Merge pull request #653 from crazy-max/no-cache-filters

`no-cache-filters` input
no-cache-filters input
2025-06-13 14:47:13 +02:00 · 2022-07-19 17:04:40 +02:00 · 2022-07-19 00:04:41 +02:00 · 2022-07-18 17:08:08 +02:00 · 2022-07-18 17:06:02 +02:00 · 2022-07-18 15:03:16 +00:00
49 changed files with 3864 additions and 19533 deletions
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -0,0 +1,23 @@
 {
  "env": {
    "node": true,
    "es2021": true,
    "jest/globals": true
  },
  "extends": [
    "eslint:recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:jest/recommended",
    "plugin:prettier/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
    "ecmaVersion": "latest",
    "sourceType": "module"
  },
  "plugins": [
    "@typescript-eslint",
    "jest",
    "prettier"
  ]
 }
--- a/.github/build-push-action.png
+++ b/.github/build-push-action.png
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -4,10 +4,10 @@ on:
  workflow_dispatch:
  push:
    branches:
-      - master
+      - 'master'
  pull_request:
    branches:
-      - master
+      - 'master'
 jobs:
  minimal:
@ -15,21 +15,17 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          path: action
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Build
        uses: ./action
        with:
          file: ./test/Dockerfile
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  git-context:
    runs-on: ubuntu-latest
@ -41,16 +37,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          path: action
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          version: latest
          driver-opts: network=host
@ -77,10 +73,6 @@ jobs:
            echo "::error::Digest should not be empty"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  git-context-secret:
    runs-on: ubuntu-latest
@ -92,16 +84,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          path: action
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: network=host
      -
@ -137,10 +129,6 @@ jobs:
            echo "::error::Digest should not be empty"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  path-context:
    runs-on: ubuntu-latest
@ -158,14 +146,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ matrix.buildx-version }}
          driver-opts: network=host
@ -192,17 +180,13 @@ jobs:
            echo "::error::Digest should not be empty"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  error:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Stop docker
        run: |
@ -223,23 +207,19 @@ jobs:
            echo "::error::Should have failed"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  error-buildx:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Build
        id: docker_build
@ -259,10 +239,6 @@ jobs:
            echo "::error::Should have failed"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  docker-driver:
    runs-on: ubuntu-latest
@ -274,7 +250,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Build
        id: docker_build
@ -284,17 +260,13 @@ jobs:
          file: ./test/Dockerfile
          push: true
          tags: localhost:5000/name/app:latest
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  export-docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Build
        uses: ./
@ -307,20 +279,16 @@ jobs:
        name: Inspect
        run: |
          docker image inspect myimage:latest
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  network:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: List networks
        run: docker network ls
@ -331,10 +299,130 @@ jobs:
          context: ./test
          tags: name/app:latest
          network: host
  shm-size:
    runs-on: ubuntu-latest
    steps:
      -
-        name: Dump context
+        name: Checkout
-        if: always()
+        uses: actions/checkout@v3
-        uses: crazy-max/ghaction-dump-context@v1
+      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            image=moby/buildkit:master
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/shmsize.Dockerfile
          tags: name/app:latest
          shm-size: 2g
  ulimit:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            image=moby/buildkit:master
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/ulimit.Dockerfile
          tags: name/app:latest
          ulimit: |
            nofile=1024:1024
            nproc=3
  cgroup-parent:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            image=moby/buildkit:master
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/cgroup.Dockerfile
          tags: name/app:latest
          cgroup-parent: foo
  add-hosts:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/addhost.Dockerfile
          tags: name/app:latest
          add-hosts: |
            docker:10.180.0.1
            foo:10.0.0.1
  build-contexts:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/buildcontext.Dockerfile
          build-contexts: |
            alpine=docker-image://debian:stable-slim
          tags: name/app:latest
  no-cache-filters:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/nocachefilter.Dockerfile
          no-cache-filters: build
          tags: name/app:latest
          cache-from: type=gha,scope=nocachefilter
          cache-to: type=gha,scope=nocachefilter,mode=max
  multi:
    runs-on: ubuntu-latest
@ -355,14 +443,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ matrix.buildx-version }}
          driver-opts: network=host
@ -390,10 +478,93 @@ jobs:
            echo "::error::Digest should not be empty"
            exit 1
          fi
  digest:
    runs-on: ubuntu-latest
    env:
      DOCKER_IMAGE: localhost:5000/name/app
    strategy:
      fail-fast: false
      matrix:
        driver:
          - docker
          - docker-container
        load:
          - true
          - false
        push:
          - true
          - false
        exclude:
          - driver: docker
            load: true
            push: true
          - driver: docker-container
            load: true
            push: true
          - driver: docker
            load: false
            push: false
          - driver: docker-container
            load: false
            push: false
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    steps:
      -
-        name: Dump context
+        name: Checkout
-        if: always()
+        uses: actions/checkout@v3
-        uses: crazy-max/ghaction-dump-context@v1
+      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
        with:
          driver: ${{ matrix.driver }}
          driver-opts: |
            network=host
      -
        name: Build
        id: docker_build
        uses: ./
        with:
          context: ./test
          load: ${{ matrix.load }}
          push: ${{ matrix.push }}
          tags: ${{ env.DOCKER_IMAGE }}:latest
          platforms: ${{ matrix.platforms }}
      -
        name: Docker images
        run: |
          docker image ls --no-trunc
      -
        name: Check digest
        if: ${{ matrix.push }}
        run: |
          if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
            echo "::error::Digest should not be empty"
            exit 1
          fi
      -
        name: Check manifest
        if: ${{ matrix.push }}
        run: |
          set -x
          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}@${{ steps.docker_build.outputs.digest }} --format '{{json .}}'
      -
        name: Check image ID
        run: |
          if [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then
            echo "::error::Image ID should not be empty"
            exit 1
          fi
      -
        name: Inspect image
        if: ${{ matrix.load }}
        run: |
          set -x
          docker image inspect ${{ steps.docker_build.outputs.imageid }}
  registry-cache:
    runs-on: ubuntu-latest
@ -405,14 +576,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            network=host
@ -480,10 +651,6 @@ jobs:
            echo "::error::Digests should be identical"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  local-cache-first:
    runs-on: ubuntu-latest
@ -497,20 +664,20 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            network=host
      -
        name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-local-${{ github.sha }}
@ -546,10 +713,6 @@ jobs:
            echo "::error::Digest should not be empty"
            exit 1
          fi
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  local-cache-hit:
    runs-on: ubuntu-latest
@ -562,20 +725,20 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: |
            network=host
      -
        name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        id: cache
        with:
          path: /tmp/.buildx-cache
@ -619,10 +782,6 @@ jobs:
      -
        name: Cache hit
        run: echo ${{ steps.cache.outputs.cache-hit }}
      -
        name: Dump context
        if: always()
        uses: crazy-max/ghaction-dump-context@v1
  github-cache:
    runs-on: ubuntu-latest
@ -640,13 +799,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          version: ${{ matrix.buildx_version }}
          driver-opts: |
@ -669,7 +828,23 @@ jobs:
        name: Inspect
        run: |
          docker buildx imagetools inspect localhost:5000/name/app:1.0.0
  standalone:
    runs-on: ubuntu-latest
    steps:
      -
-        name: Dump context
+        name: Checkout
-        if: always()
+        uses: actions/checkout@v3
-        uses: crazy-max/ghaction-dump-context@v1
+      -
        name: Uninstall moby cli
        run: |
          sudo apt-get purge -y moby-cli moby-buildx
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build
        uses: ./
        with:
          context: ./test
          file: ./test/Dockerfile
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -3,10 +3,10 @@ name: e2e
 on:
  workflow_dispatch:
  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
  push:
    branches:
-      - master
+      - 'master'
    tags:
      - v*
@ -52,26 +52,31 @@ jobs:
            slug: gcr.io/sandbox-298914/test-docker-action
            username_secret: GCR_USERNAME
            password_secret: GCR_JSON_KEY
          -
            registry: officialgithubactions.azurecr.io
            slug: officialgithubactions.azurecr.io/test-docker-action
            username_secret: AZURE_CLIENT_ID
            password_secret: AZURE_CLIENT_SECRET
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          images: ${{ matrix.slug }}
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to Registry
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          registry: ${{ matrix.registry }}
          username: ${{ secrets[matrix.username_secret] }}
--- a/.github/workflows/example.yml
+++ b/.github/workflows/example.yml
@ -1,9 +1,9 @@
-# This workflow is provided just as an usage example and not for repo testing/verification
+# This workflow is provided just as an example and not for repo testing/verification
 name: example
 on:
  schedule:
-    - cron: '0 10 * * 0' # everyday sunday at 10am
+    - cron: '0 10 * * 0'
  push:
    branches:
      - '**'
@ -25,11 +25,11 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          images: ${{ env.DOCKER_IMAGE }}
          tags: |
@ -42,7 +42,7 @@ jobs:
            type=sha
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: network=host
      -
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -14,19 +14,19 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Validate
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
        with:
          targets: validate
      -
        name: Test
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
        with:
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v3
        with:
          file: ./coverage/clover.xml
--- a/.github/workflows/virtual-env.yml
+++ b/.github/workflows/virtual-env.yml
@ -3,7 +3,17 @@ name: virtual-env
 on:
  workflow_dispatch:
  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
  push:
    branches:
      - 'master'
    paths:
      - '.github/workflows/virtual-env.yml'
  pull_request:
    branches:
      - 'master'
    paths:
      - '.github/workflows/virtual-env.yml'
 jobs:
  os:
@ -13,25 +23,49 @@ jobs:
      matrix:
        os:
          - ubuntu-latest
          - ubuntu-22.04
          - ubuntu-20.04
          - ubuntu-18.04
          - ubuntu-16.04
    steps:
      -
        name: File system
        run: df -ah
      -
        name: Mounts
        run: mount
      -
        name: Node info
        run: node -p process
      -
        name: NPM version
        run: npm version
      -
        name: List install packages
        run: apt list --installed
      -
        name: Docker daemon conf
        run: |
          cat /etc/docker/daemon.json
      -
        name: Docker info
        run: docker info
      -
        name: Docker version
        run: docker version
      -
        name: Cgroups
        run: |
          sudo apt-get install -y cgroup-tools
          lscgroup
      -
        name: buildx version
        run: docker buildx version
      -
        name: containerd version
        run: containerd --version
      -
        name: Docker images
        run: docker image ls
      -
        name: Dump context
        if: always()
--- a/README.md
+++ b/README.md
@ -4,15 +4,6 @@
 [![Test workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)
 ## Upgrade from v1
 `v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
 also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
 of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
 [Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
 `v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
 ## About
 GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
@ -36,6 +27,7 @@ ___
  * [Local registry](docs/advanced/local-registry.md)
  * [Export image to Docker](docs/advanced/export-docker.md)
  * [Share built image between jobs](docs/advanced/share-image-jobs.md)
  * [Test your image before pushing it](docs/advanced/test-before-push.md)
  * [Handle tags and labels](docs/advanced/tags-labels.md)
  * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
 * [Customizing](#customizing)
@ -46,17 +38,7 @@ ___
 ## Usage
-By default, this action uses the [Git context](#git-context) so you don't need to use the
+In the examples below we are also using 3 other actions:
 [`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
 done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
 and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
 Be careful because **any file mutation in the steps that precede the build step will be ignored, including processing of the `.dockerignore` file** since
 the context is based on the git reference. However, you can use the [Path context](#path-context) using the
 [`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
 this restriction.
 In the examples below we are using 3 other actions:
 * [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by 
 default the `docker-container` [builder driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
@ -67,13 +49,20 @@ to add emulation support with QEMU to be able to build against more platforms.
 ### Git context
 By default, this action uses the [Git context](#git-context) so you don't need
 to use the [`actions/checkout`](https://github.com/actions/checkout/) action to
 check out the repository because this will be done directly by [BuildKit](https://github.com/moby/buildkit).
 The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
 and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
 ```yaml
 name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -81,34 +70,55 @@ jobs:
    steps:
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        id: docker_build
+        uses: docker/build-push-action@v3
        uses: docker/build-push-action@v2
        with:
          push: true
          tags: user/app:latest
 ```
-Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+Be careful because **any file mutation in the steps that precede the build step
-so it does not need to be passed. If you want to authenticate against another private repository, you have to use
+will be ignored, including processing of the `.dockerignore` file** since
-a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+the context is based on the Git reference. However, you can use the
 [Path context](#path-context) using the [`context` input](#inputs) alongside
 the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
 this restriction.
 Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
 expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
 to the default Git context:
 ```yaml
      -
        name: Build and push
-        id: docker_build
+        uses: docker/build-push-action@v3
-        uses: docker/build-push-action@v2
+        with:
          context: "{{defaultContext}}:mysubdir"
          push: true
          tags: user/app:latest
 ```
 > :warning: Subdirectory for Git context is not yet available for the buildx [`docker` driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
 Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
 so it does not need to be passed. If you want to authenticate against another
 private repository, you have to use a [secret](docs/advanced/secrets.md) named
 `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
 ```yaml
      -
        name: Build and push
        uses: docker/build-push-action@v3
        with:
          push: true
          tags: user/app:latest
@ -124,7 +134,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -132,22 +142,22 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
@ -165,6 +175,7 @@ jobs:
 * [Local registry](docs/advanced/local-registry.md)
 * [Export image to Docker](docs/advanced/export-docker.md)
 * [Share built image between jobs](docs/advanced/share-image-jobs.md)
 * [Test your image before pushing it](docs/advanced/test-before-push.md)
 * [Handle tags and labels](docs/advanced/tags-labels.md)
 * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
@ -186,37 +197,45 @@ Following inputs can be used as `step.with` keys
 > tags: name/app:latest,name/app:1.0.0
 > ```
-| Name                | Type     | Description                        |
+| Name               | Type     | Description                                                                                                                                                                        |
-|---------------------|----------|------------------------------------|
+|--------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `allow`             | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) |
+| `add-hosts`        | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`)       |
-| `builder`           | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
+| `allow`            | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`)                 |
-| `build-args`        | List     | List of build-time variables |
+| `builder`          | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                                        |
-| `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) |
+| `build-args`       | List     | List of [build-time variables](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#build-arg)                                                              |
-| `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) |
+| `build-contexts`   | List     | List of additional [build contexts](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#build-context) (e.g., `name=path`)                                 |
-| `context`           | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
+| `cache-from`       | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`)                      |
-| `file`              | String   | Path to the Dockerfile. (default `{context}/Dockerfile`) |
+| `cache-to`         | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`)                    |
-| `labels`            | List     | List of metadata for an image |
+| `cgroup-parent`    | String   | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build               |
-| `load`              | Bool     | [Load](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#load) is a shorthand for `--output=type=docker` (default `false`) |
+| `context`          | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context))  |
-| `network`           | String   | Set the networking mode for the `RUN` instructions during build |
+| `file`             | String   | Path to the Dockerfile. (default `{context}/Dockerfile`)                                                                                                                           |
-| `no-cache`          | Bool     | Do not use cache when building the image (default `false`) |
+| `labels`           | List     | List of metadata for an image                                                                                                                                                      |
-| `outputs`           | List     | List of [output destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#output) (format: `type=local,dest=path`) |
+| `load`             | Bool     | [Load](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#load) is a shorthand for `--output=type=docker` (default `false`)                               |
-| `platforms`         | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build |
+| `network`          | String   | Set the networking mode for the `RUN` instructions during build                                                                                                                    |
-| `pull`              | Bool     | Always attempt to pull a newer version of the image (default `false`) |
+| `no-cache`         | Bool     | Do not use cache when building the image (default `false`)                                                                                                                         |
-| `push`              | Bool     | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) |
+| `no-cache-filters` | List/CSV | Do not cache specified stages                                                                                                                                                      |
-| `secrets`           | List     | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
+| `outputs`          | List     | List of [output destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#output) (format: `type=local,dest=path`)                                 |
-| `secret-files`      | List     | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) |
+| `platforms`        | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build                                                         |
-| `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
+| `pull`             | Bool     | Always attempt to pull all referenced images (default `false`)                                                                                                                     |
-| `tags`              | List/CSV | List of tags |
+| `push`             | Bool     | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`)                             |
-| `target`            | String   | Sets the target stage to build |
+| `secrets`          | List     | List of [secrets](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`)        |
 | `secret-files`     | List     | List of [secret files](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
 | `shm-size`         | String   | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`)                                          |
 | `ssh`              | List     | List of [SSH agent socket or keys](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#ssh) to expose to the build                                         |
 | `tags`             | List/CSV | List of tags                                                                                                                                                                       |
 | `target`           | String   | Sets the target stage to build                                                                                                                                                     |
 | `ulimit`           | List     | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`)                                     |
 | `github-token`     | String   | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                             |
 ### outputs
 Following outputs are available
-| Name              | Type    | Description                           |
+| Name       | Type    | Description                             |
-|-------------------|---------|---------------------------------------|
+|------------|---------|-----------------------------------------|
-| `digest`          | String  | Image content-addressable identifier also called a digest |
+| `imageid`  | String  | Image ID                                |
-| `metadata`        | JSON    | Build result metadata |
+| `digest`   | String  | Image digest                            |
 | `metadata` | JSON    | Build result metadata                   |
 ## Troubleshooting
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@ -44,21 +44,21 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          buildkitd-flags: --debug
      -
        name: Set up containerd
-        uses: crazy-max/ghaction-setup-containerd@v1
+        uses: crazy-max/ghaction-setup-containerd@v2
      -
        name: Build Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64,linux/arm64
@ -100,18 +100,36 @@ or a cache reference:
 ```
 To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
-to generate sanitized tags, or a dedicated step to sanitize the slug:
+to generate sanitized tags:
 ```yaml
 - name: Docker meta
  id: meta
  uses: docker/metadata-action@v4
  with:
    images: ghcr.io/${{ github.repository }}
    tags: latest
 - name: Build and push
  uses: docker/build-push-action@v3
  with:
    context: .
    push: true
    tags: ${{ steps.meta.outputs.tags }}
 ```
 Or a dedicated step to sanitize the slug:
 ```yaml
 - name: Sanitize repo slug
-  uses: actions/github-script@v4
+  uses: actions/github-script@v6
  id: repo_slug
  with:
    result-encoding: string
-    script: return `ghcr.io/${github.repository.toLowerCase()}`
+    script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()
 - name: Build and push
-  uses: docker/build-push-action@v2
+  uses: docker/build-push-action@v3
  with:
    context: .
    push: true
--- a/UPGRADE.md
+++ b/UPGRADE.md
@ -1,133 +0,0 @@
 # Upgrade notes
 ## v1 to v2
 * Input `path` is now called `context` for consistency with other Docker build tools
 * `path` defaults to current git repository so checkout action is not required in a workflow
 * Rename `dockerfile` input to `file` for consistency with other Docker build tools
 * Rename `always_pull` input to `pull` for consistency with other Docker build tools
 * Add `builder` input to be able to choose a builder instance through our [setup-buildx action](https://github.com/docker/setup-buildx-action)
 * Add `platforms` input to support multi-platform builds
 * Add `allow` input
 * Add `load` input
 * Add `outputs` input
 * Add `cache-from` input (`cache_froms` removed)
 * Add `cache-to` input
 * Rename `build_args` input to `build-args` for consistency with other Docker build tools
 * Add `secrets` input
 * Review `tags` input
 * Remove `repository` input. See [Simple workflow](#simple-workflow) for migration
 * Remove `username`, `password` and `registry` inputs. Login support moved to [docker/login-action](https://github.com/docker/login-action) repo
 * Remove `tag_with_sha`, `tag_with_ref`, `add_git_labels` inputs. See [Tags with ref and Git labels](#tags-with-ref-and-git-labels) for migration
 * Handle Git context
 * Add `digest` output
 ### Simple workflow
 ```yaml
 # v1
 steps:
  -
    name: Checkout code
    uses: actions/checkout@v2
  -
    name: Build and push Docker images
    uses: docker/build-push-action@v1
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
      repository: myorg/myrepository
      always_pull: true
      build_args: arg1=value1,arg2=value2
      cache_froms: myorg/myrepository:latest
      tags: latest
 ```
 ```yaml
 # v2
 steps:
  -
    name: Checkout code
    uses: actions/checkout@v2
  -
    name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v1
  -
    name: Login to DockerHub
    uses: docker/login-action@v1
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
  -
    name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      pull: true
      push: true
      build-args: |
        arg1=value1
        arg2=value2
      cache-from: type=registry,ref=myorg/myrepository:latest
      cache-to: type=inline
      tags: myorg/myrepository:latest
 ```
 ### Tags with ref and Git labels
 ```yaml
 # v1
 steps:
  -
    name: Checkout code
    uses: actions/checkout@v2
  -
    name: Build and push Docker images
    uses: docker/build-push-action@v1
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
      repository: myorg/myrepository
      push: ${{ github.event_name != 'pull_request' }}
      tag_with_ref: true
      tag_with_sha: true
      add_git_labels: true
 ```
 ```yaml
 # v2
 steps:
  -
    name: Checkout
    uses: actions/checkout@v2
  -
    name: Docker meta
    id: meta
    uses: docker/metadata-action@v3
    with:
      images: |
        myorg/myrepository
      tags: |
        type=ref,event=branch
        type=ref,event=pr
        type=semver,pattern={{version}}
        type=sha
  -
    name: Set up Docker Buildx
    uses: docker/setup-buildx-action@v1
  -
    name: Login to DockerHub
    if: github.event_name != 'pull_request'
    uses: docker/login-action@v1 
    with:
      username: ${{ secrets.DOCKER_USERNAME }}
      password: ${{ secrets.DOCKER_PASSWORD }}
  -
    name: Build and push
    uses: docker/build-push-action@v2
    with:
      context: .
      push: ${{ github.event_name != 'pull_request' }}
      tags: ${{ steps.meta.outputs.tags }}
      labels: ${{ steps.meta.outputs.labels }}
 ```
--- a/tests/buildx.test.ts
+++ b/tests/buildx.test.ts
@ -1,13 +1,13 @@
 import {describe, expect, it, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as semver from 'semver';
 import * as exec from '@actions/exec';
 import * as buildx from '../src/buildx';
 import * as context from '../src/context';
 const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
-const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
+const imageID = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
 const metadata = `{
  "containerimage.config.digest": "sha256:059b68a595b22564a1cbc167af369349fdc2ecc1f7bc092c2235cbf601a795fd",
  "containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
@ -28,115 +28,72 @@ jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
 describe('getImageID', () => {
  it('matches', async () => {
    const imageIDFile = await buildx.getImageIDFile();
-    console.log(`imageIDFile: ${imageIDFile}`);
+    await fs.writeFileSync(imageIDFile, imageID);
-    await fs.writeFileSync(imageIDFile, digest);
+    const expected = await buildx.getImageID();
-    const imageID = await buildx.getImageID();
+    expect(expected).toEqual(imageID);
    console.log(`imageID: ${imageID}`);
    expect(imageID).toEqual(digest);
  });
 });
 describe('getMetadata', () => {
  it('matches', async () => {
    const metadataFile = await buildx.getMetadataFile();
    console.log(`metadataFile: ${metadataFile}`);
    await fs.writeFileSync(metadataFile, metadata);
    const expected = await buildx.getMetadata();
    console.log(`metadata: ${expected}`);
    expect(expected).toEqual(metadata);
  });
 });
 describe('getDigest', () => {
  it('matches', async () => {
    const metadataFile = await buildx.getMetadataFile();
    await fs.writeFileSync(metadataFile, metadata);
    const expected = await buildx.getDigest(metadata);
    expect(expected).toEqual('sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c');
  });
 });
 describe('isLocalOrTarExporter', () => {
  // prettier-ignore
  test.each([
-    [
+    [['type=registry,ref=user/app'], false],
-      [
+    [['type=docker'], false],
-        'type=registry,ref=user/app',
+    [['type=local,dest=./release-out'], true],
-      ],
+    [['type=tar,dest=/tmp/image.tar'], true],
-      false
+    [['type=docker', 'type=tar,dest=/tmp/image.tar'], true],
-    ],
+    [['"type=tar","dest=/tmp/image.tar"'], true],
-    [
+    [['" type= local" , dest=./release-out'], true],
-      [
+    [['.'], true]
-        'type=docker',
+  ])('given %p returns %p', async (outputs: Array<string>, expected: boolean) => {
-      ],
+    expect(buildx.isLocalOrTarExporter(outputs)).toEqual(expected);
-      false
+  });
    ],
    [
      [
        'type=local,dest=./release-out'
      ],
      true
    ],
    [
      [
        'type=tar,dest=/tmp/image.tar'
      ],
      true
    ],
    [
      [
        'type=docker',
        'type=tar,dest=/tmp/image.tar'
      ],
      true
    ],
    [
      [
        '"type=tar","dest=/tmp/image.tar"'
      ],
      true
    ],
    [
      [
        '" type= local" , dest=./release-out'
      ],
      true
    ],
    [
      [
        '.'
      ],
      true
    ],
  ])(
    'given %p returns %p',
    async (outputs: Array<string>, expected: boolean) => {
      expect(buildx.isLocalOrTarExporter(outputs)).toEqual(expected);
    }
  );
 });
 describe('isAvailable', () => {
-  const execSpy: jest.SpyInstance = jest.spyOn(exec, 'getExecOutput');
+  const execSpy = jest.spyOn(exec, 'getExecOutput');
  buildx.isAvailable();
  // eslint-disable-next-line jest/no-standalone-expect
  expect(execSpy).toHaveBeenCalledWith(`docker`, ['buildx'], {
    silent: true,
    ignoreReturnCode: true
  });
 });
 describe('isAvailable standalone', () => {
  const execSpy = jest.spyOn(exec, 'getExecOutput');
  buildx.isAvailable(true);
  // eslint-disable-next-line jest/no-standalone-expect
  expect(execSpy).toHaveBeenCalledWith(`buildx`, [], {
    silent: true,
    ignoreReturnCode: true
  });
 });
 describe('getVersion', () => {
-  async function isDaemonRunning() {
+  it('valid', async () => {
-    return await exec
+    const version = await buildx.getVersion();
-      .getExecOutput(`docker`, ['version', '--format', '{{.Server.Os}}'], {
+    expect(semver.valid(version)).not.toBeNull();
-        ignoreReturnCode: true,
+  });
        silent: true
      })
      .then(res => {
        return !res.stdout.includes(' ') && res.exitCode == 0;
      });
  }
  (isDaemonRunning() ? it : it.skip)(
    'valid',
    async () => {
      const version = await buildx.getVersion();
      console.log(`version: ${version}`);
      expect(semver.valid(version)).not.toBeNull();
    },
    100000
  );
 });
 describe('parseVersion', () => {
@ -179,12 +136,11 @@ describe('getSecret', () => {
        secret = await buildx.getSecretString(kvp);
      }
      expect(true).toBe(!invalid);
      console.log(`secret: ${secret}`);
      expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
      const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
      console.log(`secretValue: ${secretValue}`);
      expect(secretValue).toEqual(exValue);
    } catch (err) {
      // eslint-disable-next-line jest/no-conditional-expect
      expect(true).toBe(invalid);
    }
  });
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -1,3 +1,4 @@
 import {beforeEach, describe, expect, it, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
@ -140,32 +141,32 @@ describe('getArgs', () => {
  // prettier-ignore
  test.each([
    [
      0,
      '0.4.1',
      new Map<string, string>([
        ['context', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '.'
      ]
    ],
    [
      1,
      '0.4.2',
      new Map<string, string>([
        ['build-args', 'MY_ARG=val1,val2,val3\nARG=val'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--build-arg', 'MY_ARG=val1,val2,val3',
        '--build-arg', 'ARG=val',
@ -174,24 +175,25 @@ describe('getArgs', () => {
      ]
    ],
    [
      2,
      '0.4.2',
      new Map<string, string>([
        ['tags', 'name/app:7.4, name/app:latest'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--tag', 'name/app:7.4',
        '--tag', 'name/app:latest',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
      ]
    ],
    [
      3,
      '0.4.2',
      new Map<string, string>([
        ['context', '.'],
@ -200,10 +202,9 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--label', 'org.opencontainers.image.title=buildkit',
        '--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
@ -212,6 +213,7 @@ describe('getArgs', () => {
      ]
    ],
    [
      4,
      '0.4.1',
      new Map<string, string>([
        ['context', '.'],
@ -219,32 +221,32 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--platform', 'linux/amd64,linux/arm64',
        '.'
      ]
    ],
    [
      5,
      '0.4.1',
      new Map<string, string>([
        ['context', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '.'
      ]
    ],
    [
      6,
      '0.4.2',
      new Map<string, string>([
        ['context', '.'],
@ -252,10 +254,9 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
@ -263,6 +264,7 @@ describe('getArgs', () => {
      ]
    ],
    [
      7,
      '0.4.2',
      new Map<string, string>([
        ['github-token', 'abcdefghijklmno0123456789'],
@ -270,10 +272,9 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--output', '.',
        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
@ -281,6 +282,7 @@ describe('getArgs', () => {
      ]
    ],
    [
      8,
      '0.4.2',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -292,21 +294,21 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--platform', 'linux/amd64,linux/arm64',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--platform', 'linux/amd64,linux/arm64',
        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
      9,
      '0.4.2',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -326,24 +328,24 @@ ccc"`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
-        '--platform', 'linux/amd64,linux/arm64',
+        '--file', './test/Dockerfile',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--platform', 'linux/amd64,linux/arm64',
        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
      10,
      '0.4.2',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -363,24 +365,24 @@ ccc`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
-        '--platform', 'linux/amd64,linux/arm64',
+        '--file', './test/Dockerfile',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--platform', 'linux/amd64,linux/arm64',
        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
      11,
      '0.5.1',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -392,14 +394,13 @@ ccc`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--file', './test/Dockerfile',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
        '--builder', 'builder-git-context-2',
        '--network', 'host',
        '--push',
@ -407,6 +408,7 @@ ccc`],
      ]
    ],
    [
      12,
      '0.4.2',
      new Map<string, string>([
        ['context', '.'],
@ -415,10 +417,9 @@ ccc`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--label', 'org.opencontainers.image.title=filter_results_top_n',
        '--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
@ -427,39 +428,87 @@ ccc`],
      ]
    ],
    [
      13,
      '0.6.0',
      new Map<string, string>([
        ['context', '.'],
        ['tag', 'localhost:5000/name/app:latest'],
        ['file', './test/Dockerfile'],
        ['add-hosts', 'docker:10.180.0.1,foo:10.0.0.1'],
        ['network', 'host'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
        'buildx',
        'build',
        '--add-host', 'docker:10.180.0.1',
        '--add-host', 'foo:10.0.0.1',
        '--file', './test/Dockerfile',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
        '--file', './test/Dockerfile',
        '--network', 'host',
        '--push',
        '.'
      ]
    ],
    [
      14,
      '0.7.0',
      new Map<string, string>([
        ['context', '.'],
        ['file', './test/Dockerfile'],
        ['add-hosts', 'docker:10.180.0.1\nfoo:10.0.0.1'],
        ['cgroup-parent', 'foo'],
        ['shm-size', '2g'],
        ['ulimit', `nofile=1024:1024
 nproc=3`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
      ]),
      [
        'build',
        '--add-host', 'docker:10.180.0.1',
        '--add-host', 'foo:10.0.0.1',
        '--cgroup-parent', 'foo',
        '--file', './test/Dockerfile',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--shm-size', '2g',
        '--ulimit', 'nofile=1024:1024',
        '--ulimit', 'nproc=3',
        '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
        '.'
      ]
    ],
    [
      15,
      '0.7.0',
      new Map<string, string>([
        ['context', '{{defaultContext}}:docker'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
        ['pull', 'false'],
      ]),
      [
        'build',
        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
        '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
        'https://github.com/docker/build-push-action.git#refs/heads/test-jest:docker'
      ]
    ],
  ])(
-    'given %p with %p as inputs, returns %p',
+    '[%d] given %p with %p as inputs, returns %p',
-    async (buildxVersion: string, inputs: Map<string, any>, expected: Array<string>) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
-      await inputs.forEach((value: string, name: string) => {
+      inputs.forEach((value: string, name: string) => {
        setInput(name, value);
      });
      const defContext = context.defaultContext();
      const inp = await context.getInputs(defContext);
      console.log(inp);
      const res = await context.getArgs(inp, defContext, buildxVersion);
      console.log(res);
      expect(res).toEqual(expected);
    }
  );
@ -469,63 +518,54 @@ describe('getInputList', () => {
  it('single line correctly', async () => {
    await setInput('foo', 'bar');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar']);
  });
  it('multiline correctly', async () => {
    setInput('foo', 'bar\nbaz');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar', 'baz']);
  });
  it('empty lines correctly', async () => {
    setInput('foo', 'bar\n\nbaz');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar', 'baz']);
  });
  it('comma correctly', async () => {
    setInput('foo', 'bar,baz');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar', 'baz']);
  });
  it('empty result correctly', async () => {
    setInput('foo', 'bar,baz,');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar', 'baz']);
  });
  it('different new lines correctly', async () => {
    setInput('foo', 'bar\r\nbaz');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar', 'baz']);
  });
  it('different new lines and comma correctly', async () => {
    setInput('foo', 'bar\r\nbaz,bat');
    const res = await context.getInputList('foo');
    console.log(res);
    expect(res).toEqual(['bar', 'baz', 'bat']);
  });
  it('multiline and ignoring comma correctly', async () => {
    setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
    const res = await context.getInputList('cache-from', true);
    console.log(res);
    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
  });
  it('different new lines and ignoring comma correctly', async () => {
    setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
    const res = await context.getInputList('cache-from', true);
    console.log(res);
    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
  });
@ -539,7 +579,6 @@ ccccccccc"
 FOO=bar`
    );
    const res = await context.getInputList('secrets', true);
    console.log(res);
    expect(res).toEqual([
      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
      `MYSECRET=aaaaaaaa
@ -563,7 +602,6 @@ bbbb
 ccc"`
    );
    const res = await context.getInputList('secrets', true);
    console.log(res);
    expect(res).toEqual([
      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
      `MYSECRET=aaaaaaaa
@ -587,7 +625,6 @@ ccccccccc
 FOO=bar`
    );
    const res = await context.getInputList('secrets', true);
    console.log(res);
    expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']);
  });
@ -598,7 +635,6 @@ FOO=bar`
 FOO=bar`
    );
    const res = await context.getInputList('secrets', true);
    console.log(res);
    expect(res).toEqual([`GPG_KEY=${pgp}`, 'FOO=bar']);
  });
@ -612,11 +648,10 @@ ccccccccc"
 FOO=bar`
    );
    const res = await context.getInputList('secrets', true);
    console.log(res);
    expect(res).toEqual([
      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
      `MYSECRET=aaaaaaaa
-bbbb\"bbb
+bbbb"bbb
 ccccccccc`,
      'FOO=bar'
    ]);
@ -638,19 +673,22 @@ describe('asyncForEach', () => {
 describe('setOutput', () => {
  beforeEach(() => {
-    process.stdout.write = jest.fn();
+    process.stdout.write = jest.fn() as typeof process.stdout.write;
  });
  // eslint-disable-next-line jest/expect-expect
  it('setOutput produces the correct command', () => {
    context.setOutput('some output', 'some value');
    assertWriteCalls([`::set-output name=some output::some value${os.EOL}`]);
  });
  // eslint-disable-next-line jest/expect-expect
  it('setOutput handles bools', () => {
    context.setOutput('some output', false);
    assertWriteCalls([`::set-output name=some output::false${os.EOL}`]);
  });
  // eslint-disable-next-line jest/expect-expect
  it('setOutput handles numbers', () => {
    context.setOutput('some output', 1.01);
    assertWriteCalls([`::set-output name=some output::1.01${os.EOL}`]);
--- a/tests/docker.test.ts
+++ b/tests/docker.test.ts
@ -0,0 +1,16 @@
 import {describe, expect, it, jest} from '@jest/globals';
 import * as docker from '../src/docker';
 import * as exec from '@actions/exec';
 describe('isAvailable', () => {
  it('cli', () => {
    const execSpy = jest.spyOn(exec, 'getExecOutput');
    docker.isAvailable();
    // eslint-disable-next-line jest/no-standalone-expect
    expect(execSpy).toHaveBeenCalledWith(`docker`, undefined, {
      silent: true,
      ignoreReturnCode: true
    });
  });
 });
--- a/action.yml
+++ b/action.yml
@ -7,20 +7,29 @@ branding:
  color: 'blue'
 inputs:
  add-hosts:
    description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
    required: false
  allow:
-    description: "List of extra privileged entitlement (eg. network.host,security.insecure)"
+    description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
    required: false
  build-args:
    description: "List of build-time variables"
    required: false
  build-contexts:
    description: "List of additional build contexts (e.g., name=path)"
    required: false
  builder:
    description: "Builder instance"
    required: false
  cache-from:
-    description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)"
+    description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
    required: false
  cache-to:
-    description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
+    description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
    required: false
  cgroup-parent:
    description: "Optional parent cgroup for the container used in the build"
    required: false
  context:
    description: "Build's context is the set of files located in the specified PATH or URL"
@ -42,6 +51,9 @@ inputs:
    description: "Do not use cache when building the image"
    required: false
    default: 'false'
  no-cache-filters:
    description: "Do not cache specified stages"
    required: false
  outputs:
    description: "List of output destinations (format: type=local,dest=path)"
    required: false
@ -49,7 +61,7 @@ inputs:
    description: "List of target platforms for build"
    required: false
  pull:
-    description: "Always attempt to pull a newer version of the image"
+    description: "Always attempt to pull all referenced images"
    required: false
    default: 'false'
  push:
@ -57,10 +69,13 @@ inputs:
    required: false
    default: 'false'
  secrets:
-    description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)"
+    description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
    required: false
  secret-files:
-    description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)"
+    description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
    required: false
  shm-size:
    description: "Size of /dev/shm (e.g., 2g)"
    required: false
  ssh:
    description: "List of SSH agent socket or keys to expose to the build"
@ -71,18 +86,23 @@ inputs:
  target:
    description: "Sets the target stage to build"
    required: false
  ulimit:
    description: "Ulimit options (e.g., nofile=1024:1024)"
    required: false
  github-token:
    description: "GitHub Token used to authenticate against a repository for Git context"
    default: ${{ github.token }}
    required: false
 outputs:
  imageid:
    description: 'Image ID'
  digest:
-    description: 'Image content-addressable identifier also called a digest'
+    description: 'Image digest'
  metadata:
    description: 'Build result metadata'
 runs:
-  using: 'node12'
+  using: 'node16'
  main: 'dist/index.js'
  post: 'dist/index.js'
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@ -0,0 +1,78 @@
 # syntax=docker/dockerfile:1.4
 ARG NODE_VERSION=16
 ARG DOCKER_VERSION=20.10.13
 ARG BUILDX_VERSION=0.8.0
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /vendor && cp yarn.lock /vendor
 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
 FROM deps AS vendor-validate
 RUN --mount=type=bind,target=.,rw <<EOT
 set -e
 git add -A
 cp -rf /vendor/* .
 if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
  git status --porcelain -- yarn.lock
  exit 1
 fi
 EOT
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/
 FROM scratch AS build-update
 COPY --from=build /out /
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw <<EOT
 set -e
 git add -A
 cp -rf /out/* .
 if [ -n "$(git status --porcelain -- dist)" ]; then
  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
  git status --porcelain -- dist
  exit 1
 fi
 EOT
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
 FROM scratch AS format-update
 COPY --from=format /out /
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run lint
 FROM docker:${DOCKER_VERSION} as docker
 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
 FROM deps AS test
 ENV RUNNER_TEMP=/tmp/github_runner
 ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
  yarn run test --coverageDirectory=/tmp/coverage
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/sourcemap-register.js
+++ b/dist/sourcemap-register.js
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,13 +1,3 @@
 variable "NODE_VERSION" {
  default = "12"
 }
 target "node-version" {
  args = {
    NODE_VERSION = NODE_VERSION
  }
 }
 group "default" {
  targets = ["build"]
 }
@ -17,51 +7,47 @@ group "pre-checkin" {
 }
 group "validate" {
-  targets = ["format-validate", "build-validate", "vendor-validate"]
+  targets = ["lint", "build-validate", "vendor-validate"]
 }
 target "build" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
  dockerfile = "./hack/build.Dockerfile"
  target = "build-update"
  output = ["."]
 }
 target "build-validate" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
  dockerfile = "./hack/build.Dockerfile"
  target = "build-validate"
  output = ["type=cacheonly"]
 }
 target "format" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
  dockerfile = "./hack/build.Dockerfile"
  target = "format-update"
  output = ["."]
 }
-target "format-validate" {
+target "lint" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
-  dockerfile = "./hack/build.Dockerfile"
+  target = "lint"
-  target = "format-validate"
+  output = ["type=cacheonly"]
 }
 target "vendor-update" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
-  dockerfile = "./hack/vendor.Dockerfile"
+  target = "vendor-update"
  target = "update"
  output = ["."]
 }
 target "vendor-validate" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
-  dockerfile = "./hack/vendor.Dockerfile"
+  target = "vendor-validate"
-  target = "validate"
+  output = ["type=cacheonly"]
 }
 target "test" {
-  inherits = ["node-version"]
+  dockerfile = "dev.Dockerfile"
  dockerfile = "./hack/test.Dockerfile"
  target = "test-coverage"
  output = ["./coverage"]
 }
--- a/docs/advanced/cache.md
+++ b/docs/advanced/cache.md
@ -10,7 +10,7 @@
 ## Inline cache
-In most case you want to use the [`type=inline` cache exporter](https://github.com/moby/buildkit#inline-push-image-and-cache-together).
+In most cases you want to use the [`type=inline` cache exporter](https://github.com/moby/buildkit#inline-push-image-and-cache-together).
 However, note that the `inline` cache exporter only supports `min` cache mode. To enable `max` cache mode, push the
 image and the cache separately by using the `registry` cache exporter as shown in the [next example](#registry-cache).
@ -20,7 +20,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -28,19 +28,19 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
@ -60,7 +60,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -68,19 +68,19 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
@ -110,7 +110,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -118,19 +118,19 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
@ -154,7 +154,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -162,13 +162,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
@ -176,13 +176,13 @@ jobs:
            ${{ runner.os }}-buildx-
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
--- a/docs/advanced/copy-between-registries.md
+++ b/docs/advanced/copy-between-registries.md
@ -12,7 +12,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -20,36 +20,36 @@ jobs:
    steps:
      - 
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      - # quay and ghcr logins for pushing image after testing
        name: Login to Quay Registry
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_TOKEN }}
      -
        name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64,linux/arm64
@ -62,7 +62,7 @@ jobs:
        run: make tests
      - # copy multiplatform image from dockerhub to quay and ghcr
        name: Push Image to multiple registries
-        uses: akhilerm/tag-push-action@v1.0.0
+        uses: akhilerm/tag-push-action@v2.0.0
        with:
          src: docker.io/user/app:1.0.0
          dst: |
--- a/docs/advanced/dockerhub-desc.md
+++ b/docs/advanced/dockerhub-desc.md
@ -10,7 +10,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -18,22 +18,22 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
--- a/docs/advanced/export-docker.md
+++ b/docs/advanced/export-docker.md
@ -9,7 +9,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -17,13 +17,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          load: true
--- a/docs/advanced/isolated-builders.md
+++ b/docs/advanced/isolated-builders.md
@ -6,7 +6,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -14,12 +14,12 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        id: builder1
      -
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        id: builder2
      -
        name: Builder 1 name
@ -29,14 +29,14 @@ jobs:
        run: echo ${{ steps.builder2.outputs.name }}
      -
        name: Build against builder1
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          builder: ${{ steps.builder1.outputs.name }}
          context: .
          target: mytarget1
      -
        name: Build against builder2
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          builder: ${{ steps.builder2.outputs.name }}
          context: .
--- a/docs/advanced/local-registry.md
+++ b/docs/advanced/local-registry.md
@ -8,7 +8,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -21,18 +21,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          driver-opts: network=host
      -
        name: Build and push to local registry
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
--- a/docs/advanced/multi-platform.md
+++ b/docs/advanced/multi-platform.md
@ -12,7 +12,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -20,22 +20,22 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64,linux/arm64
--- a/docs/advanced/push-multi-registries.md
+++ b/docs/advanced/push-multi-registries.md
@ -14,7 +14,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -22,29 +22,29 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GitHub Container Registry
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64,linux/arm64
--- a/docs/advanced/secrets.md
+++ b/docs/advanced/secrets.md
@ -22,7 +22,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -30,16 +30,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64,linux/arm64
--- a/docs/advanced/share-image-jobs.md
+++ b/docs/advanced/share-image-jobs.md
@ -11,7 +11,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  build:
@ -19,20 +19,20 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Build and export
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          tags: myimage:latest
          outputs: type=docker,dest=/tmp/myimage.tar
      -
        name: Upload artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
        with:
          name: myimage
          path: /tmp/myimage.tar
@ -43,10 +43,10 @@ jobs:
    steps:
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Download artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
        with:
          name: myimage
          path: /tmp
--- a/docs/advanced/tags-labels.md
+++ b/docs/advanced/tags-labels.md
@ -1,7 +1,6 @@
 # Handle tags and labels
-If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
+If you want an "automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
 "automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
 for labels, you can do it in a dedicated step. The following workflow will use the [Docker metadata action](https://github.com/docker/metadata-action)
 to handle tags and labels based on GitHub actions events and Git metadata.
@ -10,7 +9,7 @@ name: ci
 on:
  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
  push:
    branches:
      - '**'
@ -18,7 +17,7 @@ on:
      - 'v*.*.*'
  pull_request:
    branches:
-      - 'master'
+      - 'main'
 jobs:
  docker:
@ -26,11 +25,11 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          # list of Docker images to use as base name for tags
          images: |
@ -47,28 +46,28 @@ jobs:
            type=sha
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Login to GHCR
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
--- a/docs/advanced/test-before-push.md
+++ b/docs/advanced/test-before-push.md
@ -0,0 +1,64 @@
 # Test your image before pushing it
 In some cases, you might want to validate that the image works as expected
 before pushing it.
 The workflow below will be composed of several steps to achieve this:
 * Build and export the image to Docker
 * Test your image
 * Multi-platform build and push the image
 ```yaml
 name: ci
 on:
  push:
    branches:
      - 'main'
 env:
  TEST_TAG: user/myapp:test
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and export to Docker
        uses: docker/build-push-action@v3
        with:
          context: .
          load: true
          tags: ${{ env.TEST_TAG }}
      -
        name: Test
        run: |
          docker run --rm ${{ env.TEST_TAG }}
      -
        name: Build and push
        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: user/app:latest
 ```
 > :bulb: Build time will not be increased with this workflow because internal
 > cache for `linux/amd64` will be used from previous step on `Build and push`
 > step so only `linux/arm64` will be actually built.
--- a/hack/build.Dockerfile
+++ b/hack/build.Dockerfile
@ -1,42 +0,0 @@
 # syntax=docker/dockerfile:1.2
 ARG NODE_VERSION
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/
 FROM scratch AS build-update
 COPY --from=build /out /
 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw \
  git add -A && cp -rf /out/* .; \
  if [ -n "$(git status --porcelain -- dist)" ]; then \
    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \
    git status --porcelain -- dist; \
    exit 1; \
  fi
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
 FROM scratch AS format-update
 COPY --from=format /out /
 FROM deps AS format-validate
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn run format-check \
--- a/hack/test.Dockerfile
+++ b/hack/test.Dockerfile
@ -1,28 +0,0 @@
 # syntax=docker/dockerfile:1.2
 ARG NODE_VERSION
 ARG DOCKER_VERSION=20.10.7
 ARG BUILDX_VERSION=0.6.0
 FROM docker:${DOCKER_VERSION} as docker
 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache git
 WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install
 FROM deps AS test
 ENV RUNNER_TEMP=/tmp/github_runner
 ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
  yarn run test --coverageDirectory=/tmp/coverage
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
--- a/hack/vendor.Dockerfile
+++ b/hack/vendor.Dockerfile
@ -1,23 +0,0 @@
 # syntax=docker/dockerfile:1.2
 ARG NODE_VERSION
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache git
 WORKDIR /src
 FROM base AS vendored
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /out && cp yarn.lock /out
 FROM scratch AS update
 COPY --from=vendored /out /
 FROM vendored AS validate
 RUN --mount=type=bind,target=.,rw \
  git add -A && cp -rf /out/* .; \
  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \
    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \
    git status --porcelain -- yarn.lock; \
    exit 1; \
  fi
--- a/jest.config.ts
+++ b/jest.config.ts
@ -1,12 +1,13 @@
 module.exports = {
  clearMocks: false,
  moduleFileExtensions: ['js', 'ts'],
-  setupFiles: ["dotenv/config"],
+  setupFiles: ['dotenv/config'],
  testEnvironment: 'node',
  testMatch: ['**/*.test.ts'],
  testRunner: 'jest-circus/runner',
  transform: {
    '^.+\\.ts$': 'ts-jest'
  },
-  verbose: false
+  moduleNameMapper: {
-}
+    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
  },
  verbose: true
 };
--- a/package.json
+++ b/package.json
@ -3,11 +3,11 @@
  "description": "Build and push Docker images",
  "main": "lib/main.js",
  "scripts": {
-    "build": "tsc && ncc build",
+    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
-    "format": "prettier --write **/*.ts",
+    "lint": "eslint src/**/*.ts __tests__/**/*.ts",
-    "format-check": "prettier --check **/*.ts",
+    "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
    "test": "jest --coverage",
-    "pre-checkin": "yarn run format && yarn run build"
+    "all": "yarn run build && yarn run format && yarn test"
  },
  "repository": {
    "type": "git",
@ -28,26 +28,31 @@
  ],
  "license": "Apache-2.0",
  "dependencies": {
-    "@actions/core": "^1.5.0",
+    "@actions/core": "^1.9.0",
-    "@actions/exec": "^1.1.0",
+    "@actions/exec": "^1.1.1",
-    "@actions/github": "^5.0.0",
+    "@actions/github": "^5.0.3",
-    "csv-parse": "^4.16.0",
+    "csv-parse": "^5.3.0",
-    "semver": "^7.3.5",
+    "handlebars": "^4.7.7",
    "semver": "^7.3.7",
    "tmp": "^0.2.1"
  },
  "devDependencies": {
    "@types/csv-parse": "^1.2.2",
-    "@types/jest": "^26.0.23",
+    "@types/node": "^16.11.26",
-    "@types/node": "^14.17.4",
+    "@types/semver": "^7.3.9",
-    "@types/tmp": "^0.2.0",
+    "@types/tmp": "^0.2.3",
-    "@vercel/ncc": "^0.28.6",
+    "@typescript-eslint/eslint-plugin": "^5.14.0",
-    "dotenv": "^8.6.0",
+    "@typescript-eslint/parser": "^5.14.0",
-    "jest": "^26.6.3",
+    "@vercel/ncc": "^0.33.3",
-    "jest-circus": "^26.6.3",
+    "dotenv": "^16.0.0",
-    "jest-runtime": "^26.6.3",
+    "eslint": "^8.11.0",
    "eslint-config-prettier": "^8.5.0",
    "eslint-plugin-jest": "^26.1.1",
    "eslint-plugin-prettier": "^4.0.0",
    "jest": "^27.2.5",
    "prettier": "^2.3.1",
-    "ts-jest": "^26.5.6",
+    "ts-jest": "^27.1.2",
-    "typescript": "^4.3.4",
+    "ts-node": "^10.7.0",
-    "typescript-formatter": "^7.2.2"
+    "typescript": "^4.4.4"
  }
 }
--- a/src/buildx.ts
+++ b/src/buildx.ts
@ -1,4 +1,4 @@
-import csvparse from 'csv-parse/lib/sync';
+import {parse} from 'csv-parse/sync';
 import fs from 'fs';
 import path from 'path';
 import * as semver from 'semver';
@ -15,7 +15,7 @@ export async function getImageID(): Promise<string | undefined> {
  if (!fs.existsSync(iidFile)) {
    return undefined;
  }
-  return fs.readFileSync(iidFile, {encoding: 'utf-8'});
+  return fs.readFileSync(iidFile, {encoding: 'utf-8'}).trim();
 }
 export async function getMetadataFile(): Promise<string> {
@ -27,7 +27,22 @@ export async function getMetadata(): Promise<string | undefined> {
  if (!fs.existsSync(metadataFile)) {
    return undefined;
  }
-  return fs.readFileSync(metadataFile, {encoding: 'utf-8'});
+  const content = fs.readFileSync(metadataFile, {encoding: 'utf-8'}).trim();
  if (content === 'null') {
    return undefined;
  }
  return content;
 }
 export async function getDigest(metadata: string | undefined): Promise<string | undefined> {
  if (metadata === undefined) {
    return undefined;
  }
  const metadataJSON = JSON.parse(metadata);
  if (metadataJSON['containerimage.digest']) {
    return metadataJSON['containerimage.digest'];
  }
  return undefined;
 }
 export async function getSecretString(kvp: string): Promise<string> {
@ -61,19 +76,20 @@ export async function getSecret(kvp: string, file: boolean): Promise<string> {
  return `id=${key},src=${secretFile}`;
 }
-export function isLocalOrTarExporter(outputs: string[]): Boolean {
+export function isLocalOrTarExporter(outputs: string[]): boolean {
-  for (let output of csvparse(outputs.join(`\n`), {
+  const records = parse(outputs.join(`\n`), {
    delimiter: ',',
    trim: true,
    columns: false,
    relaxColumnCount: true
-  })) {
+  });
  for (const record of records) {
    // Local if no type is defined
    // https://github.com/docker/buildx/blob/d2bf42f8b4784d83fde17acb3ed84703ddc2156b/build/output.go#L29-L43
-    if (output.length == 1 && !output[0].startsWith('type=')) {
+    if (record.length == 1 && !record[0].startsWith('type=')) {
      return true;
    }
-    for (let [key, value] of output.map(chunk => chunk.split('=').map(item => item.trim()))) {
+    for (const [key, value] of record.map(chunk => chunk.split('=').map(item => item.trim()))) {
      if (key == 'type' && (value == 'local' || value == 'tar')) {
        return true;
      }
@ -82,8 +98,8 @@ export function isLocalOrTarExporter(outputs: string[]): Boolean {
  return false;
 }
-export function hasGitAuthToken(secrets: string[]): Boolean {
+export function hasGitAuthToken(secrets: string[]): boolean {
-  for (let secret of secrets) {
+  for (const secret of secrets) {
    if (secret.startsWith('GIT_AUTH_TOKEN=')) {
      return true;
    }
@ -91,9 +107,10 @@ export function hasGitAuthToken(secrets: string[]): Boolean {
  return false;
 }
-export async function isAvailable(): Promise<Boolean> {
+export async function isAvailable(standalone?: boolean): Promise<boolean> {
  const cmd = getCommand([], standalone);
  return await exec
-    .getExecOutput('docker', ['buildx'], {
+    .getExecOutput(cmd.command, cmd.args, {
      ignoreReturnCode: true,
      silent: true
    })
@ -102,12 +119,17 @@ export async function isAvailable(): Promise<Boolean> {
        return false;
      }
      return res.exitCode == 0;
    })
    // eslint-disable-next-line @typescript-eslint/no-unused-vars
    .catch(error => {
      return false;
    });
 }
-export async function getVersion(): Promise<string> {
+export async function getVersion(standalone?: boolean): Promise<string> {
  const cmd = getCommand(['version'], standalone);
  return await exec
-    .getExecOutput('docker', ['buildx', 'version'], {
+    .getExecOutput(cmd.command, cmd.args, {
      ignoreReturnCode: true,
      silent: true
    })
@ -130,3 +152,10 @@ export function parseVersion(stdout: string): string {
 export function satisfies(version: string, range: string): boolean {
  return semver.satisfies(version, range) || /^[0-9a-f]{7}$/.exec(version) !== null;
 }
 export function getCommand(args: Array<string>, standalone?: boolean) {
  return {
    command: standalone ? 'buildx' : 'docker',
    args: standalone ? args : ['buildx', ...args]
  };
 }
--- a/src/context.ts
+++ b/src/context.ts
@ -1,4 +1,4 @@
-import csvparse from 'csv-parse/lib/sync';
+import {parse} from 'csv-parse/sync';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as path from 'path';
@ -9,30 +9,37 @@ import {issueCommand} from '@actions/core/lib/command';
 import * as github from '@actions/github';
 import * as buildx from './buildx';
 import * as handlebars from 'handlebars';
 let _defaultContext, _tmpDir: string;
 export interface Inputs {
  addHosts: string[];
  allow: string[];
  buildArgs: string[];
  buildContexts: string[];
  builder: string;
  cacheFrom: string[];
  cacheTo: string[];
  cgroupParent: string;
  context: string;
  file: string;
  labels: string[];
  load: boolean;
  network: string;
  noCache: boolean;
  noCacheFilters: string[];
  outputs: string[];
  platforms: string[];
  pull: boolean;
  push: boolean;
  secrets: string[];
  secretFiles: string[];
  shmSize: string;
  ssh: string[];
  tags: string[];
  target: string;
  ulimit: string[];
  githubToken: string;
 }
@ -63,66 +70,60 @@ export function tmpNameSync(options?: tmp.TmpNameOptions): string {
 export async function getInputs(defaultContext: string): Promise<Inputs> {
  return {
    addHosts: await getInputList('add-hosts'),
    allow: await getInputList('allow'),
    buildArgs: await getInputList('build-args', true),
    buildContexts: await getInputList('build-contexts', true),
    builder: core.getInput('builder'),
    cacheFrom: await getInputList('cache-from', true),
    cacheTo: await getInputList('cache-to', true),
    cgroupParent: core.getInput('cgroup-parent'),
    context: core.getInput('context') || defaultContext,
    file: core.getInput('file'),
    labels: await getInputList('labels', true),
    load: core.getBooleanInput('load'),
    network: core.getInput('network'),
    noCache: core.getBooleanInput('no-cache'),
    noCacheFilters: await getInputList('no-cache-filters'),
    outputs: await getInputList('outputs', true),
    platforms: await getInputList('platforms'),
    pull: core.getBooleanInput('pull'),
    push: core.getBooleanInput('push'),
    secrets: await getInputList('secrets', true),
    secretFiles: await getInputList('secret-files', true),
    shmSize: core.getInput('shm-size'),
    ssh: await getInputList('ssh'),
    tags: await getInputList('tags'),
    target: core.getInput('target'),
    ulimit: await getInputList('ulimit', true),
    githubToken: core.getInput('github-token')
  };
 }
 export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = ['buildx'];
+  // prettier-ignore
-  args.push.apply(args, await getBuildArgs(inputs, defaultContext, buildxVersion));
+  return [
-  args.push.apply(args, await getCommonArgs(inputs));
+    ...await getBuildArgs(inputs, defaultContext, buildxVersion),
-  args.push(inputs.context);
+    ...await getCommonArgs(inputs, buildxVersion),
-  return args;
+    handlebars.compile(inputs.context)({defaultContext})
  ];
 }
 async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = ['build'];
+  const args: Array<string> = ['build'];
-  await asyncForEach(inputs.buildArgs, async buildArg => {
+  await asyncForEach(inputs.addHosts, async addHost => {
-    args.push('--build-arg', buildArg);
+    args.push('--add-host', addHost);
  });
  await asyncForEach(inputs.labels, async label => {
    args.push('--label', label);
  });
  await asyncForEach(inputs.tags, async tag => {
    args.push('--tag', tag);
  });
  if (inputs.target) {
    args.push('--target', inputs.target);
  }
  if (inputs.allow.length > 0) {
    args.push('--allow', inputs.allow.join(','));
  }
-  if (inputs.platforms.length > 0) {
+  await asyncForEach(inputs.buildArgs, async buildArg => {
-    args.push('--platform', inputs.platforms.join(','));
+    args.push('--build-arg', buildArg);
  }
  await asyncForEach(inputs.outputs, async output => {
    args.push('--output', output);
  });
-  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
+  if (buildx.satisfies(buildxVersion, '>=0.8.0')) {
-    args.push('--iidfile', await buildx.getImageIDFile());
+    await asyncForEach(inputs.buildContexts, async buildContext => {
-  }
+      args.push('--build-context', buildContext);
-  if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
+    });
    args.push('--metadata-file', await buildx.getMetadataFile());
  }
  await asyncForEach(inputs.cacheFrom, async cacheFrom => {
    args.push('--cache-from', cacheFrom);
@ -130,6 +131,27 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
  await asyncForEach(inputs.cacheTo, async cacheTo => {
    args.push('--cache-to', cacheTo);
  });
  if (inputs.cgroupParent) {
    args.push('--cgroup-parent', inputs.cgroupParent);
  }
  if (inputs.file) {
    args.push('--file', inputs.file);
  }
  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
    args.push('--iidfile', await buildx.getImageIDFile());
  }
  await asyncForEach(inputs.labels, async label => {
    args.push('--label', label);
  });
  await asyncForEach(inputs.noCacheFilters, async noCacheFilter => {
    args.push('--no-cache-filter', noCacheFilter);
  });
  await asyncForEach(inputs.outputs, async output => {
    args.push('--output', output);
  });
  if (inputs.platforms.length > 0) {
    args.push('--platform', inputs.platforms.join(','));
  }
  await asyncForEach(inputs.secrets, async secret => {
    try {
      args.push('--secret', await buildx.getSecretString(secret));
@ -147,32 +169,44 @@ async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersio
  if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
    args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
  }
  if (inputs.shmSize) {
    args.push('--shm-size', inputs.shmSize);
  }
  await asyncForEach(inputs.ssh, async ssh => {
    args.push('--ssh', ssh);
  });
-  if (inputs.file) {
+  await asyncForEach(inputs.tags, async tag => {
-    args.push('--file', inputs.file);
+    args.push('--tag', tag);
  });
  if (inputs.target) {
    args.push('--target', inputs.target);
  }
  await asyncForEach(inputs.ulimit, async ulimit => {
    args.push('--ulimit', ulimit);
  });
  return args;
 }
-async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
+async function getCommonArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = [];
+  const args: Array<string> = [];
  if (inputs.noCache) {
    args.push('--no-cache');
  }
  if (inputs.builder) {
    args.push('--builder', inputs.builder);
  }
  if (inputs.pull) {
    args.push('--pull');
  }
  if (inputs.load) {
    args.push('--load');
  }
  if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
    args.push('--metadata-file', await buildx.getMetadataFile());
  }
  if (inputs.network) {
    args.push('--network', inputs.network);
  }
  if (inputs.noCache) {
    args.push('--no-cache');
  }
  if (inputs.pull) {
    args.push('--pull');
  }
  if (inputs.push) {
    args.push('--push');
  }
@ -180,27 +214,29 @@ async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
 }
 export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
-  let res: Array<string> = [];
+  const res: Array<string> = [];
  const items = core.getInput(name);
  if (items == '') {
    return res;
  }
-  for (let output of (await csvparse(items, {
+  const records = await parse(items, {
    columns: false,
-    relax: true,
+    relaxQuotes: true,
    relaxColumnCount: true,
-    skipLinesWithEmptyValues: true
+    skipEmptyLines: true
-  })) as Array<string[]>) {
+  });
-    if (output.length == 1) {
+
-      res.push(output[0]);
+  for (const record of records as Array<string[]>) {
    if (record.length == 1) {
      res.push(record[0]);
      continue;
    } else if (!ignoreComma) {
-      res.push(...output);
+      res.push(...record);
      continue;
    }
-    res.push(output.join(','));
+    res.push(record.join(','));
  }
  return res.filter(item => item).map(pat => pat.trim());
@ -213,6 +249,6 @@ export const asyncForEach = async (array, callback) => {
 };
 // FIXME: Temp fix https://github.com/actions/toolkit/issues/777
-export function setOutput(name: string, value: any): void {
+export function setOutput(name: string, value: unknown): void {
  issueCommand('set-output', {name}, value);
 }
--- a/src/docker.ts
+++ b/src/docker.ts
@ -0,0 +1,19 @@
 import * as exec from '@actions/exec';
 export async function isAvailable(): Promise<boolean> {
  return await exec
    .getExecOutput('docker', undefined, {
      ignoreReturnCode: true,
      silent: true
    })
    .then(res => {
      if (res.stderr.length > 0 && res.exitCode != 0) {
        return false;
      }
      return res.exitCode == 0;
    })
    // eslint-disable-next-line @typescript-eslint/no-unused-vars
    .catch(error => {
      return false;
    });
 }
--- a/src/main.ts
+++ b/src/main.ts
@ -1,50 +1,80 @@
 import * as fs from 'fs';
 import * as buildx from './buildx';
 import * as context from './context';
 import * as docker from './docker';
 import * as stateHelper from './state-helper';
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
 async function run(): Promise<void> {
  try {
    const defContext = context.defaultContext();
    const inputs: context.Inputs = await context.getInputs(defContext);
    // standalone if docker cli not available
    const standalone = !(await docker.isAvailable());
    core.startGroup(`Docker info`);
-    await exec.exec('docker', ['version']);
+    if (standalone) {
-    await exec.exec('docker', ['info']);
+      core.info(`Docker info skipped in standalone mode`);
    } else {
      await exec.exec('docker', ['version'], {
        failOnStdErr: false
      });
      await exec.exec('docker', ['info'], {
        failOnStdErr: false
      });
    }
    core.endGroup();
-    if (!(await buildx.isAvailable())) {
+    if (!(await buildx.isAvailable(standalone))) {
      core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
      return;
    }
    stateHelper.setTmpDir(context.tmpDir());
-    const buildxVersion = await buildx.getVersion();
+    const buildxVersion = await buildx.getVersion(standalone);
-    const defContext = context.defaultContext();
+    await core.group(`Buildx version`, async () => {
-    let inputs: context.Inputs = await context.getInputs(defContext);
+      const versionCmd = buildx.getCommand(['version'], standalone);
      await exec.exec(versionCmd.command, versionCmd.args, {
        failOnStdErr: false
      });
    });
    const args: string[] = await context.getArgs(inputs, defContext, buildxVersion);
    const buildCmd = buildx.getCommand(args, standalone);
    await exec
-      .getExecOutput('docker', args, {
+      .getExecOutput(buildCmd.command, buildCmd.args, {
        ignoreReturnCode: true
      })
      .then(res => {
        if (res.stderr.length > 0 && res.exitCode != 0) {
-          throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)![0].trim()}`);
+          throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
        }
      });
-    await core.group(`Setting outputs`, async () => {
+    const imageID = await buildx.getImageID();
-      const imageID = await buildx.getImageID();
+    const metadata = await buildx.getMetadata();
-      const metadata = await buildx.getMetadata();
+    const digest = await buildx.getDigest(metadata);
-      if (imageID) {
+
-        core.info(`digest=${imageID}`);
+    if (imageID) {
-        context.setOutput('digest', imageID);
+      await core.group(`ImageID`, async () => {
-      }
+        core.info(imageID);
-      if (metadata) {
+        context.setOutput('imageid', imageID);
-        core.info(`metadata=${metadata}`);
+      });
    }
    if (digest) {
      await core.group(`Digest`, async () => {
        core.info(digest);
        context.setOutput('digest', digest);
      });
    }
    if (metadata) {
      await core.group(`Metadata`, async () => {
        core.info(metadata);
        context.setOutput('metadata', metadata);
-      }
+      });
-    });
+    }
  } catch (error) {
    core.setFailed(error.message);
  }
--- a/test/addhost.Dockerfile
+++ b/test/addhost.Dockerfile
@ -0,0 +1,2 @@
 FROM busybox
 RUN cat /etc/hosts
--- a/test/buildcontext.Dockerfile
+++ b/test/buildcontext.Dockerfile
@ -0,0 +1,3 @@
 # syntax=docker/dockerfile-upstream:master
 FROM alpine
 RUN cat /etc/*release
--- a/test/cgroup.Dockerfile
+++ b/test/cgroup.Dockerfile
@ -0,0 +1,2 @@
 FROM alpine
 RUN cat /proc/self/cgroup
--- a/test/nocachefilter.Dockerfile
+++ b/test/nocachefilter.Dockerfile
@ -0,0 +1,8 @@
 FROM busybox AS base
 RUN echo "Hello world!" > /hello
 FROM alpine AS build
 COPY --from=base /hello /hello
 RUN uname -a
 FROM build
--- a/test/shmsize.Dockerfile
+++ b/test/shmsize.Dockerfile
@ -0,0 +1,2 @@
 FROM busybox
 RUN mount | grep /dev/shm
--- a/test/ulimit.Dockerfile
+++ b/test/ulimit.Dockerfile
@ -0,0 +1,2 @@
 FROM busybox
 RUN ulimit -a
--- a/tsconfig.json
+++ b/tsconfig.json
@ -2,20 +2,18 @@
  "compilerOptions": {
    "target": "es6",
    "module": "commonjs",
    "lib": [
      "es6",
      "dom"
    ],
    "newLine": "lf",
    "outDir": "./lib",
    "rootDir": "./src",
    "esModuleInterop": true,
    "forceConsistentCasingInFileNames": true,
    "strict": true,
    "noImplicitAny": false,
-    "esModuleInterop": true,
+    "useUnknownInCatchVariables": false,
    "sourceMap": true
  },
  "exclude": [
    "node_modules",
-    "**/*.test.ts"
+    "**/*.test.ts",
    "jest.config.ts"
  ]
 }
--- a/yarn.lock
+++ b/yarn.lock