });
   }
   await asyncForEach(inputs.cacheFrom, async cacheFrom => {
     args.push('--cache-from', cacheFrom);
@@ -130,6 +128,24 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
   await asyncForEach(inputs.cacheTo, async cacheTo => {
     args.push('--cache-to', cacheTo);
   });
+  if (inputs.cgroupParent) {
+    args.push('--cgroup-parent', inputs.cgroupParent);
+  }
+  if (inputs.file) {
+    args.push('--file', inputs.file);
+  }
+  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
+    args.push('--iidfile', await buildx.getImageIDFile());
+  }
+  await asyncForEach(inputs.labels, async label => {
+    args.push('--label', label);
+  });
+  await asyncForEach(inputs.outputs, async output => {
+    args.push('--output', output);
+  });
+  if (inputs.platforms.length > 0) {
+    args.push('--platform', inputs.platforms.join(','));
+  }
   await asyncForEach(inputs.secrets, async secret => {
     try {
       args.push('--secret', await buildx.getSecretString(secret));
@@ -147,32 +163,44 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
   if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
     args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
   }
+  if (inputs.shmSize) {
+    args.push('--shm-size', inputs.shmSize);
+  }
   await asyncForEach(inputs.ssh, async ssh => {
     args.push('--ssh', ssh);
   });
-  if (inputs.file) {
-    args.push('--file', inputs.file);
+  await asyncForEach(inputs.tags, async tag => {
+    args.push('--tag', tag);
+  });
+  if (inputs.target) {
+    args.push('--target', inputs.target);
   }
+  await asyncForEach(inputs.ulimit, async ulimit => {
+    args.push('--ulimit', ulimit);
+  });
   return args;
 }
 
-async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
+async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
   let args: Array<string> = [];
-  if (inputs.noCache) {
-    args.push('--no-cache');
-  }
   if (inputs.builder) {
     args.push('--builder', inputs.builder);
   }
-  if (inputs.pull) {
-    args.push('--pull');
-  }
   if (inputs.load) {
     args.push('--load');
   }
+  if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
+    args.push('--metadata-file', await buildx.getMetadataFile());
+  }
   if (inputs.network) {
     args.push('--network', inputs.network);
   }
+  if (inputs.noCache) {
+    args.push('--no-cache');
+  }
+  if (inputs.pull) {
+    args.push('--pull');
+  }
   if (inputs.push) {
     args.push('--push');
   }

src/main.ts

@@ -33,18 +33,28 @@ async function run(): Promise<void> {
         }
       });
 
-    await core.group(`Setting outputs`, async () => {
-      const imageID = await buildx.getImageID();
-      const metadata = await buildx.getMetadata();
-      if (imageID) {
-        core.info(`digest=${imageID}`);
-        context.setOutput('digest', imageID);
-      }
-      if (metadata) {
-        core.info(`metadata=${metadata}`);
+    const imageID = await buildx.getImageID();
+    const metadata = await buildx.getMetadata();
+    const digest = await buildx.getDigest(metadata);
+
+    if (imageID) {
+      await core.group(`ImageID`, async () => {
+        core.info(imageID);
+        context.setOutput('imageid', imageID);
+      });
+    }
+    if (digest) {
+      await core.group(`Digest`, async () => {
+        core.info(digest);
+        context.setOutput('digest', digest);
+      });
+    }
+    if (metadata) {
+      await core.group(`Metadata`, async () => {
+        core.info(metadata);
         context.setOutput('metadata', metadata);
-      }
-    });
+      });
+    }
   } catch (error) {
     core.setFailed(error.message);
   }

test/addhost.Dockerfile

@@ -0,0 +1,2 @@
+FROM busybox
+RUN cat /etc/hosts

test/buildcontext.Dockerfile

@@ -0,0 +1,3 @@
+# syntax=docker/dockerfile-upstream:master
+FROM alpine
+RUN cat /etc/*release

test/cgroup.Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN cat /proc/self/cgroup

test/shmsize.Dockerfile

@@ -0,0 +1,2 @@
+FROM busybox
+RUN mount | grep /dev/shm

test/ulimit.Dockerfile

@@ -0,0 +1,2 @@
+FROM busybox
+RUN ulimit -a

yarn.lock

@@ -2,10 +2,12 @@
 # yarn lockfile v1
 
 
-"@actions/core@^1.5.0":
-  version "1.5.0"
-  resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.5.0.tgz#885b864700001a1b9a6fba247833a036e75ad9d3"
-  integrity sha512-eDOLH1Nq9zh+PJlYLqEMkS/jLQxhksPNmUGNBHfa4G+tQmnIhzpctxmchETtVGyBOvXgOVVpYuE40+eS4cUnwQ==
+"@actions/core@^1.6.0":
+  version "1.6.0"
+  resolved "https://registry.yarnpkg.com/@actions/core/-/core-1.6.0.tgz#0568e47039bfb6a9170393a73f3b7eb3b22462cb"
+  integrity sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==
+  dependencies:
+    "@actions/http-client" "^1.0.11"
 
 "@actions/exec@^1.1.0":
   version "1.1.0"
@@ -828,9 +830,9 @@ ansi-escapes@^4.2.1:
     type-fest "^0.21.3"
 
 ansi-regex@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
-  integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
+  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
 
 ansi-styles@^3.2.1:
   version "3.2.1"
@@ -1270,10 +1272,10 @@ cssstyle@^2.3.0:
   dependencies:
     cssom "~0.3.6"
 
-csv-parse@*, csv-parse@^4.16.0:
-  version "4.16.0"
-  resolved "https://registry.yarnpkg.com/csv-parse/-/csv-parse-4.16.0.tgz#b4c875e288a41f7ff917cb0d7d45880d563034f6"
-  integrity sha512-Zb4tGPANH4SW0LgC9+s9Mnequs9aqn7N3/pCqNbVjs2XhEF6yWNU2Vm4OGl1v2Go9nw8rXt87Cm2QN/o6Vpqgg==
+csv-parse@*, csv-parse@^4.16.3:
+  version "4.16.3"
+  resolved "https://registry.yarnpkg.com/csv-parse/-/csv-parse-4.16.3.tgz#7ca624d517212ebc520a36873c3478fa66efbaf7"
+  integrity sha512-cO1I/zmz4w2dcKHVvpCr7JVRu8/FymG5OEpmvsZYlccYolPBLoVGKUHgNoc4ZGkFeFlWGEDmMyBM+TTqRdW/wg==
 
 data-urls@^2.0.0:
   version "2.0.0"
@@ -1694,6 +1696,18 @@ growly@^1.3.0:
   resolved "https://registry.yarnpkg.com/growly/-/growly-1.3.0.tgz#f10748cbe76af964b7c96c93c6bcc28af120c081"
   integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=
 
+handlebars@^4.7.7:
+  version "4.7.7"
+  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
+  integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
+  dependencies:
+    minimist "^1.2.5"
+    neo-async "^2.6.0"
+    source-map "^0.6.1"
+    wordwrap "^1.0.0"
+  optionalDependencies:
+    uglify-js "^3.1.4"
+
 has-flag@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
@@ -2709,15 +2723,22 @@ natural-compare@^1.4.0:
   resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
   integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=
 
+neo-async@^2.6.0:
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
+  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
+
 nice-try@^1.0.4:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
   integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==
 
 node-fetch@^2.3.0, node-fetch@^2.6.1:
-  version "2.6.1"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
-  integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==
+  version "2.6.7"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
+  integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
+  dependencies:
+    whatwg-url "^5.0.0"
 
 node-int64@^0.4.0:
   version "0.4.0"
@@ -3422,9 +3443,9 @@ tmp@^0.2.1:
     rimraf "^3.0.0"
 
 tmpl@1.0.x:
-  version "1.0.4"
-  resolved "https://registry.yarnpkg.com/tmpl/-/tmpl-1.0.4.tgz#23640dd7b42d00433911140820e5cf440e521dd1"
-  integrity sha1-I2QN17QtAEM5ERQIIOXPRA5SHdE=
+  version "1.0.5"
+  resolved "https://registry.yarnpkg.com/tmpl/-/tmpl-1.0.5.tgz#8683e0b902bb9c20c4f726e3c0b69f36518c07cc"
+  integrity sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==
 
 to-fast-properties@^2.0.0:
   version "2.0.0"
@@ -3479,6 +3500,11 @@ tr46@^2.1.0:
   dependencies:
     punycode "^2.1.1"
 
+tr46@~0.0.3:
+  version "0.0.3"
+  resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
+  integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=
+
 ts-jest@^26.5.6:
   version "26.5.6"
   resolved "https://registry.yarnpkg.com/ts-jest/-/ts-jest-26.5.6.tgz#c32e0746425274e1dfe333f43cd3c800e014ec35"
@@ -3547,6 +3573,11 @@ typescript@^4.3.4:
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.3.4.tgz#3f85b986945bcf31071decdd96cf8bfa65f9dcbc"
   integrity sha512-uauPG7XZn9F/mo+7MrsRjyvbxFpzemRjKEZXS4AK83oP2KKOJPvb+9cO/gmnv8arWZvhnjVOXz7B49m1l0e9Ew==
 
+uglify-js@^3.1.4:
+  version "3.14.5"
+  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.14.5.tgz#cdabb7d4954231d80cb4a927654c4655e51f4859"
+  integrity sha512-qZukoSxOG0urUTvjc2ERMTcAy+BiFh3weWAkeurLwjrCba73poHmG3E36XEjd/JGukMzwTL7uCxZiAexj8ppvQ==
+
 union-value@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"
@@ -3628,6 +3659,11 @@ walker@^1.0.7, walker@~1.0.5:
   dependencies:
     makeerror "1.0.x"
 
+webidl-conversions@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
+  integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=
+
 webidl-conversions@^5.0.0:
   version "5.0.0"
   resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff"
@@ -3650,6 +3686,14 @@ whatwg-mimetype@^2.3.0:
   resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf"
   integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==
 
+whatwg-url@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
+  integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0=
+  dependencies:
+    tr46 "~0.0.3"
+    webidl-conversions "^3.0.0"
+
 whatwg-url@^8.0.0, whatwg-url@^8.5.0:
   version "8.6.0"
   resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.6.0.tgz#27c0205a4902084b872aecb97cf0f2a7a3011f4c"
@@ -3683,6 +3727,11 @@ word-wrap@~1.2.3:
   resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
   integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
 
+wordwrap@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb"
+  integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=
+
 wrap-ansi@^6.2.0:
   version "6.2.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-6.2.0.tgz#e9393ba07102e6c91a3b221478f0257cd2856e53"