Merge pull request #880 from crazy-max/fix-inputlist

chore(deps): Bump @docker/actions-toolkit from 0.3.0 to 0.5.0
update generated content
2025-06-13 14:47:13 +02:00 · 2023-06-13 11:24:40 +02:00 · 2023-06-13 10:53:38 +02:00 · 2023-06-13 10:52:03 +02:00 · 2023-06-13 10:46:59 +02:00 · 2023-06-07 16:44:03 +02:00
70 changed files with 6065 additions and 21852 deletions
--- a/.eslintrc.json
+++ b/.eslintrc.json
@ -0,0 +1,23 @@
+{
+  "env": {
+    "node": true,
+    "es2021": true,
+    "jest": true
+  },
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:jest/recommended",
+    "plugin:prettier/recommended"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "plugins": [
+    "@typescript-eslint",
+    "jest",
+    "prettier"
+  ]
+}
--- a/.github/build-push-action.png
+++ b/.github/build-push-action.png
--- a/.github/e2e/distribution/env
+++ b/.github/e2e/distribution/env
@ -0,0 +1,5 @@
+REGISTRY_FQDN=localhost:8080
+REGISTRY_SLUG=localhost:8080/test-docker-action
+
+DISTRIBUTION_HOST=localhost
+DISTRIBUTION_PORT=8080
--- a/.github/e2e/distribution/install.sh
+++ b/.github/e2e/distribution/install.sh
@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -eu
+
+: "${DISTRIBUTION_VERSION:=2}"
+: "${DISTRIBUTION_HOST:=localhost}"
+: "${DISTRIBUTION_PORT:=8080}"
+
+echo "::group::Starting registry:${DISTRIBUTION_VERSION}"
+(
+  set -x
+  docker run -d --name registry -p "${DISTRIBUTION_PORT}:5000" "registry:${DISTRIBUTION_VERSION}"
+)
+echo "::endgroup::"
--- a/.github/e2e/harbor/env
+++ b/.github/e2e/harbor/env
@ -0,0 +1,8 @@
+REGISTRY_FQDN=localhost:8081
+REGISTRY_USER=admin
+REGISTRY_PASSWORD=Harbor12345
+REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
+
+HARBOR_HOST=localhost
+HARBOR_PORT=8081
+HARBOR_PROJECT=test-docker-action
--- a/.github/e2e/harbor/install.sh
+++ b/.github/e2e/harbor/install.sh
@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -eu
+
+: "${HARBOR_VERSION:=v2.7.0}"
+: "${HARBOR_HOST:=localhost}"
+: "${HARBOR_PORT:=49154}"
+: "${REGISTRY_USER:=admin}"
+: "${REGISTRY_PASSWORD:=Harbor12345}"
+
+: "${HARBOR_PROJECT:=test-docker-action}"
+
+project_post_data() {
+  cat <<EOF
+{
+  "project_name": "$HARBOR_PROJECT",
+  "public": true
+}
+EOF
+}
+
+export TERM=xterm
+
+# download
+echo "::group::Downloading Harbor $HARBOR_VERSION"
+(
+  cd /tmp
+  set -x
+  wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
+  tar xvf harbor-online-installer.tgz
+)
+echo "::endgroup::"
+
+# config
+echo "::group::Configuring Harbor"
+(
+  cd /tmp/harbor
+  set -x
+  cp harbor.yml.tmpl harbor.yml
+  harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
+  tee harbor.yml <<<"$harborConfig" >/dev/null
+  yq --no-colors harbor.yml
+)
+echo "::endgroup::"
+
+# install and start
+echo "::group::Installing Harbor"
+(
+  cd /tmp/harbor
+  set -x
+  ./install.sh
+  sleep 10
+  netstat -aptn
+)
+echo "::endgroup::"
+
+# compose config
+echo "::group::Compose config"
+(
+  cd /tmp/harbor
+  set -x
+  docker compose config
+)
+echo "::endgroup::"
+
+# create project
+echo "::group::Creating project"
+(
+  set -x
+  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
+)
+echo "::endgroup::"
+
+# list projects
+echo "::group::List projects"
+(
+  set -x
+  curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
+)
+echo "::endgroup::"
--- a/.github/e2e/nexus/docker-compose.yml
+++ b/.github/e2e/nexus/docker-compose.yml
@ -0,0 +1,8 @@
+services:
+  nexus:
+    image: sonatype/nexus3:${NEXUS_VERSION:-latest}
+    volumes:
+      - "./data:/nexus-data"
+    ports:
+      - "8081:8081"
+      - "8082:8082"
--- a/.github/e2e/nexus/env
+++ b/.github/e2e/nexus/env
@ -0,0 +1,9 @@
+REGISTRY_FQDN=localhost:8082
+REGISTRY_USER=admin
+REGISTRY_PASSWORD=Nexus12345
+REGISTRY_SLUG=localhost:8082/test-docker-action
+
+NEXUS_HOST=localhost
+NEXUS_PORT=8081
+NEXUS_REGISTRY_PORT=8082
+NEXUS_REPO=test-docker-action
--- a/.github/e2e/nexus/install.sh
+++ b/.github/e2e/nexus/install.sh
@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+set -eu
+
+SCRIPT_DIR=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
+
+: "${NEXUS_VERSION:=3.47.1}"
+: "${NEXUS_HOST:=localhost}"
+: "${NEXUS_PORT:=8081}"
+: "${NEXUS_REGISTRY_PORT:=8082}"
+: "${REGISTRY_USER:=admin}"
+: "${REGISTRY_PASSWORD:=Nexus12345}"
+
+: "${NEXUS_REPO:=test-docker-action}"
+
+createrepo_post_data() {
+  cat <<EOF
+{
+  "name": "${NEXUS_REPO}",
+  "online": true,
+  "storage": {
+    "blobStoreName": "default",
+    "strictContentTypeValidation": true,
+    "writePolicy": "ALLOW"
+  },
+  "docker": {
+    "v1Enabled": false,
+    "forceBasicAuth": true,
+    "httpPort": ${NEXUS_REGISTRY_PORT},
+    "httpsPort": null,
+    "subdomain": null
+  }
+}
+EOF
+}
+
+export NEXUS_VERSION
+
+mkdir -p /tmp/nexus/data
+chown 200:200 /tmp/nexus/data
+cp "${SCRIPT_DIR}/docker-compose.yml" /tmp/nexus/docker-compose.yml
+
+echo "::group::Pulling Nexus $NEXUS_VERSION"
+(
+  cd /tmp/nexus
+  set -x
+  docker compose pull
+)
+echo "::endgroup::"
+
+echo "::group::Compose config"
+(
+  cd /tmp/nexus
+  set -x
+  docker compose config
+)
+echo "::endgroup::"
+
+echo "::group::Running Nexus"
+(
+  cd /tmp/nexus
+  set -x
+  docker compose up -d
+)
+echo "::endgroup::"
+
+echo "::group::Running Nexus"
+(
+  cd /tmp/nexus
+  set -x
+  docker compose up -d
+)
+echo "::endgroup::"
+
+echo "::group::Waiting for Nexus to be ready"
+until $(curl --output /dev/null --silent --head --fail "http://$NEXUS_HOST:$NEXUS_PORT"); do
+  printf '.'
+  sleep 5
+done
+echo "::endgroup::"
+
+echo "::group::Change user's password"
+(
+  set -x
+  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$(cat /tmp/nexus/data/admin.password)" -X PUT -H 'Content-Type: text/plain' -d "$REGISTRY_PASSWORD" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/security/users/$REGISTRY_USER/change-password"
+)
+echo "::endgroup::"
+
+echo "::group::Create Docker repository"
+(
+  set -x
+  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H 'Content-Type: application/json' -d "$(createrepo_post_data)" "http://$NEXUS_HOST:$NEXUS_PORT/service/rest/v1/repositories/docker/hosted"
+)
+echo "::endgroup::"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@ -2,80 +2,184 @@ name: e2e

 on:
  workflow_dispatch:
+    inputs:
+      buildx-version:
+        description: 'Buildx version or Git context'
+        default: 'latest'
+        required: false
+      buildkit-image:
+        description: 'BuildKit image'
+        default: 'moby/buildkit:buildx-stable-1'
+        required: false
+      tag:
+        description: 'Additional tag to push'
+        required: false
  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
  push:
    branches:
-      - master
+      - 'master'
    tags:
-      - v*
+      - 'v*'
+
+env:
+  BUILDX_VERSION: latest
+  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
+  HARBOR_VERSION: v2.7.0
+  NEXUS_VERSION: 3.47.1
+  DISTRIBUTION_VERSION: 2.8.1

 jobs:
-  docker:
+  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          -
+            name: Distribution
+            id: distribution
+            type: local
+          -
+            name: Docker Hub
            registry: ''
            slug: ghactionstest/ghactionstest
            username_secret: DOCKERHUB_USERNAME
            password_secret: DOCKERHUB_TOKEN
+            type: remote
          -
+            name: GitHub
            registry: ghcr.io
            slug: ghcr.io/docker-ghactiontest/test
            username_secret: GHCR_USERNAME
            password_secret: GHCR_PAT
+            type: remote
          -
+            name: GitLab
            registry: registry.gitlab.com
            slug: registry.gitlab.com/test1716/test
            username_secret: GITLAB_USERNAME
            password_secret: GITLAB_TOKEN
+            type: remote
          -
+            name: AWS ECR
            registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
            slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
            username_secret: AWS_ACCESS_KEY_ID
            password_secret: AWS_SECRET_ACCESS_KEY
+            type: remote
          -
+            name: AWS ECR Public
            registry: public.ecr.aws
            slug: public.ecr.aws/q3b5f1u4/test-docker-action
            username_secret: AWS_ACCESS_KEY_ID
            password_secret: AWS_SECRET_ACCESS_KEY
+            type: remote
          -
+            name: Google Artifact Registry
            registry: us-east4-docker.pkg.dev
            slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
            username_secret: GAR_USERNAME
            password_secret: GAR_JSON_KEY
+            type: remote
          -
+            name: Google Container Registry
            registry: gcr.io
            slug: gcr.io/sandbox-298914/test-docker-action
            username_secret: GCR_USERNAME
            password_secret: GCR_JSON_KEY
+            type: remote
+          -
+            name: Azure Container Registry
+            registry: officialgithubactions.azurecr.io
+            slug: officialgithubactions.azurecr.io/test-docker-action
+            username_secret: AZURE_CLIENT_ID
+            password_secret: AZURE_CLIENT_SECRET
+            type: remote
+          -
+            name: Quay
+            registry: quay.io
+            slug: quay.io/docker_build_team/ghactiontest
+            username_secret: QUAY_USERNAME
+            password_secret: QUAY_TOKEN
+            type: remote
+          -
+            name: Artifactory
+            registry: buildkitghactiontests.jfrog.io
+            slug: buildkitghactiontests.jfrog.io/ghactiontest/test-docker-action
+            username_secret: ARTIFACTORY_USERNAME
+            password_secret: ARTIFACTORY_TOKEN
+            type: remote
+          -
+            name: Harbor
+            id: harbor
+            type: local
+          -
+            name: Nexus
+            id: nexus
+            type: local
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+      -
+        name: Set up env
+        if: matrix.type == 'local'
+        run: |
+          cat ./.github/e2e/${{ matrix.id }}/env >> $GITHUB_ENV
+      -
+        name: Set up BuildKit config
+        run: |
+          touch /tmp/buildkitd.toml
+          if [ "${{ matrix.type }}" = "local" ]; then
+            echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
+          fi
+      -
+        name: Set up Docker daemon
+        if: matrix.type == 'local'
+        run: |
+          if [ ! -e /etc/docker/daemon.json ]; then
+            echo '{}' | tee /etc/docker/daemon.json >/dev/null
+          fi
+          DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
+          sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
+          sudo service docker restart
+      -
+        name: Install ${{ matrix.name }}
+        if: matrix.type == 'local'
+        run: |
+          sudo -E bash ./.github/e2e/${{ matrix.id }}/install.sh
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
-          images: ${{ matrix.slug }}
+          images: ${{ env.REGISTRY_SLUG || matrix.slug }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }}
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          config: /tmp/buildkitd.toml
+          buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
      -
        name: Login to Registry
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        if: github.event_name != 'pull_request' && (env.REGISTRY_USER || matrix.username_secret) != ''
+        uses: docker/login-action@v2
        with:
-          registry: ${{ matrix.registry }}
-          username: ${{ secrets[matrix.username_secret] }}
-          password: ${{ secrets[matrix.password_secret] }}
+          registry: ${{ env.REGISTRY_FQDN || matrix.registry }}
+          username: ${{ env.REGISTRY_USER || secrets[matrix.username_secret] }}
+          password: ${{ env.REGISTRY_PASSWORD || secrets[matrix.password_secret] }}
      -
        name: Build and push
        uses: ./
@ -86,20 +190,14 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ matrix.slug }}:master
+          cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || matrix.slug }}:master
          cache-to: type=inline
      -
        name: Inspect image
-        if: github.event_name != 'pull_request'
        run: |
-          docker pull ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
-          docker image inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
+          docker pull ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
+          docker image inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
      -
        name: Check manifest
-        if: github.event_name != 'pull_request'
        run: |
-          docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
+          docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
--- a/.github/workflows/example.yml
+++ b/.github/workflows/example.yml
@ -1,78 +0,0 @@
-# This workflow is provided just as an usage example and not for repo testing/verification
-name: example
-
-on:
-  schedule:
-    - cron: '0 10 * * 0' # everyday sunday at 10am
-  push:
-    branches:
-      - '**'
-    tags:
-      - 'v*.*.*'
-  pull_request:
-
-env:
-  DOCKER_IMAGE: localhost:5000/name/app
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    services:
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v3
-        with:
-          images: ${{ env.DOCKER_IMAGE }}
-          tags: |
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          driver-opts: network=host
-      -
-        name: Build and export to Docker client
-        uses: ./
-        with:
-          context: ./test
-          file: ./test/Dockerfile
-          load: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-      -
-        name: Build and push to local registry
-        uses: ./
-        with:
-          context: ./test
-          file: ./test/Dockerfile
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-      -
-        name: Inspect image
-        run: |
-          docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
-      -
-        name: Check manifest
-        if: github.event_name != 'pull_request'
-        run: |
-          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -4,9 +4,8 @@ on:
  push:
    branches:
      - 'master'
+      - 'releases/v*'
  pull_request:
-    branches:
-      - 'master'

 jobs:
  test:
@ -14,19 +13,14 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Validate
-        uses: docker/bake-action@v1
-        with:
-          targets: validate
+        uses: actions/checkout@v3
      -
        name: Test
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v3
        with:
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v3
        with:
          file: ./coverage/clover.xml
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -0,0 +1,41 @@
+name: validate
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+  pull_request:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.targets.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Targets matrix
+        id: targets
+        run: |
+          echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Validate
+        uses: docker/bake-action@v3
+        with:
+          targets: ${{ matrix.target }}
--- a/.github/workflows/virtual-env.yml
+++ b/.github/workflows/virtual-env.yml
@ -1,38 +0,0 @@
-name: virtual-env
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
-
-jobs:
-  os:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - ubuntu-latest
-          - ubuntu-20.04
-          - ubuntu-18.04
-          - ubuntu-16.04
-    steps:
-      -
-        name: List install packages
-        run: apt list --installed
-      -
-        name: Docker info
-        run: docker info
-      -
-        name: Docker version
-        run: docker version
-      -
-        name: buildx version
-        run: docker buildx version
-      -
-        name: containerd version
-        run: containerd --version
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
--- a/.gitignore
+++ b/.gitignore
@ -1,10 +1,6 @@
 node_modules
 lib

-# Jetbrains
-/.idea
-/*.iml
-
 # Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
--- a/README.md
+++ b/README.md
@ -1,23 +1,15 @@
 [![GitHub release](https://img.shields.io/github/release/docker/build-push-action.svg?style=flat-square)](https://github.com/docker/build-push-action/releases/latest)
 [![GitHub marketplace](https://img.shields.io/badge/marketplace-build--and--push--docker--images-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/build-and-push-docker-images)
-[![CI workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/ci?label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
-[![Test workflow](https://img.shields.io/github/workflow/status/docker/build-push-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
+[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=ci)
+[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/build-push-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/build-push-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/build-push-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/build-push-action)

-## Upgrade from v1
-
-`v2` of this action includes significant updates and now uses Docker [Buildx](https://github.com/docker/buildx). It's
-also rewritten as a [typescript-action](https://github.com/actions/typescript-action/) to be as close as possible
-of the [GitHub Runner](https://github.com/actions/virtual-environments) during its execution.
-
-[Upgrade notes](UPGRADE.md) with many [usage examples](#advanced-usage) have been added to handle most use cases but
-`v1` is still available through [`releases/v1` branch](https://github.com/docker/build-push-action/tree/releases/v1).
-
 ## About

-GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx) with full support of the
-features provided by [Moby BuildKit](https://github.com/moby/buildkit) builder toolkit. This includes multi-platform
-build, secrets, remote cache, etc. and different builder deployment/namespacing options.
+GitHub Action to build and push Docker images with [Buildx](https://github.com/docker/buildx)
+with full support of the features provided by [Moby BuildKit](https://github.com/moby/buildkit)
+builder toolkit. This includes multi-platform build, secrets, remote cache, etc.
+and different builder deployment/namespacing options.

 ![Screenshot](.github/build-push-action.png)

@ -26,54 +18,55 @@ ___
 * [Usage](#usage)
  * [Git context](#git-context)
  * [Path context](#path-context)
-* [Advanced usage](#advanced-usage)
-  * [Multi-platform image](docs/advanced/multi-platform.md)
-  * [Secrets](docs/advanced/secrets.md)
-  * [Isolated builders](docs/advanced/isolated-builders.md)
-  * [Push to multi-registries](docs/advanced/push-multi-registries.md)
-  * [Copy between registries](docs/advanced/copy-between-registries.md)  
-  * [Cache](docs/advanced/cache.md)
-  * [Local registry](docs/advanced/local-registry.md)
-  * [Export image to Docker](docs/advanced/export-docker.md)
-  * [Share built image between jobs](docs/advanced/share-image-jobs.md)
-  * [Handle tags and labels](docs/advanced/tags-labels.md)
-  * [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
+* [Examples](#examples)
+  * [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)
+  * [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)
+  * [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
+  * [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
+  * [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
+  * [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
+  * [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
+  * [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
+  * [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
+  * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
+  * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
+  * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
 * [Troubleshooting](#troubleshooting)
-* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
+* [Contributing](#contributing)

 ## Usage

-By default, this action uses the [Git context](#git-context) so you don't need to use the
-[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
-done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
-and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+In the examples below we are also using 3 other actions:

-Be careful because **any file mutation in the steps that precede the build step will be ignored, including processing of the `.dockerignore` file** since
-the context is based on the git reference. However, you can use the [Path context](#path-context) using the
-[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
-this restriction.
-
-In the examples below we are using 3 other actions:
-
-* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by 
-default the `docker-container` [builder driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
-This is **not required but recommended** using it to be able to build multi-platform images, export cache, etc.
-* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be useful if you want
-to add emulation support with QEMU to be able to build against more platforms. 
-* [`login`](https://github.com/docker/login-action) action will take care to log in against a Docker registry.
+* [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will
+  create and boot a builder using by default the [`docker-container` driver](https://docs.docker.com/build/building/drivers/docker-container/).
+  This is **not required but recommended** using it to be able to build
+  multi-platform images, export cache, etc.
+* [`setup-qemu`](https://github.com/docker/setup-qemu-action) action can be
+  useful if you want to add emulation support with QEMU to be able to build
+  against more platforms. 
+* [`login`](https://github.com/docker/login-action) action will take care to
+  log in against a Docker registry.

 ### Git context

+By default, this action uses the [Git context](https://docs.docker.com/engine/reference/commandline/build/#git-repositories),
+so you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository as this will be done directly by [BuildKit](https://github.com/moby/buildkit).
+
+The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
+and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+
 ```yaml
 name: ci

 on:
  push:
    branches:
-      - 'master'
+      - 'main'

 jobs:
  docker:
@ -81,34 +74,67 @@ jobs:
    steps:
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          push: true
          tags: user/app:latest
 ```

-Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
-so it does not need to be passed. If you want to authenticate against another private repository, you have to use
-a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+Be careful because **any file mutation in the steps that precede the build step
+will be ignored, including processing of the `.dockerignore` file** since
+the context is based on the Git reference. However, you can use the
+[Path context](#path-context) using the [`context` input](#inputs) alongside
+the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+this restriction.
+
+Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
+expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
+to the default Git context:
+
+```yaml
+      -
+        # Setting up Docker Buildx with docker-container driver is required
+        # at the moment to be able to use a subdirectory with Git context
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: "{{defaultContext}}:mysubdir"
+          push: true
+          tags: user/app:latest
+```
+
+> **Warning**
+>
+> Subdirectory for Git context is available from [BuildKit v0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0).
+> If you're using the `docker` builder (default if `setup-buildx-action` not used),
+> then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds
+> Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore
+> required to use the `setup-buildx-action` at the moment.
+
+Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
+so it does not need to be passed. If you want to authenticate against another
+private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
+named `GIT_AUTH_TOKEN` to be able to authenticate against it with Buildx:

 ```yaml
      -
        name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          push: true
          tags: user/app:latest
@ -124,7 +150,7 @@ name: ci
 on:
  push:
    branches:
-      - 'master'
+      - 'main'

 jobs:
  docker:
@ -132,41 +158,42 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: user/app:latest
 ```

-## Advanced usage
+## Examples

-* [Multi-platform image](docs/advanced/multi-platform.md)
-* [Secrets](docs/advanced/secrets.md)
-* [Isolated builders](docs/advanced/isolated-builders.md)
-* [Push to multi-registries](docs/advanced/push-multi-registries.md)
-* [Copy between registries](docs/advanced/copy-between-registries.md)
-* [Cache](docs/advanced/cache.md)
-* [Local registry](docs/advanced/local-registry.md)
-* [Export image to Docker](docs/advanced/export-docker.md)
-* [Share built image between jobs](docs/advanced/share-image-jobs.md)
-* [Handle tags and labels](docs/advanced/tags-labels.md)
-* [Update DockerHub repo description](docs/advanced/dockerhub-desc.md)
+* [Multi-platform image](https://docs.docker.com/build/ci/github-actions/multi-platform/)
+* [Secrets](https://docs.docker.com/build/ci/github-actions/secrets/)
+* [Push to multi-registries](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
+* [Manage tags and labels](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
+* [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
+* [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
+* [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
+* [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
+* [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
+* [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
+* [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
+* [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)

 ## Customizing

@ -186,54 +213,58 @@ Following inputs can be used as `step.with` keys
 > tags: name/app:latest,name/app:1.0.0
 > ```

-| Name                | Type     | Description                        |
-|---------------------|----------|------------------------------------|
-| `allow`             | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (eg. `network.host,security.insecure`) |
-| `builder`           | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
-| `build-args`        | List     | List of build-time variables |
-| `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (eg. `type=local,src=path/to/dir`) |
-| `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (eg. `type=local,dest=path/to/dir`) |
-| `context`           | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
-| `file`              | String   | Path to the Dockerfile. (default `{context}/Dockerfile`) |
-| `labels`            | List     | List of metadata for an image |
-| `load`              | Bool     | [Load](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#load) is a shorthand for `--output=type=docker` (default `false`) |
-| `network`           | String   | Set the networking mode for the `RUN` instructions during build |
-| `no-cache`          | Bool     | Do not use cache when building the image (default `false`) |
-| `outputs`           | List     | List of [output destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#output) (format: `type=local,dest=path`) |
-| `platforms`         | List/CSV | List of [target platforms](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#platform) for build |
-| `pull`              | Bool     | Always attempt to pull a newer version of the image (default `false`) |
-| `push`              | Bool     | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) |
-| `secrets`           | List     | List of secrets to expose to the build (eg. `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
-| `secret-files`      | List     | List of secret files to expose to the build (eg. `key=filename`, `MY_SECRET=./secret.txt`) |
-| `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
-| `tags`              | List/CSV | List of tags |
-| `target`            | String   | Sets the target stage to build |
+| Name               | Type        | Description                                                                                                                                                                       |
+|--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `add-hosts`        | List/CSV    | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`)      |
+| `allow`            | List/CSV    | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`)                         |
+| `attests`          | List        | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`)                                                                 | 
+| `builder`          | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                                       |
+| `build-args`       | List        | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg)                                                                      |
+| `build-contexts`   | List        | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`)                                         |
+| `cache-from`       | List        | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`)                              |
+| `cache-to`         | List        | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`)                            |
+| `cgroup-parent`    | String      | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build              |
+| `context`          | String      | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
+| `file`             | String      | Path to the Dockerfile. (default `{context}/Dockerfile`)                                                                                                                          |
+| `labels`           | List        | List of metadata for an image                                                                                                                                                     |
+| `load`             | Bool        | [Load](https://docs.docker.com/engine/reference/commandline/buildx_build/#load) is a shorthand for `--output=type=docker` (default `false`)                                       |
+| `network`          | String      | Set the networking mode for the `RUN` instructions during build                                                                                                                   |
+| `no-cache`         | Bool        | Do not use cache when building the image (default `false`)                                                                                                                        |
+| `no-cache-filters` | List/CSV    | Do not cache specified stages                                                                                                                                                     |
+| `outputs`¹         | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         |
+| `platforms`        | List/CSV    | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build                                                                 |
+| `provenance`       | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`)                           |
+| `pull`             | Bool        | Always attempt to pull all referenced images (default `false`)                                                                                                                    |
+| `push`             | Bool        | [Push](https://docs.docker.com/engine/reference/commandline/buildx_build/#push) is a shorthand for `--output=type=registry` (default `false`)                                     |
+| `sbom`             | Bool/String | Generate [SBOM](https://docs.docker.com/build/attestations/sbom/) attestation for the build (shorthand for `--attest=type=sbom`)                                                  |
+| `secrets`          | List        | List of [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`)                |
+| `secret-files`     | List        | List of [secret files](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`)         |
+| `shm-size`         | String      | Size of [`/dev/shm`](https://docs.docker.com/engine/reference/commandline/buildx_build/#shm-size) (e.g., `2g`)                                                                    |
+| `ssh`              | List        | List of [SSH agent socket or keys](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh) to expose to the build                                                 |
+| `tags`             | List/CSV    | List of tags                                                                                                                                                                      |
+| `target`           | String      | Sets the target stage to build                                                                                                                                                    |
+| `ulimit`           | List        | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`)                                                            |
+| `github-token`     | String      | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                            |
+
+> **Note**
+>
+> * ¹ multiple `outputs` are [not yet supported](https://github.com/moby/buildkit/issues/1555)

 ### outputs

 Following outputs are available

-| Name              | Type    | Description                           |
-|-------------------|---------|---------------------------------------|
-| `digest`          | String  | Image content-addressable identifier also called a digest |
-| `metadata`        | JSON    | Build result metadata |
+| Name       | Type    | Description           |
+|------------|---------|-----------------------|
+| `imageid`  | String  | Image ID              |
+| `digest`   | String  | Image digest          |
+| `metadata` | JSON    | Build result metadata |

 ## Troubleshooting

 See [TROUBLESHOOTING.md](TROUBLESHOOTING.md)

-## Keep up-to-date with GitHub Dependabot
+## Contributing

-Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
-has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
-to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
-
-```yaml
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-```
+Want to contribute? Awesome! You can find information about contributing to
+this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@ -16,7 +16,7 @@ While pushing to a registry, you may encounter these kinds of issues:
 * `unexpected response: 401 Unauthorized`

 These issues are not directly related to this action but are rather linked to
-[buildx](https://github.com/docker/buildx), [buildkit](https://github.com/moby/buildkit),
+[Buildx](https://github.com/docker/buildx), [BuildKit](https://github.com/moby/buildkit),
 [containerd](https://github.com/containerd/containerd) or the registry on which
 you're pushing your image. The quality of error message depends on the registry
 and are usually not very informative.
@ -29,7 +29,7 @@ action step and attach BuildKit container logs to your issue.
 ### With containerd

 Next you can test pushing with [containerd action](https://github.com/crazy-max/ghaction-setup-containerd)
-using the following workflow. If it works then open an issue on [buildkit](https://github.com/moby/buildkit)
+using the following workflow. If it works then open an issue on [BuildKit](https://github.com/moby/buildkit)
 repository.

 ```yaml
@ -44,21 +44,21 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
        with:
          buildkitd-flags: --debug
      -
        name: Set up containerd
-        uses: crazy-max/ghaction-setup-containerd@v1
+        uses: crazy-max/ghaction-setup-containerd@v2
      -
        name: Build Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          context: .
          platforms: linux/amd64,linux/arm64
@ -100,18 +100,36 @@ or a cache reference:
 ```

 To fix this issue you can use our [metadata action](https://github.com/docker/metadata-action)
-to generate sanitized tags, or a dedicated step to sanitize the slug:
+to generate sanitized tags:
+
+```yaml
+- name: Docker meta
+  id: meta
+  uses: docker/metadata-action@v4
+  with:
+    images: ghcr.io/${{ github.repository }}
+    tags: latest
+
+- name: Build and push
+  uses: docker/build-push-action@v4
+  with:
+    context: .
+    push: true
+    tags: ${{ steps.meta.outputs.tags }}
+```
+
+Or a dedicated step to sanitize the slug:

 ```yaml
 - name: Sanitize repo slug
-  uses: actions/github-script@v4
+  uses: actions/github-script@v6
  id: repo_slug
  with:
    result-encoding: string
-    script: return `ghcr.io/${github.repository.toLowerCase()}`
+    script: return 'ghcr.io/${{ github.repository }}'.toLowerCase()

 - name: Build and push
-  uses: docker/build-push-action@v2
+  uses: docker/build-push-action@v4
  with:
    context: .
    push: true
--- a/UPGRADE.md
+++ b/UPGRADE.md
@ -1,133 +0,0 @@
-# Upgrade notes
-
-## v1 to v2
-
-* Input `path` is now called `context` for consistency with other Docker build tools
-* `path` defaults to current git repository so checkout action is not required in a workflow
-* Rename `dockerfile` input to `file` for consistency with other Docker build tools
-* Rename `always_pull` input to `pull` for consistency with other Docker build tools
-* Add `builder` input to be able to choose a builder instance through our [setup-buildx action](https://github.com/docker/setup-buildx-action)
-* Add `platforms` input to support multi-platform builds
-* Add `allow` input
-* Add `load` input
-* Add `outputs` input
-* Add `cache-from` input (`cache_froms` removed)
-* Add `cache-to` input
-* Rename `build_args` input to `build-args` for consistency with other Docker build tools
-* Add `secrets` input
-* Review `tags` input
-* Remove `repository` input. See [Simple workflow](#simple-workflow) for migration
-* Remove `username`, `password` and `registry` inputs. Login support moved to [docker/login-action](https://github.com/docker/login-action) repo
-* Remove `tag_with_sha`, `tag_with_ref`, `add_git_labels` inputs. See [Tags with ref and Git labels](#tags-with-ref-and-git-labels) for migration
-* Handle Git context
-* Add `digest` output
-
-### Simple workflow
-
-```yaml
-# v1
-steps:
-  -
-    name: Checkout code
-    uses: actions/checkout@v2
-  -
-    name: Build and push Docker images
-    uses: docker/build-push-action@v1
-    with:
-      username: ${{ secrets.DOCKER_USERNAME }}
-      password: ${{ secrets.DOCKER_PASSWORD }}
-      repository: myorg/myrepository
-      always_pull: true
-      build_args: arg1=value1,arg2=value2
-      cache_froms: myorg/myrepository:latest
-      tags: latest
-```
-
-```yaml
-# v2
-steps:
-  -
-    name: Checkout code
-    uses: actions/checkout@v2
-  -
-    name: Set up Docker Buildx
-    uses: docker/setup-buildx-action@v1
-  -
-    name: Login to DockerHub
-    uses: docker/login-action@v1
-    with:
-      username: ${{ secrets.DOCKER_USERNAME }}
-      password: ${{ secrets.DOCKER_PASSWORD }}
-  -
-    name: Build and push
-    uses: docker/build-push-action@v2
-    with:
-      context: .
-      pull: true
-      push: true
-      build-args: |
-        arg1=value1
-        arg2=value2
-      cache-from: type=registry,ref=myorg/myrepository:latest
-      cache-to: type=inline
-      tags: myorg/myrepository:latest
-```
-
-### Tags with ref and Git labels
-
-```yaml
-# v1
-steps:
-  -
-    name: Checkout code
-    uses: actions/checkout@v2
-  -
-    name: Build and push Docker images
-    uses: docker/build-push-action@v1
-    with:
-      username: ${{ secrets.DOCKER_USERNAME }}
-      password: ${{ secrets.DOCKER_PASSWORD }}
-      repository: myorg/myrepository
-      push: ${{ github.event_name != 'pull_request' }}
-      tag_with_ref: true
-      tag_with_sha: true
-      add_git_labels: true
-```
-
-```yaml
-# v2
-steps:
-  -
-    name: Checkout
-    uses: actions/checkout@v2
-  -
-    name: Docker meta
-    id: meta
-    uses: docker/metadata-action@v3
-    with:
-      images: |
-        myorg/myrepository
-      tags: |
-        type=ref,event=branch
-        type=ref,event=pr
-        type=semver,pattern={{version}}
-        type=sha
-  -
-    name: Set up Docker Buildx
-    uses: docker/setup-buildx-action@v1
-  -
-    name: Login to DockerHub
-    if: github.event_name != 'pull_request'
-    uses: docker/login-action@v1 
-    with:
-      username: ${{ secrets.DOCKER_USERNAME }}
-      password: ${{ secrets.DOCKER_PASSWORD }}
-  -
-    name: Build and push
-    uses: docker/build-push-action@v2
-    with:
-      context: .
-      push: ${{ github.event_name != 'pull_request' }}
-      tags: ${{ steps.meta.outputs.tags }}
-      labels: ${{ steps.meta.outputs.labels }}
-```
--- a/mocks/@actions/github.ts
+++ b/mocks/@actions/github.ts
@ -0,0 +1,207 @@
+import {jest} from '@jest/globals';
+
+export const context = {
+  repo: {
+    owner: 'docker',
+    repo: 'build-push-action'
+  },
+  ref: 'refs/heads/master',
+  runId: 123456789,
+  payload: {
+    after: '860c1904a1ce19322e91ac35af1ab07466440c37',
+    base_ref: null,
+    before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
+    commits: [
+      {
+        author: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        committer: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        distinct: true,
+        id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+        message: 'hello dev',
+        timestamp: '2022-04-19T11:27:24+02:00',
+        tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+        url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+      }
+    ],
+    compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
+    created: false,
+    deleted: false,
+    forced: false,
+    head_commit: {
+      author: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      committer: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      distinct: true,
+      id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+      message: 'hello dev',
+      timestamp: '2022-04-19T11:27:24+02:00',
+      tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+      url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+    },
+    organization: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+      description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
+      events_url: 'https://api.github.com/orgs/docker/events',
+      hooks_url: 'https://api.github.com/orgs/docker/hooks',
+      id: 5429470,
+      issues_url: 'https://api.github.com/orgs/docker/issues',
+      login: 'docker',
+      members_url: 'https://api.github.com/orgs/docker/members{/member}',
+      node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+      public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
+      repos_url: 'https://api.github.com/orgs/docker/repos',
+      url: 'https://api.github.com/orgs/docker'
+    },
+    pusher: {
+      email: 'github@crazymax.dev',
+      name: 'crazy-max'
+    },
+    ref: 'refs/heads/dev',
+    repository: {
+      allow_forking: true,
+      archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
+      archived: false,
+      assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
+      blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
+      branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
+      clone_url: 'https://github.com/docker/test-docker-action.git',
+      collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
+      comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
+      commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
+      compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
+      contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
+      contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
+      created_at: 1596792180,
+      default_branch: 'master',
+      deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
+      description: 'Test "Docker" Actions',
+      disabled: false,
+      downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
+      events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
+      fork: false,
+      forks: 1,
+      forks_count: 1,
+      forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
+      full_name: 'docker/test-docker-action',
+      git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
+      git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
+      git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
+      git_url: 'git://github.com/docker/test-docker-action.git',
+      has_downloads: true,
+      has_issues: true,
+      has_pages: false,
+      has_projects: true,
+      has_wiki: true,
+      homepage: '',
+      hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
+      html_url: 'https://github.com/docker/test-docker-action',
+      id: 285789493,
+      is_template: false,
+      issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
+      issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
+      issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
+      keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
+      labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
+      language: 'JavaScript',
+      languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
+      license: {
+        key: 'mit',
+        name: 'MIT License',
+        node_id: 'MDc6TGljZW5zZTEz',
+        spdx_id: 'MIT',
+        url: 'https://api.github.com/licenses/mit'
+      },
+      master_branch: 'master',
+      merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
+      milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
+      mirror_url: null,
+      name: 'test-docker-action',
+      node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
+      notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
+      open_issues: 6,
+      open_issues_count: 6,
+      organization: 'docker',
+      owner: {
+        avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+        email: 'info@docker.com',
+        events_url: 'https://api.github.com/users/docker/events{/privacy}',
+        followers_url: 'https://api.github.com/users/docker/followers',
+        following_url: 'https://api.github.com/users/docker/following{/other_user}',
+        gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
+        gravatar_id: '',
+        html_url: 'https://github.com/docker',
+        id: 5429470,
+        login: 'docker',
+        name: 'docker',
+        node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+        organizations_url: 'https://api.github.com/users/docker/orgs',
+        received_events_url: 'https://api.github.com/users/docker/received_events',
+        repos_url: 'https://api.github.com/users/docker/repos',
+        site_admin: false,
+        starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
+        subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
+        type: 'Organization',
+        url: 'https://api.github.com/users/docker'
+      },
+      private: true,
+      pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
+      pushed_at: 1650360446,
+      releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
+      size: 796,
+      ssh_url: 'git@github.com:docker/test-docker-action.git',
+      stargazers: 0,
+      stargazers_count: 0,
+      stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
+      statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
+      subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
+      subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
+      svn_url: 'https://github.com/docker/test-docker-action',
+      tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
+      teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
+      topics: [],
+      trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
+      updated_at: '2022-04-19T09:05:09Z',
+      url: 'https://github.com/docker/test-docker-action',
+      visibility: 'private',
+      watchers: 0,
+      watchers_count: 0
+    },
+    sender: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
+      events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
+      followers_url: 'https://api.github.com/users/crazy-max/followers',
+      following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
+      gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
+      gravatar_id: '',
+      html_url: 'https://github.com/crazy-max',
+      id: 1951866,
+      login: 'crazy-max',
+      node_id: 'MDQ6VXNlcjE5NTE4NjY=',
+      organizations_url: 'https://api.github.com/users/crazy-max/orgs',
+      received_events_url: 'https://api.github.com/users/crazy-max/received_events',
+      repos_url: 'https://api.github.com/users/crazy-max/repos',
+      site_admin: false,
+      starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
+      subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
+      type: 'User',
+      url: 'https://api.github.com/users/crazy-max'
+    }
+  }
+};
+
+export const getOctokit = jest.fn();
--- a/tests/buildx.test.ts
+++ b/tests/buildx.test.ts
@ -1,191 +0,0 @@
-import * as fs from 'fs';
-import * as path from 'path';
-import * as semver from 'semver';
-import * as exec from '@actions/exec';
-
-import * as buildx from '../src/buildx';
-import * as context from '../src/context';
-
-const tmpNameSync = path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
-const digest = 'sha256:bfb45ab72e46908183546477a08f8867fc40cebadd00af54b071b097aed127a9';
-const metadata = `{
-  "containerimage.config.digest": "sha256:059b68a595b22564a1cbc167af369349fdc2ecc1f7bc092c2235cbf601a795fd",
-  "containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
-}`;
-
-jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
-  const tmpDir = path.join('/tmp/.docker-build-push-jest').split(path.sep).join(path.posix.sep);
-  if (!fs.existsSync(tmpDir)) {
-    fs.mkdirSync(tmpDir, {recursive: true});
-  }
-  return tmpDir;
-});
-
-jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
-  return tmpNameSync;
-});
-
-describe('getImageID', () => {
-  it('matches', async () => {
-    const imageIDFile = await buildx.getImageIDFile();
-    console.log(`imageIDFile: ${imageIDFile}`);
-    await fs.writeFileSync(imageIDFile, digest);
-    const imageID = await buildx.getImageID();
-    console.log(`imageID: ${imageID}`);
-    expect(imageID).toEqual(digest);
-  });
-});
-
-describe('getMetadata', () => {
-  it('matches', async () => {
-    const metadataFile = await buildx.getMetadataFile();
-    console.log(`metadataFile: ${metadataFile}`);
-    await fs.writeFileSync(metadataFile, metadata);
-    const expected = await buildx.getMetadata();
-    console.log(`metadata: ${expected}`);
-    expect(expected).toEqual(metadata);
-  });
-});
-
-describe('isLocalOrTarExporter', () => {
-  // prettier-ignore
-  test.each([
-    [
-      [
-        'type=registry,ref=user/app',
-      ],
-      false
-    ],
-    [
-      [
-        'type=docker',
-      ],
-      false
-    ],
-    [
-      [
-        'type=local,dest=./release-out'
-      ],
-      true
-    ],
-    [
-      [
-        'type=tar,dest=/tmp/image.tar'
-      ],
-      true
-    ],
-    [
-      [
-        'type=docker',
-        'type=tar,dest=/tmp/image.tar'
-      ],
-      true
-    ],
-    [
-      [
-        '"type=tar","dest=/tmp/image.tar"'
-      ],
-      true
-    ],
-    [
-      [
-        '" type= local" , dest=./release-out'
-      ],
-      true
-    ],
-    [
-      [
-        '.'
-      ],
-      true
-    ],
-  ])(
-    'given %p returns %p',
-    async (outputs: Array<string>, expected: boolean) => {
-      expect(buildx.isLocalOrTarExporter(outputs)).toEqual(expected);
-    }
-  );
-});
-
-describe('isAvailable', () => {
-  const execSpy: jest.SpyInstance = jest.spyOn(exec, 'getExecOutput');
-  buildx.isAvailable();
-
-  expect(execSpy).toHaveBeenCalledWith(`docker`, ['buildx'], {
-    silent: true,
-    ignoreReturnCode: true
-  });
-});
-
-describe('getVersion', () => {
-  async function isDaemonRunning() {
-    return await exec
-      .getExecOutput(`docker`, ['version', '--format', '{{.Server.Os}}'], {
-        ignoreReturnCode: true,
-        silent: true
-      })
-      .then(res => {
-        return !res.stdout.includes(' ') && res.exitCode == 0;
-      });
-  }
-  (isDaemonRunning() ? it : it.skip)(
-    'valid',
-    async () => {
-      const version = await buildx.getVersion();
-      console.log(`version: ${version}`);
-      expect(semver.valid(version)).not.toBeNull();
-    },
-    100000
-  );
-});
-
-describe('parseVersion', () => {
-  test.each([
-    ['github.com/docker/buildx 0.4.1+azure bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
-    ['github.com/docker/buildx v0.4.1 bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
-    ['github.com/docker/buildx v0.4.2 fb7b670b764764dc4716df3eba07ffdae4cc47b2', '0.4.2'],
-    ['github.com/docker/buildx f117971 f11797113e5a9b86bd976329c5dbb8a8bfdfadfa', 'f117971']
-  ])('given %p', async (stdout, expected) => {
-    expect(buildx.parseVersion(stdout)).toEqual(expected);
-  });
-});
-
-describe('satisfies', () => {
-  test.each([
-    ['0.4.1', '>=0.3.2', true],
-    ['bda4882a65349ca359216b135896bddc1d92461c', '>0.1.0', false],
-    ['f117971', '>0.6.0', true]
-  ])('given %p', async (version, range, expected) => {
-    expect(buildx.satisfies(version, range)).toBe(expected);
-  });
-});
-
-describe('getSecret', () => {
-  test.each([
-    ['A_SECRET=abcdef0123456789', false, 'A_SECRET', 'abcdef0123456789', false],
-    ['GIT_AUTH_TOKEN=abcdefghijklmno=0123456789', false, 'GIT_AUTH_TOKEN', 'abcdefghijklmno=0123456789', false],
-    ['MY_KEY=c3RyaW5nLXdpdGgtZXF1YWxzCg==', false, 'MY_KEY', 'c3RyaW5nLXdpdGgtZXF1YWxzCg==', false],
-    ['aaaaaaaa', false, '', '', true],
-    ['aaaaaaaa=', false, '', '', true],
-    ['=bbbbbbb', false, '', '', true],
-    [`foo=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`, true, 'foo', 'bar', false],
-    [`notfound=secret`, true, '', '', true]
-  ])('given %p key and %p secret', async (kvp, file, exKey, exValue, invalid) => {
-    try {
-      let secret: string;
-      if (file) {
-        secret = await buildx.getSecretFile(kvp);
-      } else {
-        secret = await buildx.getSecretString(kvp);
-      }
-      expect(true).toBe(!invalid);
-      console.log(`secret: ${secret}`);
-      expect(secret).toEqual(`id=${exKey},src=${tmpNameSync}`);
-      const secretValue = await fs.readFileSync(tmpNameSync, 'utf-8');
-      console.log(`secretValue: ${secretValue}`);
-      expect(secretValue).toEqual(exValue);
-    } catch (err) {
-      expect(true).toBe(invalid);
-    }
-  });
-});
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@ -1,130 +1,57 @@
+import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
-import * as os from 'os';
 import * as path from 'path';
+import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
+import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
+import {Context} from '@docker/actions-toolkit/lib/context';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {BuilderInfo} from '@docker/actions-toolkit/lib/types/builder';
+import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';

 import * as context from '../src/context';

-const pgp = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+const tmpDir = path.join('/tmp', '.docker-build-push-jest');
+const tmpName = path.join(tmpDir, '.tmpname-jest');

-lQdGBF6tzaABEACjFbX7PFEG6vDPN2MPyxYW7/3o/sonORj4HXUFjFxxJxktJ3x3
-N1ayHPJ1lqIeoiY7jVbq0ZdEVGkd3YsKG9ZMdZkzGzY6PQPC/+M8OnzOiOPwUdWc
-+Tdhh115LvVz0MMKYiab6Sn9cgxj9On3LCQKpjvMDpPo9Ttf6v2GQIw8h2ACvdzQ
-71LtIELS/I+dLbfZiwpUu2fhQT13EJkEnYMOYwM5jNUd66P9itUc7MrOWjkicrKP
-oF1dQaCM+tuKuxvD8WLdiwU5x60NoGkJHHUehKQXl2dVzjpqEqHKEBJt9tfJ9lpE
-YIisgwB8o3pes0fgCehjW2zI95/o9+ayJ6nl4g5+mSvWRXEu66h71nwM0Yuvquk8
-3me7qhYfDrDdCwcxS5BS1hwakTgUQLD99FZjbx1j8sq96I65O0GRdyU2PR8KIjwu
-JrkTH4ZlKxK3FQghUhFoA5GkiDb+eClmRMSni5qg+81T4XChmUkEprA3eWCHL+Ma
-xRNNxLS+r6hH9HG5JBxpV3iaTI9HHpnQKhEeaLXqsUTDZliN9hP7Ywo8bpUB8j2d
-oWYwDV4dPyMKr6Fb8RDCh2q5gJGbVp8w/NmmBTeL+IP2fFggJkRfyumv3Ul7x66L
-tBFQ4rYo4JUUrGweSTneG6REIgxH66hIrNl6Vo/D1ZyknTe1dMOu/BTkkQARAQAB
-/gcDAqra8KO+h3bfyu90vxTL1ro4x/x9il7VBcWlIR4cBP7Imgxv+T4hwPIu8P1x
-lOlxLNWegFOV0idoTy1o3VLLBev/F+IlspX4A+2XEIddR6nZnKFi0Lv2L4TKgE9E
-VJJTszmviDIRLMLN9dWzDfA8hj5tR5Inot92CHRF414AS22JHvlhbFSLQnjqsN+C
-n1cQpNOJhkxsSfZsxjnFa/70y/u8v0o8mzyLZmk9HpzRHGzoz8IfpLp8OTqBR9u6
-zzoKLy16zZO55OKbj7h8uVZvDUq9l8iDICpqWMdZqBJIl56MBexYKgYxh3YO/8v2
-oXli+8Xuaq5QLiCN3yT7IbKoYzplnFfaJwFiMh7R1iPLXaYAZ0qdRijlbtseTK1m
-oHNkwUbxVzjkh4LfE8UpmMwZn5ZjWni3230SoiXuKy0OHkGvwGvWWAL1mEuoYuUI
-mFMcH5MnixP8oQYZKDj2IR/yEeOpdU6B/tr3Tk1NidLf7pUMqG7Ff1NU6dAUeBpa
-9xahITMjHvrhgMISY4IYZep5cEnVw8lQTpUJtW/ePMzrFhu3sA7oNdj9joW/VMfz
-H7MHwwavtICsYqoqV3lnjX4EC9dW6o8PTUg2u956dmtK7KAyUK/+w2aLNGT28ChN
-jhRYHvHzB9Kw5asqI/lTM49eqslBqYQMTTjdBphkYuSZQzNMf291j/ZmoLhD1A1a
-S8tUnNygKV4D1cJYgSXfzhFoU8ib/0SPo+KqQ+CzGS+wxXg6WNBA6wepTjpnVVx3
-4JADP8IJcDC3P0iwAreWjSy15F1cvemFFB0SLNUkyZGzsxtKzbM1+8khl68+eazC
-LzRj0rxfIF5znWjX1QFhKxCk6eF0IWDY0+b3DBkmChME9YDXJ3TthcqA7JgcX4JI
-M4/wdqhgerJYOmj+i2Q0M+Bu02icOJYMwTMMsDVl7XGHkaCuRgZ54eZAUH7JFwUm
-1Ct3tcaqiTMmz0ngHVqBTauzgqKDvzwdVqdfg05H364nJMay/3omR6GayIb5CwSo
-xdNVwG3myPPradT9MP09mDr4ys2zcnQmCkvTVBF6cMZ1Eh6PQQ8CyQWv0zkaBnqj
-JrM1hRpgW4ZlRosSIjCaaJjolN5QDcXBM9TbW9ww+ZYstazN2bV1ZQ7BEjlHQPa1
-BhzMsvqkbETHsIpDNF52gZKn3Q9eIX05BeadzpHUb5/XOheIHVIdhSaTlgl/qQW5
-hQgPGSzSV6KhXEY7aevTdvOgq++WiELkjfz2f2lQFesTjFoQWEvxVDUmLxHtEhaN
-DOuh4H3mX5Opn3pLQmqWVhJTbFdx+g5qQd0NCW4mDaTFWTRLFLZQsSJxDSeg9xrY
-gmaii8NhMZRwquADW+6iU6KfraBhngi7HRz4TfqPr9ma/KUY464cqim1fnwXejyx
-jsb5YHR9R66i+F6P/ysF5w+QuVdDt1fnf9GLay0r6qxpA8ft2vGPcDs4806Huj+7
-Aq5VeJaNkCuh3GR3xVnCFAz/7AtkO6xKuZm8B3q904UuMdSmkhWbaobIuF/B2B6S
-eawIXQHEOplK3ic26d8Ckf4gbjeORfELcMAEi5nGXpTThCdmxQApCLxAYYnTfQT1
-xhlDwT9xPEabo98mIwJJsAU5VsTDYW+qfo4qIx8gYoSKc9Xu3yVh3n+9k43Gcm5V
-9lvK1slijf+TzODZt/jsmkF8mPjXyP5KOI+xQp/m4PxW3pp57YrYj/Rnwga+8DKX
-jMsW7mLAAZ/e+PY6z/s3x1Krfk+Bb5Ph4mI0zjw5weQdtyEToRgveda0GEpvZSBU
-ZXN0ZXIgPGpvZUBmb28uYmFyPokCNgQQAQgAIAUCXq3NoAYLCQcIAwIEFQgKAgQW
-AgEAAhkBAhsDAh4BAAoJEH2FHrctc72gxtQP/AulaClIcn/kDt43mhYnyLglPfbo
-AqPlU26chXolBg0Wo0frFY3aIs5SrcWEf8aR4XLwCFGyi3vya0CUxjghN5tZBYqo
-vswbT00zP3ohxxlJFCRRR9bc7OZXCgTddtfVf6EKrUAzIkbWyAhaJnwJy/1UGpSw
-SEO/KpastrVKf3sv1wqOeFQ4DFyjaNda+xv3dVWS8db7KogqJiPFZXrQK3FKVIxS
-fxRSmKaYN7//d+xwVAEY++RrnL/o8B2kV6N68cCpQWJELyYnJzis9LBcWd/3wiYh
-efTyY+ePKUjcB+kEZnyJfLc7C2hll2e7UJ0fxv+k8vHReRhrNWmGRXsjNRxiw3U0
-hfvxD/C8nyqAbeTHp4XDX78Tc3XCysAqIYboIL+RyewDMjjLj5vzUYAdUdtyNaD7
-C6M2R6pN1GAt52CJmC/Z6F7W7GFGoYOdEkVdMQDsjCwScyEUNlGj9Zagw5M2EgSe
-6gaHgMgTzsMzCc4W6WV5RcS55cfDNOXtxPsMJTt4FmXrjl11prBzpMfpU5a9zxDZ
-oi54ZZ8VPE6jsT4Lzw3sni3c83wm28ArM20AzZ1vh7fk3Sfd0u4Yaz7s9JlEm5+D
-34tEyli28+QjCQc18EfQUiJqiYEJRxJXJ3esvMHfYi45pV/Eh5DgRW1305fUJV/6
-+rGpg0NejsHoZdZPnQdGBF6tzaABEAC4mVXTkVk6Kdfa4r5zlzsoIrR27laUlMkb
-OBMt+aokqS+BEbmTnMg6xIAmcUT5uvGAc8S/WhrPoYfc15fTUyHIz8ZbDoAg0LO6
-0Io4VkAvNJNEnsSV9VdLBh/XYlc4K49JqKyWTL4/FJFAGbsmHY3b+QU90AS6FYRv
-KeBAoiyebrjx0vmzb8E8h3xthVLN+AfMlR1ickY62zvnpkbncSMY/skur1D2KfbF
-3sFprty2pEtjFcyB5+18l2IyyHGOlEUw1PZdOAV4/Myh1EZRgYBPs80lYTJALCVF
-IdOakH33WJCImtNZB0AbDTABG+JtMjQGscOa0qzf1Y/7tlhgCrynBBdaIJTx95TD
-21BUHcHOu5yTIS6Ulysxfkv611+BiOKHgdq7DVGP78VuzA7bCjlP1+vHqIt3cnIa
-t2tEyuZ/XF4uc3/i4g0uP9r7AmtET7Z6SKECWjpVv+UEgLx5Cv+ql+LSKYQMvU9a
-i3B1F9fatn3FSLVYrL4aRxu4TSw9POb0/lgDNmN3lGQOsjGCZPibkHjgPEVxKuiq
-9Oi38/VTQ0ZKAmHwBTq1WTZIrPrCW0/YMQ6yIJZulwQ9Yx1cgzYzEfg04fPXlXMi
-vkvNpKbYIICzqj0/DVztz9wgpW6mnd0A2VX2dqbMM0fJUCHA6pj8AvXY4R+9Q4rj
-eWRK9ycInQARAQAB/gcDApjt7biRO0PEyrrAiUwDMsJL4/CVMu11qUWEPjKe2Grh
-ZTW3N+m3neKPRULu+LUtndUcEdVWUCoDzAJ7MwihZtV5vKST/5Scd2inonOaJqoA
-nS3wnEMN/Sc93HAZiZnFx3NKjQVNCwbuEs45mXkkcjLm2iadrTL8fL4acsu5IsvD
-LbDwVOPeNnHKl6Hr20e39fK0FuJEyH49JM6U3B1/8385sJB8+E24+hvSF81aMddh
-Ne4Bc3ZYiYaKxe1quPNKC0CQhAZiT7LsMfkInXr0hY1I+kISNXEJ1dPYOEWiv0Ze
-jD5Pupn34okKNEeBCx+dK8BmUCi6Jgs7McUA7hN0D/YUS++5fuR55UQq2j8Ui0tS
-P8GDr86upH3PgEL0STh9fYfJ7TesxurwonWjlmmT62Myl4Pr+RmpS6PXOnhtcADm
-eGLpzhTveFj4JBLMpyYHgBTqcs12zfprATOpsI/89kmQoGCZpG6+AbfSHqNNPdy2
-eqUCBhOZlIIda1z/cexmU3f/gBqyflFf8fkvmlO4AvI8aMH3OpgHdWnzh+AB51xj
-kmdD/oWel9v7Dz4HoZUfwFaLZ0fE3P9voD8e+sCwqQwVqRY4L/BOYPD5noVOKgOj
-ABNKu5uKrobj6rFUi6DTUCjFGcmoF1Sc06xFNaagUNggRbmlC/dz22RWdDUYv5ra
-N6TxIDkGC0cK6ujyK0nes3DN0aHjgwWuMXDYkN3UckiebI4Cv/eF9jvUKOSiIcy1
-RtxdazZS4dYg2LBMeJKVkPi5elsNyw2812nEY3du/nEkQYXfYgWOF27OR+g4Y9Yw
-1BiqJ1TTjbQnd/khOCrrbzDH1mw00+1XVsT6wjObuYqqxPPS87UrqmMf6OdoYfPm
-zEOnNLBnsJ5VQM3A3pcT40RfdBrZRO8LjGhzKTreyq3C+jz0RLa5HNE8GgOhGyck
-ME4h+RhXlE8KGM+tTo6PA1NJSrEt+8kZzxjP4rIEn0aVthCkNXK12inuXtnHm0ao
-iLUlQOsfPFEnzl0TUPd7+z7j/wB+XiKU/AyEUuB0mvdxdKtqXvajahOyhLjzHQhz
-ZnNlgANGtiqcSoJmkJ8yAvhrtQX51fQLftxbArRW1RYk/5l+Gy3azR+gUC17M6JN
-jrUYxn0zlAxDGFH7gACHUONwVekcuEffHzgu2lk7MyO1Y+lPnwabqjG0eWWHuU00
-hskJlXyhj7DeR12bwjYkyyjG62GvOH02g3OMvUgNGH+K321Dz539csCh/xwtg7Wt
-U3YAphU7htQ1dPDfk1IRs7DQo2L+ZTE57vmL5m0l6fTataEWBPUXkygfQFUJOM6Q
-yY76UEZww1OSDujNeY171NSTzXCVkUeAdAMXgjaHXWLK2QUQUoXbYX/Kr7Vvt9Fu
-Jh6eGjjp7dSjQ9+DW8CAB8vxd93gsQQGWYjmGu8khkEmx6OdZhmSbDbe915LQTb9
-sPhk2s5/Szsvr5W2JJ2321JI6KXBJMZvPC5jEBWmRzOYkRd2vloft+CSMfXF+Zfd
-nYtc6R3dvb9vcjo+a9wFtfcoDsO0MaPSM+9GB25MamdatmGX6iLOy9Re1UABwUi/
-VhTWNkP5uzqx0sDwHEIa2rYOwxpIZDwwjM3oOASCW1DDBQ0BI9KNjfIeL3ubx2mS
-2x8hFU9qSK4umoDNbzOqGPSlkdbiPcNjF2ZcSN1qQZiYdwLL5dw6APNyBVjxTN1J
-gkCdJ/HwAY+r93Lbl5g8gz8d0vJEyfn//34sn9u+toSTw55GcG9Ks1kSKIeDNh0h
-MiPm3HmJAh8EGAEIAAkFAl6tzaACGwwACgkQfYUety1zvaBV9hAAgliX36pXJ59g
-3I9/4R68e/fGg0FMM6D+01yCeiKApOYRrJ0cYKn7ITDYmHhlGGpBAie90UsqX12h
-hdLP7LoQx7sjTyzQt6JmpA8krIwi2ON7FKBkdYb8IYx4mE/5vKnYT4/SFnwTmnZY
-+m+NzK2U/qmhq8JyO8gozdAKJUcgz49IVv2Ij0tQ4qaPbyPwQxIDyKnT758nJhB1
-jTqo+oWtER8q3okzIlqcArqn5rDaNJx+DRYL4E/IddyHQAiUWUka8usIUqeW5reu
-zoPUE2CCfOJSGArkqHQQqMx0WEzjQTwAPaHrQbera4SbiV/o4CLCV/u5p1Qnig+Q
-iUsakmlD299t//125LIQEa5qzd9hRC7u1uJS7VdW8eGIEcZ0/XT/sr+z23z0kpZH
-D3dXPX0BwM4IP9xu31CNg10x0rKwjbxy8VaskFEelpqpu+gpAnxqMd1evpeUHcOd
-r5RgPgkNFfba9Nbxf7uEX+HOmsOM+kdtSmdGIvsBZjVnW31nnoDMp49jG4OynjrH
-cRuoM9sxdr6UDqb22CZ3/e0YN4UaZM3YDWMVaP/QBVgvIFcdByqNWezpd9T4ZUII
-MZlaV1uRnHg6B/zTzhIdMM80AXz6Uv6kw4S+Lt7HlbrnMT7uKLuvzH7cle0hcIUa
-PejgXO0uIRolYQ3sz2tMGhx1MfBqH64=
-=WbwB
-----END PGP PRIVATE KEY BLOCK-----`;
-
-jest.spyOn(context, 'defaultContext').mockImplementation((): string => {
-  return 'https://github.com/docker/build-push-action.git#refs/heads/test-jest';
+import repoFixture from './fixtures/github-repo.json';
+jest.spyOn(GitHub.prototype, 'repoData').mockImplementation((): Promise<GitHubRepo> => {
+  return <Promise<GitHubRepo>>(repoFixture as unknown);
 });

-jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
-  const tmpDir = path.join('/tmp/.docker-build-push-jest').split(path.sep).join(path.posix.sep);
+jest.spyOn(Context, 'tmpDir').mockImplementation((): string => {
  if (!fs.existsSync(tmpDir)) {
    fs.mkdirSync(tmpDir, {recursive: true});
  }
  return tmpDir;
 });

-jest.spyOn(context, 'tmpNameSync').mockImplementation((): string => {
-  return path.join('/tmp/.docker-build-push-jest', '.tmpname-jest').split(path.sep).join(path.posix.sep);
+jest.spyOn(Context, 'tmpName').mockImplementation((): string => {
+  return tmpName;
+});
+
+jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean> => {
+  return true;
+});
+
+jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => {
+  return {
+    name: 'builder2',
+    driver: 'docker-container',
+    lastActivity: new Date('2023-01-16 09:45:23 +0000 UTC'),
+    nodes: [
+      {
+        buildkit: 'v0.11.0',
+        'buildkitd-flags': '--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
+        'driver-opts': ['BUILDKIT_STEP_LOG_MAX_SIZE=10485760', 'BUILDKIT_STEP_LOG_MAX_SPEED=10485760', 'JAEGER_TRACE=localhost:6831', 'image=moby/buildkit:latest', 'network=host'],
+        endpoint: 'unix:///var/run/docker.sock',
+        name: 'builder20',
+        platforms: 'linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6',
+        status: 'running'
+      }
+    ]
+  };
 });

 describe('getArgs', () => {
@ -140,58 +67,64 @@ describe('getArgs', () => {
  // prettier-ignore
  test.each([
    [
+      0,
      '0.4.1',
      new Map<string, string>([
        ['context', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
        '.'
      ]
    ],
    [
+      1,
      '0.4.2',
      new Map<string, string>([
-        ['build-args', 'MY_ARG=val1,val2,val3\nARG=val'],
+        ['build-args', `MY_ARG=val1,val2,val3
+ARG=val
+"MULTILINE=aaaa
+bbbb
+ccc"`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
        '--build-arg', 'MY_ARG=val1,val2,val3',
        '--build-arg', 'ARG=val',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
+        '--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
+      2,
      '0.4.2',
      new Map<string, string>([
        ['tags', 'name/app:7.4, name/app:latest'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
        '--tag', 'name/app:7.4',
        '--tag', 'name/app:latest',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
+        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
+      3,
      '0.4.2',
      new Map<string, string>([
        ['context', '.'],
@ -200,10 +133,9 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
        '--label', 'org.opencontainers.image.title=buildkit',
        '--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
@ -212,6 +144,7 @@ describe('getArgs', () => {
      ]
    ],
    [
+      4,
      '0.4.1',
      new Map<string, string>([
        ['context', '.'],
@ -219,32 +152,32 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
        '--platform', 'linux/amd64,linux/arm64',
        '.'
      ]
    ],
    [
+      5,
      '0.4.1',
      new Map<string, string>([
        ['context', '.'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
        '.'
      ]
    ],
    [
+      6,
      '0.4.2',
      new Map<string, string>([
        ['context', '.'],
@ -252,17 +185,17 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
        '.'
      ]
    ],
    [
+      7,
      '0.4.2',
      new Map<string, string>([
        ['github-token', 'abcdefghijklmno0123456789'],
@ -270,17 +203,17 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
        '--output', '.',
-        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        'https://github.com/docker/build-push-action.git#refs/heads/test-jest'
+        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
+        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
+      8,
      '0.4.2',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -292,21 +225,21 @@ describe('getArgs', () => {
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--platform', 'linux/amd64,linux/arm64',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--platform', 'linux/amd64,linux/arm64',
+        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
+      9,
      '0.4.2',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -326,24 +259,24 @@ ccc"`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--platform', 'linux/amd64,linux/arm64',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--platform', 'linux/amd64,linux/arm64',
+        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
+        '--secret', `id=MYSECRET,src=${tmpName}`,
+        '--secret', `id=FOO,src=${tmpName}`,
+        '--secret', `id=EMPTYLINE,src=${tmpName}`,
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
+      10,
      '0.4.2',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
@ -363,43 +296,42 @@ ccc`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--platform', 'linux/amd64,linux/arm64',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--secret', 'id=GIT_AUTH_TOKEN,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--secret', 'id=MYSECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--secret', 'id=FOO,src=/tmp/.docker-build-push-jest/.tmpname-jest',
-        '--secret', 'id=EMPTYLINE,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--platform', 'linux/amd64,linux/arm64',
+        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
+        '--secret', `id=MYSECRET,src=${tmpName}`,
+        '--secret', `id=FOO,src=${tmpName}`,
+        '--secret', `id=EMPTYLINE,src=${tmpName}`,
        '--builder', 'builder-git-context-2',
        '--push',
        'https://github.com/docker/build-push-action.git#refs/heads/master'
      ]
    ],
    [
+      11,
      '0.5.1',
      new Map<string, string>([
        ['context', 'https://github.com/docker/build-push-action.git#refs/heads/master'],
        ['tag', 'localhost:5000/name/app:latest'],
-        ['secret-files', `MY_SECRET=${path.join(__dirname, 'fixtures', 'secret.txt').split(path.sep).join(path.posix.sep)}`],
+        ['secret-files', `MY_SECRET=${path.join(__dirname, 'fixtures', 'secret.txt')}`],
        ['file', './test/Dockerfile'],
        ['builder', 'builder-git-context-2'],
        ['network', 'host'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--secret', 'id=MY_SECRET,src=/tmp/.docker-build-push-jest/.tmpname-jest',
        '--file', './test/Dockerfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--secret', `id=MY_SECRET,src=${tmpName}`,
        '--builder', 'builder-git-context-2',
        '--network', 'host',
        '--push',
@ -407,6 +339,7 @@ ccc`],
      ]
    ],
    [
+      12,
      '0.4.2',
      new Map<string, string>([
        ['context', '.'],
@ -415,10 +348,9 @@ ccc`],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'false'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
        '--label', 'org.opencontainers.image.title=filter_results_top_n',
        '--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
@ -427,236 +359,283 @@ ccc`],
      ]
    ],
    [
+      13,
      '0.6.0',
      new Map<string, string>([
        ['context', '.'],
        ['tag', 'localhost:5000/name/app:latest'],
        ['file', './test/Dockerfile'],
+        ['add-hosts', 'docker:10.180.0.1,foo:10.0.0.1'],
        ['network', 'host'],
        ['load', 'false'],
        ['no-cache', 'false'],
        ['push', 'true'],
-        ['pull', 'false']
+        ['pull', 'false'],
      ]),
      [
-        'buildx',
        'build',
-        '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
-        '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
+        '--add-host', 'docker:10.180.0.1',
+        '--add-host', 'foo:10.0.0.1',
        '--file', './test/Dockerfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
        '--network', 'host',
        '--push',
        '.'
      ]
    ],
+    [
+      14,
+      '0.7.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['file', './test/Dockerfile'],
+        ['add-hosts', 'docker:10.180.0.1\nfoo:10.0.0.1'],
+        ['cgroup-parent', 'foo'],
+        ['shm-size', '2g'],
+        ['ulimit', `nofile=1024:1024
+nproc=3`],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'build',
+        '--add-host', 'docker:10.180.0.1',
+        '--add-host', 'foo:10.0.0.1',
+        '--cgroup-parent', 'foo',
+        '--file', './test/Dockerfile',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--shm-size', '2g',
+        '--ulimit', 'nofile=1024:1024',
+        '--ulimit', 'nproc=3',
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      15,
+      '0.7.0',
+      new Map<string, string>([
+        ['context', '{{defaultContext}}:docker'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
+      ]
+    ],
+    [
+      16,
+      '0.8.2',
+      new Map<string, string>([
+        ['github-token', 'abcdefghijklmno0123456789'],
+        ['context', '{{defaultContext}}:subdir'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
+      ]
+    ],
+    [
+      17,
+      '0.8.2',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'true'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      18,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      19,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'true'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      20,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'mode=max'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      21,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'false'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        "--provenance", 'false',
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      22,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'builder-id=foo'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        "--provenance", 'builder-id=foo',
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      23,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['outputs', 'type=docker'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        "--output", 'type=docker',
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      24,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'true'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'build',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--load',
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
+    [
+      25,
+      '0.10.0',
+      new Map<string, string>([
+        ['context', '.'],
+        ['build-args', `FOO=bar#baz`],
+        ['load', 'true'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'build',
+        '--build-arg', 'FOO=bar#baz',
+        '--iidfile', path.join(tmpDir, 'iidfile'),
+        '--load',
+        '--metadata-file', path.join(tmpDir, 'metadata-file'),
+        '.'
+      ]
+    ],
  ])(
-    'given %p with %p as inputs, returns %p',
-    async (buildxVersion: string, inputs: Map<string, any>, expected: Array<string>) => {
-      await inputs.forEach((value: string, name: string) => {
+    '[%d] given %p with %p as inputs, returns %p',
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
+      inputs.forEach((value: string, name: string) => {
        setInput(name, value);
      });
-      const defContext = context.defaultContext();
-      const inp = await context.getInputs(defContext);
-      console.log(inp);
-      const res = await context.getArgs(inp, defContext, buildxVersion);
-      console.log(res);
+      const toolkit = new Toolkit();
+      jest.spyOn(Buildx.prototype, 'version').mockImplementation(async (): Promise<string> => {
+        return buildxVersion;
+      });
+      const inp = await context.getInputs();
+      const res = await context.getArgs(inp, toolkit);
      expect(res).toEqual(expected);
    }
  );
 });

-describe('getInputList', () => {
-  it('single line correctly', async () => {
-    await setInput('foo', 'bar');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar']);
-  });
-
-  it('multiline correctly', async () => {
-    setInput('foo', 'bar\nbaz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty lines correctly', async () => {
-    setInput('foo', 'bar\n\nbaz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('comma correctly', async () => {
-    setInput('foo', 'bar,baz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty result correctly', async () => {
-    setInput('foo', 'bar,baz,');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines correctly', async () => {
-    setInput('foo', 'bar\r\nbaz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines and comma correctly', async () => {
-    setInput('foo', 'bar\r\nbaz,bat');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz', 'bat']);
-  });
-
-  it('multiline and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
-    const res = await context.getInputList('cache-from', true);
-    console.log(res);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('different new lines and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
-    const res = await context.getInputList('cache-from', true);
-    console.log(res);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('multiline values', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
-  });
-
-  it('multiline values with empty lines', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar
-"EMPTYLINE=aaaa
-
-bbbb
-ccc"`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar',
-      `EMPTYLINE=aaaa
-
-bbbb
-ccc`
-    ]);
-  });
-
-  it('multiline values without quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']);
-  });
-
-  it('large multiline values', async () => {
-    setInput(
-      'secrets',
-      `"GPG_KEY=${pgp}"
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([`GPG_KEY=${pgp}`, 'FOO=bar']);
-  });
-
-  it('multiline values escape quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbb""bbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbb\"bbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
-  });
-});
-
-describe('asyncForEach', () => {
-  it('executes async tasks sequentially', async () => {
-    const testValues = [1, 2, 3, 4, 5];
-    const results: number[] = [];
-
-    await context.asyncForEach(testValues, async value => {
-      results.push(value);
-    });
-
-    expect(results).toEqual(testValues);
-  });
-});
-
-describe('setOutput', () => {
-  beforeEach(() => {
-    process.stdout.write = jest.fn();
-  });
-
-  it('setOutput produces the correct command', () => {
-    context.setOutput('some output', 'some value');
-    assertWriteCalls([`::set-output name=some output::some value${os.EOL}`]);
-  });
-
-  it('setOutput handles bools', () => {
-    context.setOutput('some output', false);
-    assertWriteCalls([`::set-output name=some output::false${os.EOL}`]);
-  });
-
-  it('setOutput handles numbers', () => {
-    context.setOutput('some output', 1.01);
-    assertWriteCalls([`::set-output name=some output::1.01${os.EOL}`]);
-  });
-});
-
 // See: https://github.com/actions/toolkit/blob/a1b068ec31a042ff1e10a522d8fdf0b8869d53ca/packages/core/src/core.ts#L89
 function getInputName(name: string): string {
  return `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
@ -665,11 +644,3 @@ function getInputName(name: string): string {
 function setInput(name: string, value: string): void {
  process.env[getInputName(name)] = value;
 }
-
-// Assert that process.stdout.write calls called only with the given arguments.
-function assertWriteCalls(calls: string[]): void {
-  expect(process.stdout.write).toHaveBeenCalledTimes(calls.length);
-  for (let i = 0; i < calls.length; i++) {
-    expect(process.stdout.write).toHaveBeenNthCalledWith(i + 1, calls[i]);
-  }
-}
--- a/tests/fixtures/github-repo.json
+++ b/tests/fixtures/github-repo.json
@ -0,0 +1,362 @@
+{
+  "id": 1296269,
+  "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+  "name": "Hello-World",
+  "full_name": "octocat/Hello-World",
+  "owner": {
+    "login": "octocat",
+    "id": 1,
+    "node_id": "MDQ6VXNlcjE=",
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/octocat",
+    "html_url": "https://github.com/octocat",
+    "followers_url": "https://api.github.com/users/octocat/followers",
+    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+    "organizations_url": "https://api.github.com/users/octocat/orgs",
+    "repos_url": "https://api.github.com/users/octocat/repos",
+    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/octocat/received_events",
+    "type": "User",
+    "site_admin": false
+  },
+  "private": false,
+  "html_url": "https://github.com/octocat/Hello-World",
+  "description": "This your first repo!",
+  "fork": false,
+  "url": "https://api.github.com/repos/octocat/Hello-World",
+  "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
+  "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
+  "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
+  "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
+  "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
+  "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
+  "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
+  "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
+  "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
+  "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
+  "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
+  "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
+  "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
+  "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
+  "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
+  "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
+  "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
+  "git_url": "git:github.com/octocat/Hello-World.git",
+  "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
+  "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
+  "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
+  "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
+  "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
+  "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
+  "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
+  "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
+  "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
+  "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
+  "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
+  "ssh_url": "git@github.com:octocat/Hello-World.git",
+  "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
+  "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
+  "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
+  "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
+  "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
+  "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
+  "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
+  "clone_url": "https://github.com/octocat/Hello-World.git",
+  "mirror_url": "git:git.example.com/octocat/Hello-World",
+  "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
+  "svn_url": "https://svn.github.com/octocat/Hello-World",
+  "homepage": "https://github.com",
+  "language": null,
+  "forks_count": 9,
+  "stargazers_count": 80,
+  "watchers_count": 80,
+  "size": 108,
+  "default_branch": "master",
+  "open_issues_count": 0,
+  "is_template": true,
+  "topics": [
+    "octocat",
+    "atom",
+    "electron",
+    "api"
+  ],
+  "has_issues": true,
+  "has_projects": true,
+  "has_wiki": true,
+  "has_pages": false,
+  "has_downloads": true,
+  "archived": false,
+  "disabled": false,
+  "visibility": "public",
+  "pushed_at": "2011-01-26T19:06:43Z",
+  "created_at": "2011-01-26T19:01:12Z",
+  "updated_at": "2011-01-26T19:14:43Z",
+  "permissions": {
+    "pull": true,
+    "triage": true,
+    "push": false,
+    "maintain": false,
+    "admin": false
+  },
+  "allow_rebase_merge": true,
+  "template_repository": null,
+  "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
+  "allow_squash_merge": true,
+  "delete_branch_on_merge": true,
+  "allow_merge_commit": true,
+  "subscribers_count": 42,
+  "network_count": 0,
+  "license": {
+    "key": "mit",
+    "name": "MIT License",
+    "spdx_id": "MIT",
+    "url": "https://api.github.com/licenses/mit",
+    "node_id": "MDc6TGljZW5zZW1pdA=="
+  },
+  "organization": {
+    "login": "octocat",
+    "id": 1,
+    "node_id": "MDQ6VXNlcjE=",
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/octocat",
+    "html_url": "https://github.com/octocat",
+    "followers_url": "https://api.github.com/users/octocat/followers",
+    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+    "organizations_url": "https://api.github.com/users/octocat/orgs",
+    "repos_url": "https://api.github.com/users/octocat/repos",
+    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/octocat/received_events",
+    "type": "Organization",
+    "site_admin": false
+  },
+  "parent": {
+    "id": 1296269,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+    "name": "Hello-World",
+    "full_name": "octocat/Hello-World",
+    "owner": {
+      "login": "octocat",
+      "id": 1,
+      "node_id": "MDQ6VXNlcjE=",
+      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/octocat",
+      "html_url": "https://github.com/octocat",
+      "followers_url": "https://api.github.com/users/octocat/followers",
+      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+      "organizations_url": "https://api.github.com/users/octocat/orgs",
+      "repos_url": "https://api.github.com/users/octocat/repos",
+      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/octocat/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/octocat/Hello-World",
+    "description": "This your first repo!",
+    "fork": false,
+    "url": "https://api.github.com/repos/octocat/Hello-World",
+    "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
+    "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
+    "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
+    "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
+    "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
+    "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
+    "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
+    "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
+    "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
+    "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
+    "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
+    "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
+    "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
+    "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
+    "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
+    "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
+    "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
+    "git_url": "git:github.com/octocat/Hello-World.git",
+    "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
+    "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
+    "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
+    "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
+    "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
+    "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
+    "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
+    "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
+    "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
+    "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
+    "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
+    "ssh_url": "git@github.com:octocat/Hello-World.git",
+    "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
+    "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
+    "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
+    "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
+    "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
+    "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
+    "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
+    "clone_url": "https://github.com/octocat/Hello-World.git",
+    "mirror_url": "git:git.example.com/octocat/Hello-World",
+    "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
+    "svn_url": "https://svn.github.com/octocat/Hello-World",
+    "homepage": "https://github.com",
+    "language": null,
+    "forks_count": 9,
+    "stargazers_count": 80,
+    "watchers_count": 80,
+    "size": 108,
+    "default_branch": "master",
+    "open_issues_count": 0,
+    "is_template": true,
+    "topics": [
+      "octocat",
+      "atom",
+      "electron",
+      "api"
+    ],
+    "has_issues": true,
+    "has_projects": true,
+    "has_wiki": true,
+    "has_pages": false,
+    "has_downloads": true,
+    "archived": false,
+    "disabled": false,
+    "visibility": "public",
+    "pushed_at": "2011-01-26T19:06:43Z",
+    "created_at": "2011-01-26T19:01:12Z",
+    "updated_at": "2011-01-26T19:14:43Z",
+    "permissions": {
+      "admin": false,
+      "push": false,
+      "pull": true
+    },
+    "allow_rebase_merge": true,
+    "template_repository": null,
+    "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
+    "allow_squash_merge": true,
+    "delete_branch_on_merge": true,
+    "allow_merge_commit": true,
+    "subscribers_count": 42,
+    "network_count": 0
+  },
+  "source": {
+    "id": 1296269,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+    "name": "Hello-World",
+    "full_name": "octocat/Hello-World",
+    "owner": {
+      "login": "octocat",
+      "id": 1,
+      "node_id": "MDQ6VXNlcjE=",
+      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/octocat",
+      "html_url": "https://github.com/octocat",
+      "followers_url": "https://api.github.com/users/octocat/followers",
+      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+      "organizations_url": "https://api.github.com/users/octocat/orgs",
+      "repos_url": "https://api.github.com/users/octocat/repos",
+      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/octocat/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/octocat/Hello-World",
+    "description": "This your first repo!",
+    "fork": false,
+    "url": "https://api.github.com/repos/octocat/Hello-World",
+    "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
+    "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
+    "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
+    "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
+    "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
+    "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
+    "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
+    "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
+    "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
+    "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
+    "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
+    "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
+    "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
+    "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
+    "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
+    "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
+    "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
+    "git_url": "git:github.com/octocat/Hello-World.git",
+    "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
+    "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
+    "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
+    "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
+    "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
+    "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
+    "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
+    "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
+    "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
+    "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
+    "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
+    "ssh_url": "git@github.com:octocat/Hello-World.git",
+    "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
+    "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
+    "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
+    "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
+    "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
+    "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
+    "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
+    "clone_url": "https://github.com/octocat/Hello-World.git",
+    "mirror_url": "git:git.example.com/octocat/Hello-World",
+    "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
+    "svn_url": "https://svn.github.com/octocat/Hello-World",
+    "homepage": "https://github.com",
+    "language": null,
+    "forks_count": 9,
+    "stargazers_count": 80,
+    "watchers_count": 80,
+    "size": 108,
+    "default_branch": "master",
+    "open_issues_count": 0,
+    "is_template": true,
+    "topics": [
+      "octocat",
+      "atom",
+      "electron",
+      "api"
+    ],
+    "has_issues": true,
+    "has_projects": true,
+    "has_wiki": true,
+    "has_pages": false,
+    "has_downloads": true,
+    "archived": false,
+    "disabled": false,
+    "visibility": "public",
+    "pushed_at": "2011-01-26T19:06:43Z",
+    "created_at": "2011-01-26T19:01:12Z",
+    "updated_at": "2011-01-26T19:14:43Z",
+    "permissions": {
+      "admin": false,
+      "push": false,
+      "pull": true
+    },
+    "allow_rebase_merge": true,
+    "template_repository": null,
+    "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
+    "allow_squash_merge": true,
+    "delete_branch_on_merge": true,
+    "allow_merge_commit": true,
+    "subscribers_count": 42,
+    "network_count": 0
+  }
+}
--- a/tests/fixtures/secret.txt
+++ b/tests/fixtures/secret.txt
@ -1 +1 @@
-bar
+bar
--- a/action.yml
+++ b/action.yml
@ -7,20 +7,32 @@ branding:
  color: 'blue'

 inputs:
+  add-hosts:
+    description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
+    required: false
  allow:
-    description: "List of extra privileged entitlement (eg. network.host,security.insecure)"
+    description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
+    required: false
+  attests:
+    description: "List of attestation parameters (e.g., type=sbom,generator=image)"
    required: false
  build-args:
    description: "List of build-time variables"
    required: false
+  build-contexts:
+    description: "List of additional build contexts (e.g., name=path)"
+    required: false
  builder:
    description: "Builder instance"
    required: false
  cache-from:
-    description: "List of external cache sources for buildx (eg. user/app:cache, type=local,src=path/to/dir)"
+    description: "List of external cache sources for buildx (e.g., user/app:cache, type=local,src=path/to/dir)"
    required: false
  cache-to:
-    description: "List of cache export destinations for buildx (eg. user/app:cache, type=local,dest=path/to/dir)"
+    description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
+    required: false
+  cgroup-parent:
+    description: "Optional parent cgroup for the container used in the build"
    required: false
  context:
    description: "Build's context is the set of files located in the specified PATH or URL"
@ -42,25 +54,37 @@ inputs:
    description: "Do not use cache when building the image"
    required: false
    default: 'false'
+  no-cache-filters:
+    description: "Do not cache specified stages"
+    required: false
  outputs:
    description: "List of output destinations (format: type=local,dest=path)"
    required: false
  platforms:
    description: "List of target platforms for build"
    required: false
+  provenance:
+    description: "Generate provenance attestation for the build (shorthand for --attest=type=provenance)"
+    required: false
  pull:
-    description: "Always attempt to pull a newer version of the image"
+    description: "Always attempt to pull all referenced images"
    required: false
    default: 'false'
  push:
    description: "Push is a shorthand for --output=type=registry"
    required: false
    default: 'false'
+  sbom:
+    description: "Generate SBOM attestation for the build (shorthand for --attest=type=sbom)"
+    required: false
  secrets:
-    description: "List of secrets to expose to the build (eg. key=string, GIT_AUTH_TOKEN=mytoken)"
+    description: "List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken)"
    required: false
  secret-files:
-    description: "List of secret files to expose to the build (eg. key=filename, MY_SECRET=./secret.txt)"
+    description: "List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt)"
+    required: false
+  shm-size:
+    description: "Size of /dev/shm (e.g., 2g)"
    required: false
  ssh:
    description: "List of SSH agent socket or keys to expose to the build"
@ -71,18 +95,23 @@ inputs:
  target:
    description: "Sets the target stage to build"
    required: false
+  ulimit:
+    description: "Ulimit options (e.g., nofile=1024:1024)"
+    required: false
  github-token:
    description: "GitHub Token used to authenticate against a repository for Git context"
    default: ${{ github.token }}
    required: false

 outputs:
+  imageid:
+    description: 'Image ID'
  digest:
-    description: 'Image content-addressable identifier also called a digest'
+    description: 'Image digest'
  metadata:
    description: 'Build result metadata'

 runs:
-  using: 'node12'
+  using: 'node16'
  main: 'dist/index.js'
  post: 'dist/index.js'
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@ -0,0 +1,76 @@
+# syntax=docker/dockerfile:1
+
+ARG NODE_VERSION=16
+ARG DOCKER_VERSION=20.10.13
+ARG BUILDX_VERSION=0.8.0
+
+FROM node:${NODE_VERSION}-alpine AS base
+RUN apk add --no-cache cpio findutils git
+WORKDIR /src
+
+FROM base AS deps
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  yarn install && mkdir /vendor && cp yarn.lock /vendor
+
+FROM scratch AS vendor-update
+COPY --from=deps /vendor /
+
+FROM deps AS vendor-validate
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /vendor/* .
+if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+  git status --porcelain -- yarn.lock
+  exit 1
+fi
+EOT
+
+FROM deps AS build
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run build && mkdir /out && cp -Rf dist /out/
+
+FROM scratch AS build-update
+COPY --from=build /out /
+
+FROM build AS build-validate
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /out/* .
+if [ -n "$(git status --porcelain -- dist)" ]; then
+  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+  git status --porcelain -- dist
+  exit 1
+fi
+EOT
+
+FROM deps AS format
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run format \
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
+
+FROM scratch AS format-update
+COPY --from=format /out /
+
+FROM deps AS lint
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run lint
+
+FROM docker:${DOCKER_VERSION} as docker
+FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
+
+FROM deps AS test
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
+  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
+  yarn run test --coverageDirectory=/tmp/coverage
+
+FROM scratch AS test-coverage
+COPY --from=test /tmp/coverage /
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/sourcemap-register.js
+++ b/dist/sourcemap-register.js
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,13 +1,3 @@
-variable "NODE_VERSION" {
-  default = "12"
-}
-
-target "node-version" {
-  args = {
-    NODE_VERSION = NODE_VERSION
-  }
-}
-
 group "default" {
  targets = ["build"]
 }
@ -17,51 +7,47 @@ group "pre-checkin" {
 }

 group "validate" {
-  targets = ["format-validate", "build-validate", "vendor-validate"]
+  targets = ["lint", "build-validate", "vendor-validate"]
 }

 target "build" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "build-update"
  output = ["."]
 }

 target "build-validate" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "build-validate"
+  output = ["type=cacheonly"]
 }

 target "format" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/build.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "format-update"
  output = ["."]
 }

-target "format-validate" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/build.Dockerfile"
-  target = "format-validate"
+target "lint" {
+  dockerfile = "dev.Dockerfile"
+  target = "lint"
+  output = ["type=cacheonly"]
 }

 target "vendor-update" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/vendor.Dockerfile"
-  target = "update"
+  dockerfile = "dev.Dockerfile"
+  target = "vendor-update"
  output = ["."]
 }

 target "vendor-validate" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/vendor.Dockerfile"
-  target = "validate"
+  dockerfile = "dev.Dockerfile"
+  target = "vendor-validate"
+  output = ["type=cacheonly"]
 }

 target "test" {
-  inherits = ["node-version"]
-  dockerfile = "./hack/test.Dockerfile"
+  dockerfile = "dev.Dockerfile"
  target = "test-coverage"
  output = ["./coverage"]
 }
--- a/docs/advanced/cache.md
+++ b/docs/advanced/cache.md
@ -1,200 +1,3 @@
 # Cache

-* [Inline cache](#inline-cache)
-* [Registry cache](#registry-cache)
-* [GitHub cache](#github-cache)
-  * [Cache backend API](#cache-backend-api)
-  * [Local cache](#local-cache)
-
-> More info about cache on [BuildKit](https://github.com/moby/buildkit#export-cache) and [Buildx](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) repositories.
-
-## Inline cache
-
-In most case you want to use the [`type=inline` cache exporter](https://github.com/moby/buildkit#inline-push-image-and-cache-together).
-However, note that the `inline` cache exporter only supports `min` cache mode. To enable `max` cache mode, push the
-image and the cache separately by using the `registry` cache exporter as shown in the [next example](#registry-cache).
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: user/app:latest
-          cache-from: type=registry,ref=user/app:latest
-          cache-to: type=inline
-```
-
-## Registry cache
-
-You can import/export cache from a cache manifest or (special) image configuration on the registry with the
-[`type=registry` cache exporter](https://github.com/moby/buildkit/tree/master#registry-push-image-and-cache-separately).
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: user/app:latest
-          cache-from: type=registry,ref=user/app:buildcache
-          cache-to: type=registry,ref=user/app:buildcache,mode=max
-```
-
-## GitHub cache
-
-### Cache backend API
-
-> :test_tube: This cache exporter is considered EXPERIMENTAL until further notice. Please provide feedback on
-> [BuildKit repository](https://github.com/moby/buildkit) if you encounter any issues.
-
-Since [buildx 0.6.0](https://github.com/docker/buildx/releases/tag/v0.6.0) and [BuildKit 0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0),
-you can use the [`type=gha` cache exporter](https://github.com/moby/buildkit/tree/master#github-actions-cache-experimental).
-
-GitHub Actions cache exporter backend uses the [GitHub Cache API](https://github.com/tonistiigi/go-actions-cache/blob/master/api.md)
-to fetch and upload cache blobs. That's why this type of cache should be exclusively used in a GitHub Action workflow
-as the `url` (`$ACTIONS_CACHE_URL`) and `token` (`$ACTIONS_RUNTIME_TOKEN`) attributes are populated when a workflow
-is started.
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: user/app:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-```
-
-### Local cache
-
-> :warning: At the moment caches are copied over the existing cache so it [keeps growing](https://github.com/docker/build-push-action/issues/252).
-> The `Move cache` step is used as a temporary fix (see https://github.com/moby/buildkit/issues/1896).
-
-You can also leverage [GitHub cache](https://docs.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows)
-using [actions/cache](https://github.com/actions/cache) and [`type=local` cache exporter](https://github.com/moby/buildkit#local-directory-1)
-with this action:
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Cache Docker layers
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: user/app:latest
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-      -
-        # Temp fix
-        # https://github.com/docker/build-push-action/issues/252
-        # https://github.com/moby/buildkit/issues/1896
-        name: Move cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/cache/)
--- a/docs/advanced/copy-between-registries.md
+++ b/docs/advanced/copy-between-registries.md
@ -1,73 +1,3 @@
 # Copy images between registries

-Multi-platform images built using buildx can be copied from one registry to another without
-changing the image SHA using the [tag-push-action](https://github.com/akhilerm/tag-push-action).
-
-The following workflow will first push the image to dockerhub, run some tests using the images
-and then push to quay and ghcr
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      - 
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - # quay and ghcr logins for pushing image after testing
-        name: Login to Quay Registry
-        uses: docker/login-action@v1 
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAY_USERNAME }}
-          password: ${{ secrets.QUAY_TOKEN }}
-      -
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: |
-            user/app:latest
-            user/app:1.0.0
-      - # run tests using image from docker hub
-        name: Run Tests
-        run: make tests
-      - # copy multiplatform image from dockerhub to quay and ghcr
-        name: Push Image to multiple registries
-        uses: akhilerm/tag-push-action@v1.0.0
-        with:
-          src: docker.io/user/app:1.0.0
-          dst: |
-            quay.io/user/app:latest
-            quay.io/user/app:1.0.0
-            ghcr.io/user/app:latest
-            ghcr.io/user/app:1.0.0
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
--- a/docs/advanced/dockerhub-desc.md
+++ b/docs/advanced/dockerhub-desc.md
@ -1,48 +1,3 @@
-# Update DockerHub repo description
+# Update Docker Hub repo description

-You can update the [DockerHub repository description](https://docs.docker.com/docker-hub/repos/) using
-a third party action called [DockerHub Description](https://github.com/peter-evans/dockerhub-description)
-with this action:
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: user/app:latest
-      -
-        name: Update repo description
-        uses: peter-evans/dockerhub-description@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-          repository: user/app
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
--- a/docs/advanced/export-docker.md
+++ b/docs/advanced/export-docker.md
@ -1,35 +1,3 @@
 # Export image to Docker

-You may want your build result to be available in the Docker client through `docker images` to be able to use it
-in another step of your workflow:
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Build
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          load: true
-          tags: myimage:latest
-      -
-        name: Inspect
-        run: |
-          docker image inspect myimage:latest
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/export-docker/)
--- a/docs/advanced/isolated-builders.md
+++ b/docs/advanced/isolated-builders.md
@ -1,44 +1,3 @@
 # Isolated builders

-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        uses: docker/setup-buildx-action@v1
-        id: builder1
-      -
-        uses: docker/setup-buildx-action@v1
-        id: builder2
-      -
-        name: Builder 1 name
-        run: echo ${{ steps.builder1.outputs.name }}
-      -
-        name: Builder 2 name
-        run: echo ${{ steps.builder2.outputs.name }}
-      -
-        name: Build against builder1
-        uses: docker/build-push-action@v2
-        with:
-          builder: ${{ steps.builder1.outputs.name }}
-          context: .
-          target: mytarget1
-      -
-        name: Build against builder2
-        uses: docker/build-push-action@v2
-        with:
-          builder: ${{ steps.builder2.outputs.name }}
-          context: .
-          target: mytarget2
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/configure-builder/#isolated-builders)
--- a/docs/advanced/local-registry.md
+++ b/docs/advanced/local-registry.md
@ -1,44 +1,3 @@
 # Local registry

-For testing purposes you may need to create a [local registry](https://hub.docker.com/_/registry) to push images into:
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    services:
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          driver-opts: network=host
-      -
-        name: Build and push to local registry
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: true
-          tags: localhost:5000/name/app:latest
-      -
-        name: Inspect
-        run: |
-          docker buildx imagetools inspect localhost:5000/name/app:latest
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/local-registry/)
--- a/docs/advanced/multi-platform.md
+++ b/docs/advanced/multi-platform.md
@ -1,44 +1,3 @@
 # Multi-platform image

-You can build multi-platform images using the [`platforms` input](../../README.md#inputs) as described below.
-
-> :bulb: List of available platforms will be displayed and available through our [setup-buildx](https://github.com/docker/setup-buildx-action#about) action.
-
-> :bulb: If you want support for more platforms, you can use QEMU with our [setup-qemu](https://github.com/docker/setup-qemu-action) action.
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: user/app:latest
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/multi-platform/)
--- a/docs/advanced/named-contexts.md
+++ b/docs/advanced/named-contexts.md
@ -0,0 +1,3 @@
+# Named contexts
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/named-contexts/)
--- a/docs/advanced/push-multi-registries.md
+++ b/docs/advanced/push-multi-registries.md
@ -1,57 +1,3 @@
 # Push to multi-registries

-* [Docker Hub and GHCR](#docker-hub-and-ghcr)
-
-## Docker Hub and GHCR
-
-The following workflow will connect you to [DockerHub](https://github.com/docker/login-action#dockerhub)
-and [GitHub Container Registry](https://github.com/docker/login-action#github-container-registry) and push the
-image to these registries.
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v1 
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: |
-            user/app:latest
-            user/app:1.0.0
-            ghcr.io/user/app:latest
-            ghcr.io/user/app:1.0.0
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)
--- a/docs/advanced/secrets.md
+++ b/docs/advanced/secrets.md
@ -1,84 +1,3 @@
 # Secrets

-In the following example we will expose and use the [GITHUB_TOKEN secret](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#about-the-github_token-secret)
-as provided by GitHub in your workflow.
-
-First let's create our `Dockerfile` to use our secret:
-
-```Dockerfile
-#syntax=docker/dockerfile:1.2
-
-FROM alpine
-RUN --mount=type=secret,id=github_token \
-  cat /run/secrets/github_token
-```
-
-As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
-the [`secrets` input](../../README.md#inputs):
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Build
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          tags: user/app:latest
-          secrets: |
-            "github_token=${{ secrets.GITHUB_TOKEN }}"
-```
-
-> :bulb: You can also expose a secret file to the build with [`secret-files`](../../README.md#inputs) input:
-> ```yaml
-> secret-files: |
->   "MY_SECRET=./secret.txt"
-> ```
-
-If you're using [GitHub secrets](https://docs.github.com/en/actions/reference/encrypted-secrets) and need to handle
-multi-line value, you will need to place the key-value pair between quotes:
-
-```yaml
-secrets: |
-  "MYSECRET=${{ secrets.GPG_KEY }}"
-  GIT_AUTH_TOKEN=abcdefghi,jklmno=0123456789
-  "MYSECRET=aaaaaaaa
-  bbbbbbb
-  ccccccccc"
-  FOO=bar
-  "EMPTYLINE=aaaa
-  
-  bbbb
-  ccc"
-  "JSON_SECRET={""key1"":""value1"",""key2"":""value2""}"
-```
-
-| Key                | Value                                            |
-|--------------------|--------------------------------------------------|
-| `MYSECRET`         | `***********************` |
-| `GIT_AUTH_TOKEN`   | `abcdefghi,jklmno=0123456789` |
-| `MYSECRET`         | `aaaaaaaa\nbbbbbbb\nccccccccc` |
-| `FOO`              | `bar` |
-| `EMPTYLINE`        | `aaaa\n\nbbbb\nccc` |
-| `JSON_SECRET`      | `{"key1":"value1","key2":"value2"}` |
-
-> :bulb: All quote signs need to be doubled for escaping.
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/secrets/)
--- a/docs/advanced/share-image-jobs.md
+++ b/docs/advanced/share-image-jobs.md
@ -1,58 +1,3 @@
 # Share built image between jobs

-As each job is isolated in its own runner you cannot use your built image between jobs (except for [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners)).
-However, you can [pass data between jobs in a workflow](https://docs.github.com/en/actions/guides/storing-workflow-data-as-artifacts#passing-data-between-jobs-in-a-workflow)
-using the [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact)
-actions:
-
-```yaml
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Build and export
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          tags: myimage:latest
-          outputs: type=docker,dest=/tmp/myimage.tar
-      -
-        name: Upload artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: myimage
-          path: /tmp/myimage.tar
-
-  use:
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Download artifact
-        uses: actions/download-artifact@v2
-        with:
-          name: myimage
-          path: /tmp
-      -
-        name: Load image
-        run: |
-          docker load --input /tmp/myimage.tar
-          docker image ls -a
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
--- a/docs/advanced/tags-labels.md
+++ b/docs/advanced/tags-labels.md
@ -1,77 +1,3 @@
 # Handle tags and labels

-If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
-"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-for labels, you can do it in a dedicated step. The following workflow will use the [Docker metadata action](https://github.com/docker/metadata-action)
-to handle tags and labels based on GitHub actions events and Git metadata.
-
-```yaml
-name: ci
-
-on:
-  schedule:
-    - cron: '0 10 * * *' # everyday at 10am
-  push:
-    branches:
-      - '**'
-    tags:
-      - 'v*.*.*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v3
-        with:
-          # list of Docker images to use as base name for tags
-          images: |
-            name/app
-            ghcr.io/username/app
-          # generate Docker tags based on the following events/attributes
-          tags: |
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1 
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Login to GHCR
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)
--- a/docs/advanced/test-before-push.md
+++ b/docs/advanced/test-before-push.md
@ -0,0 +1,3 @@
+# Test your image before pushing it
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/test-before-push/)
--- a/hack/build.Dockerfile
+++ b/hack/build.Dockerfile
@ -1,42 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache cpio findutils git
-WORKDIR /src
-
-FROM base AS deps
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install
-
-FROM deps AS build
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn run build && mkdir /out && cp -Rf dist /out/
-
-FROM scratch AS build-update
-COPY --from=build /out /
-
-FROM build AS build-validate
-RUN --mount=type=bind,target=.,rw \
-  git add -A && cp -rf /out/* .; \
-  if [ -n "$(git status --porcelain -- dist)" ]; then \
-    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \
-    git status --porcelain -- dist; \
-    exit 1; \
-  fi
-
-FROM deps AS format
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
-
-FROM scratch AS format-update
-COPY --from=format /out /
-
-FROM deps AS format-validate
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn run format-check \
--- a/hack/test.Dockerfile
+++ b/hack/test.Dockerfile
@ -1,28 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-ARG DOCKER_VERSION=20.10.7
-ARG BUILDX_VERSION=0.6.0
-
-FROM docker:${DOCKER_VERSION} as docker
-FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache git
-WORKDIR /src
-
-FROM base AS deps
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install
-
-FROM deps AS test
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
-  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
-  yarn run test --coverageDirectory=/tmp/coverage
-
-FROM scratch AS test-coverage
-COPY --from=test /tmp/coverage /
--- a/hack/vendor.Dockerfile
+++ b/hack/vendor.Dockerfile
@ -1,23 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache git
-WORKDIR /src
-
-FROM base AS vendored
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /out && cp yarn.lock /out
-
-FROM scratch AS update
-COPY --from=vendored /out /
-
-FROM vendored AS validate
-RUN --mount=type=bind,target=.,rw \
-  git add -A && cp -rf /out/* .; \
-  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \
-    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \
-    git status --porcelain -- yarn.lock; \
-    exit 1; \
-  fi
--- a/jest.config.js
+++ b/jest.config.js
@ -1,12 +0,0 @@
-module.exports = {
-  clearMocks: false,
-  moduleFileExtensions: ['js', 'ts'],
-  setupFiles: ["dotenv/config"],
-  testEnvironment: 'node',
-  testMatch: ['**/*.test.ts'],
-  testRunner: 'jest-circus/runner',
-  transform: {
-    '^.+\\.ts$': 'ts-jest'
-  },
-  verbose: false
-}
--- a/jest.config.ts
+++ b/jest.config.ts
@ -0,0 +1,30 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-action-'));
+
+process.env = Object.assign({}, process.env, {
+  TEMP: tmpDir,
+  GITHUB_REPOSITORY: 'docker/build-push-action',
+  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
+  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
+}) as {
+  [key: string]: string;
+};
+
+module.exports = {
+  clearMocks: false,
+  testEnvironment: 'node',
+  moduleFileExtensions: ['js', 'ts'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  moduleNameMapper: {
+    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
+  },
+  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
+  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
+  verbose: true
+};
--- a/package.json
+++ b/package.json
@ -3,11 +3,11 @@
  "description": "Build and push Docker images",
  "main": "lib/main.js",
  "scripts": {
-    "build": "tsc && ncc build",
-    "format": "prettier --write **/*.ts",
-    "format-check": "prettier --check **/*.ts",
+    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
+    "lint": "eslint src/**/*.ts __tests__/**/*.ts",
+    "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
    "test": "jest --coverage",
-    "pre-checkin": "yarn run format && yarn run build"
+    "all": "yarn run build && yarn run format && yarn test"
  },
  "repository": {
    "type": "git",
@ -28,26 +28,24 @@
  ],
  "license": "Apache-2.0",
  "dependencies": {
-    "@actions/core": "^1.5.0",
-    "@actions/exec": "^1.1.0",
-    "@actions/github": "^5.0.0",
-    "csv-parse": "^4.16.0",
-    "semver": "^7.3.5",
-    "tmp": "^0.2.1"
+    "@actions/core": "^1.10.0",
+    "@docker/actions-toolkit": "^0.5.0",
+    "handlebars": "^4.7.7"
  },
  "devDependencies": {
    "@types/csv-parse": "^1.2.2",
-    "@types/jest": "^26.0.23",
-    "@types/node": "^14.17.4",
-    "@types/tmp": "^0.2.0",
-    "@vercel/ncc": "^0.28.6",
-    "dotenv": "^8.6.0",
-    "jest": "^26.6.3",
-    "jest-circus": "^26.6.3",
-    "jest-runtime": "^26.6.3",
-    "prettier": "^2.3.1",
-    "ts-jest": "^26.5.6",
-    "typescript": "^4.3.4",
-    "typescript-formatter": "^7.2.2"
+    "@types/node": "^16.18.21",
+    "@typescript-eslint/eslint-plugin": "^5.56.0",
+    "@typescript-eslint/parser": "^5.56.0",
+    "@vercel/ncc": "^0.36.1",
+    "eslint": "^8.36.0",
+    "eslint-config-prettier": "^8.8.0",
+    "eslint-plugin-jest": "^27.2.1",
+    "eslint-plugin-prettier": "^4.2.1",
+    "jest": "^29.5.0",
+    "prettier": "^2.8.7",
+    "ts-jest": "^29.0.5",
+    "ts-node": "^10.9.1",
+    "typescript": "^4.9.5"
  }
 }
--- a/src/buildx.ts
+++ b/src/buildx.ts
@ -1,132 +0,0 @@
-import csvparse from 'csv-parse/lib/sync';
-import fs from 'fs';
-import path from 'path';
-import * as semver from 'semver';
-import * as exec from '@actions/exec';
-
-import * as context from './context';
-
-export async function getImageIDFile(): Promise<string> {
-  return path.join(context.tmpDir(), 'iidfile').split(path.sep).join(path.posix.sep);
-}
-
-export async function getImageID(): Promise<string | undefined> {
-  const iidFile = await getImageIDFile();
-  if (!fs.existsSync(iidFile)) {
-    return undefined;
-  }
-  return fs.readFileSync(iidFile, {encoding: 'utf-8'});
-}
-
-export async function getMetadataFile(): Promise<string> {
-  return path.join(context.tmpDir(), 'metadata-file').split(path.sep).join(path.posix.sep);
-}
-
-export async function getMetadata(): Promise<string | undefined> {
-  const metadataFile = await getMetadataFile();
-  if (!fs.existsSync(metadataFile)) {
-    return undefined;
-  }
-  return fs.readFileSync(metadataFile, {encoding: 'utf-8'});
-}
-
-export async function getSecretString(kvp: string): Promise<string> {
-  return getSecret(kvp, false);
-}
-
-export async function getSecretFile(kvp: string): Promise<string> {
-  return getSecret(kvp, true);
-}
-
-export async function getSecret(kvp: string, file: boolean): Promise<string> {
-  const delimiterIndex = kvp.indexOf('=');
-  const key = kvp.substring(0, delimiterIndex);
-  let value = kvp.substring(delimiterIndex + 1);
-  if (key.length == 0 || value.length == 0) {
-    throw new Error(`${kvp} is not a valid secret`);
-  }
-
-  if (file) {
-    if (!fs.existsSync(value)) {
-      throw new Error(`secret file ${value} not found`);
-    }
-    value = fs.readFileSync(value, {encoding: 'utf-8'});
-  }
-
-  const secretFile = context.tmpNameSync({
-    tmpdir: context.tmpDir()
-  });
-  fs.writeFileSync(secretFile, value);
-
-  return `id=${key},src=${secretFile}`;
-}
-
-export function isLocalOrTarExporter(outputs: string[]): Boolean {
-  for (let output of csvparse(outputs.join(`\n`), {
-    delimiter: ',',
-    trim: true,
-    columns: false,
-    relaxColumnCount: true
-  })) {
-    // Local if no type is defined
-    // https://github.com/docker/buildx/blob/d2bf42f8b4784d83fde17acb3ed84703ddc2156b/build/output.go#L29-L43
-    if (output.length == 1 && !output[0].startsWith('type=')) {
-      return true;
-    }
-    for (let [key, value] of output.map(chunk => chunk.split('=').map(item => item.trim()))) {
-      if (key == 'type' && (value == 'local' || value == 'tar')) {
-        return true;
-      }
-    }
-  }
-  return false;
-}
-
-export function hasGitAuthToken(secrets: string[]): Boolean {
-  for (let secret of secrets) {
-    if (secret.startsWith('GIT_AUTH_TOKEN=')) {
-      return true;
-    }
-  }
-  return false;
-}
-
-export async function isAvailable(): Promise<Boolean> {
-  return await exec
-    .getExecOutput('docker', ['buildx'], {
-      ignoreReturnCode: true,
-      silent: true
-    })
-    .then(res => {
-      if (res.stderr.length > 0 && res.exitCode != 0) {
-        return false;
-      }
-      return res.exitCode == 0;
-    });
-}
-
-export async function getVersion(): Promise<string> {
-  return await exec
-    .getExecOutput('docker', ['buildx', 'version'], {
-      ignoreReturnCode: true,
-      silent: true
-    })
-    .then(res => {
-      if (res.stderr.length > 0 && res.exitCode != 0) {
-        throw new Error(res.stderr.trim());
-      }
-      return parseVersion(res.stdout.trim());
-    });
-}
-
-export function parseVersion(stdout: string): string {
-  const matches = /\sv?([0-9a-f]{7}|[0-9.]+)/.exec(stdout);
-  if (!matches) {
-    throw new Error(`Cannot parse buildx version`);
-  }
-  return matches[1];
-}
-
-export function satisfies(version: string, range: string): boolean {
-  return semver.satisfies(version, range) || /^[0-9a-f]{7}$/.exec(version) !== null;
-}
--- a/src/context.ts
+++ b/src/context.ts
@ -1,218 +1,216 @@
-import csvparse from 'csv-parse/lib/sync';
-import * as fs from 'fs';
-import * as os from 'os';
-import * as path from 'path';
-import * as tmp from 'tmp';
-
 import * as core from '@actions/core';
-import {issueCommand} from '@actions/core/lib/command';
-import * as github from '@actions/github';
-
-import * as buildx from './buildx';
-
-let _defaultContext, _tmpDir: string;
+import * as handlebars from 'handlebars';
+import {Context} from '@docker/actions-toolkit/lib/context';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {Util} from '@docker/actions-toolkit/lib/util';

 export interface Inputs {
+  addHosts: string[];
  allow: string[];
+  attests: string[];
  buildArgs: string[];
+  buildContexts: string[];
  builder: string;
  cacheFrom: string[];
  cacheTo: string[];
+  cgroupParent: string;
  context: string;
  file: string;
  labels: string[];
  load: boolean;
  network: string;
  noCache: boolean;
+  noCacheFilters: string[];
  outputs: string[];
  platforms: string[];
+  provenance: string;
  pull: boolean;
  push: boolean;
+  sbom: string;
  secrets: string[];
  secretFiles: string[];
+  shmSize: string;
  ssh: string[];
  tags: string[];
  target: string;
+  ulimit: string[];
  githubToken: string;
 }

-export function defaultContext(): string {
-  if (!_defaultContext) {
-    let ref = github.context.ref;
-    if (github.context.sha && ref && !ref.startsWith('refs/')) {
-      ref = `refs/heads/${github.context.ref}`;
-    }
-    if (github.context.sha && !ref.startsWith(`refs/pull/`)) {
-      ref = github.context.sha;
-    }
-    _defaultContext = `${process.env.GITHUB_SERVER_URL || 'https://github.com'}/${github.context.repo.owner}/${github.context.repo.repo}.git#${ref}`;
-  }
-  return _defaultContext;
-}
-
-export function tmpDir(): string {
-  if (!_tmpDir) {
-    _tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-')).split(path.sep).join(path.posix.sep);
-  }
-  return _tmpDir;
-}
-
-export function tmpNameSync(options?: tmp.TmpNameOptions): string {
-  return tmp.tmpNameSync(options);
-}
-
-export async function getInputs(defaultContext: string): Promise<Inputs> {
+export async function getInputs(): Promise<Inputs> {
  return {
-    allow: await getInputList('allow'),
-    buildArgs: await getInputList('build-args', true),
+    addHosts: Util.getInputList('add-hosts'),
+    allow: Util.getInputList('allow'),
+    attests: Util.getInputList('attests', {ignoreComma: true}),
+    buildArgs: Util.getInputList('build-args', {ignoreComma: true}),
+    buildContexts: Util.getInputList('build-contexts', {ignoreComma: true}),
    builder: core.getInput('builder'),
-    cacheFrom: await getInputList('cache-from', true),
-    cacheTo: await getInputList('cache-to', true),
-    context: core.getInput('context') || defaultContext,
+    cacheFrom: Util.getInputList('cache-from', {ignoreComma: true}),
+    cacheTo: Util.getInputList('cache-to', {ignoreComma: true}),
+    cgroupParent: core.getInput('cgroup-parent'),
+    context: core.getInput('context') || Context.gitContext(),
    file: core.getInput('file'),
-    labels: await getInputList('labels', true),
+    labels: Util.getInputList('labels', {ignoreComma: true}),
    load: core.getBooleanInput('load'),
    network: core.getInput('network'),
    noCache: core.getBooleanInput('no-cache'),
-    outputs: await getInputList('outputs', true),
-    platforms: await getInputList('platforms'),
+    noCacheFilters: Util.getInputList('no-cache-filters'),
+    outputs: Util.getInputList('outputs', {ignoreComma: true}),
+    platforms: Util.getInputList('platforms'),
+    provenance: BuildxInputs.getProvenanceInput('provenance'),
    pull: core.getBooleanInput('pull'),
    push: core.getBooleanInput('push'),
-    secrets: await getInputList('secrets', true),
-    secretFiles: await getInputList('secret-files', true),
-    ssh: await getInputList('ssh'),
-    tags: await getInputList('tags'),
+    sbom: core.getInput('sbom'),
+    secrets: Util.getInputList('secrets', {ignoreComma: true}),
+    secretFiles: Util.getInputList('secret-files', {ignoreComma: true}),
+    shmSize: core.getInput('shm-size'),
+    ssh: Util.getInputList('ssh'),
+    tags: Util.getInputList('tags'),
    target: core.getInput('target'),
+    ulimit: Util.getInputList('ulimit', {ignoreComma: true}),
    githubToken: core.getInput('github-token')
  };
 }

-export async function getArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = ['buildx'];
-  args.push.apply(args, await getBuildArgs(inputs, defaultContext, buildxVersion));
-  args.push.apply(args, await getCommonArgs(inputs));
-  args.push(inputs.context);
-  return args;
+export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
+  const context = handlebars.compile(inputs.context)({
+    defaultContext: Context.gitContext()
+  });
+  // prettier-ignore
+  return [
+    ...await getBuildArgs(inputs, context, toolkit),
+    ...await getCommonArgs(inputs, toolkit),
+    context
+  ];
 }

-async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = ['build'];
-  await asyncForEach(inputs.buildArgs, async buildArg => {
+async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): Promise<Array<string>> {
+  const args: Array<string> = ['build'];
+  await Util.asyncForEach(inputs.addHosts, async addHost => {
+    args.push('--add-host', addHost);
+  });
+  if (inputs.allow.length > 0) {
+    args.push('--allow', inputs.allow.join(','));
+  }
+  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
+    await Util.asyncForEach(inputs.attests, async attest => {
+      args.push('--attest', attest);
+    });
+  }
+  await Util.asyncForEach(inputs.buildArgs, async buildArg => {
    args.push('--build-arg', buildArg);
  });
-  await asyncForEach(inputs.labels, async label => {
+  if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
+    await Util.asyncForEach(inputs.buildContexts, async buildContext => {
+      args.push('--build-context', buildContext);
+    });
+  }
+  await Util.asyncForEach(inputs.cacheFrom, async cacheFrom => {
+    args.push('--cache-from', cacheFrom);
+  });
+  await Util.asyncForEach(inputs.cacheTo, async cacheTo => {
+    args.push('--cache-to', cacheTo);
+  });
+  if (inputs.cgroupParent) {
+    args.push('--cgroup-parent', inputs.cgroupParent);
+  }
+  if (inputs.file) {
+    args.push('--file', inputs.file);
+  }
+  if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
+    args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath());
+  }
+  await Util.asyncForEach(inputs.labels, async label => {
    args.push('--label', label);
  });
-  await asyncForEach(inputs.tags, async tag => {
+  await Util.asyncForEach(inputs.noCacheFilters, async noCacheFilter => {
+    args.push('--no-cache-filter', noCacheFilter);
+  });
+  await Util.asyncForEach(inputs.outputs, async output => {
+    args.push('--output', output);
+  });
+  if (inputs.platforms.length > 0) {
+    args.push('--platform', inputs.platforms.join(','));
+  }
+  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
+    if (inputs.provenance) {
+      args.push('--provenance', inputs.provenance);
+    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
+      // if provenance not specified and BuildKit version compatible for
+      // attestation, set default provenance. Also needs to make sure user
+      // doesn't want to explicitly load the image to docker.
+      if (GitHub.context.payload.repository?.private ?? false) {
+        // if this is a private repository, we set the default provenance
+        // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
+        args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`));
+      } else {
+        // for a public repository, we set max provenance mode.
+        args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=max`));
+      }
+    }
+    if (inputs.sbom) {
+      args.push('--sbom', inputs.sbom);
+    }
+  }
+  await Util.asyncForEach(inputs.secrets, async secret => {
+    try {
+      args.push('--secret', BuildxInputs.resolveBuildSecretString(secret));
+    } catch (err) {
+      core.warning(err.message);
+    }
+  });
+  await Util.asyncForEach(inputs.secretFiles, async secretFile => {
+    try {
+      args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile));
+    } catch (err) {
+      core.warning(err.message);
+    }
+  });
+  if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
+    args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+  }
+  if (inputs.shmSize) {
+    args.push('--shm-size', inputs.shmSize);
+  }
+  await Util.asyncForEach(inputs.ssh, async ssh => {
+    args.push('--ssh', ssh);
+  });
+  await Util.asyncForEach(inputs.tags, async tag => {
    args.push('--tag', tag);
  });
  if (inputs.target) {
    args.push('--target', inputs.target);
  }
-  if (inputs.allow.length > 0) {
-    args.push('--allow', inputs.allow.join(','));
-  }
-  if (inputs.platforms.length > 0) {
-    args.push('--platform', inputs.platforms.join(','));
-  }
-  await asyncForEach(inputs.outputs, async output => {
-    args.push('--output', output);
+  await Util.asyncForEach(inputs.ulimit, async ulimit => {
+    args.push('--ulimit', ulimit);
  });
-  if (!buildx.isLocalOrTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || buildx.satisfies(buildxVersion, '>=0.4.2'))) {
-    args.push('--iidfile', await buildx.getImageIDFile());
-  }
-  if (buildx.satisfies(buildxVersion, '>=0.6.0')) {
-    args.push('--metadata-file', await buildx.getMetadataFile());
-  }
-  await asyncForEach(inputs.cacheFrom, async cacheFrom => {
-    args.push('--cache-from', cacheFrom);
-  });
-  await asyncForEach(inputs.cacheTo, async cacheTo => {
-    args.push('--cache-to', cacheTo);
-  });
-  await asyncForEach(inputs.secrets, async secret => {
-    try {
-      args.push('--secret', await buildx.getSecretString(secret));
-    } catch (err) {
-      core.warning(err.message);
-    }
-  });
-  await asyncForEach(inputs.secretFiles, async secretFile => {
-    try {
-      args.push('--secret', await buildx.getSecretFile(secretFile));
-    } catch (err) {
-      core.warning(err.message);
-    }
-  });
-  if (inputs.githubToken && !buildx.hasGitAuthToken(inputs.secrets) && inputs.context == defaultContext) {
-    args.push('--secret', await buildx.getSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
-  }
-  await asyncForEach(inputs.ssh, async ssh => {
-    args.push('--ssh', ssh);
-  });
-  if (inputs.file) {
-    args.push('--file', inputs.file);
-  }
  return args;
 }

-async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
-  let args: Array<string> = [];
-  if (inputs.noCache) {
-    args.push('--no-cache');
-  }
+async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
+  const args: Array<string> = [];
  if (inputs.builder) {
    args.push('--builder', inputs.builder);
  }
-  if (inputs.pull) {
-    args.push('--pull');
-  }
  if (inputs.load) {
    args.push('--load');
  }
+  if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
+    args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
+  }
  if (inputs.network) {
    args.push('--network', inputs.network);
  }
+  if (inputs.noCache) {
+    args.push('--no-cache');
+  }
+  if (inputs.pull) {
+    args.push('--pull');
+  }
  if (inputs.push) {
    args.push('--push');
  }
  return args;
 }
-
-export async function getInputList(name: string, ignoreComma?: boolean): Promise<string[]> {
-  let res: Array<string> = [];
-
-  const items = core.getInput(name);
-  if (items == '') {
-    return res;
-  }
-
-  for (let output of (await csvparse(items, {
-    columns: false,
-    relax: true,
-    relaxColumnCount: true,
-    skipLinesWithEmptyValues: true
-  })) as Array<string[]>) {
-    if (output.length == 1) {
-      res.push(output[0]);
-      continue;
-    } else if (!ignoreComma) {
-      res.push(...output);
-      continue;
-    }
-    res.push(output.join(','));
-  }
-
-  return res.filter(item => item).map(pat => pat.trim());
-}
-
-export const asyncForEach = async (array, callback) => {
-  for (let index = 0; index < array.length; index++) {
-    await callback(array[index], index, array);
-  }
-};
-
-// FIXME: Temp fix https://github.com/actions/toolkit/issues/777
-export function setOutput(name: string, value: any): void {
-  issueCommand('set-output', {name}, value);
-}
--- a/src/main.ts
+++ b/src/main.ts
@ -1,65 +1,89 @@
 import * as fs from 'fs';
-import * as buildx from './buildx';
-import * as context from './context';
 import * as stateHelper from './state-helper';
 import * as core from '@actions/core';
-import * as exec from '@actions/exec';
+import * as actionsToolkit from '@docker/actions-toolkit';
+import {Context} from '@docker/actions-toolkit/lib/context';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+import {Exec} from '@docker/actions-toolkit/lib/exec';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';

-async function run(): Promise<void> {
-  try {
-    core.startGroup(`Docker info`);
-    await exec.exec('docker', ['version']);
-    await exec.exec('docker', ['info']);
-    core.endGroup();
+import * as context from './context';

-    if (!(await buildx.isAvailable())) {
+actionsToolkit.run(
+  // main
+  async () => {
+    const inputs: context.Inputs = await context.getInputs();
+    const toolkit = new Toolkit();
+
+    await core.group(`GitHub Actions runtime token ACs`, async () => {
+      try {
+        await GitHub.printActionsRuntimeTokenACs();
+      } catch (e) {
+        core.warning(e.message);
+      }
+    });
+
+    await core.group(`Docker info`, async () => {
+      try {
+        await Docker.printVersion();
+        await Docker.printInfo();
+      } catch (e) {
+        core.info(e.message);
+      }
+    });
+
+    if (!(await toolkit.buildx.isAvailable())) {
      core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
      return;
    }
-    stateHelper.setTmpDir(context.tmpDir());

-    const buildxVersion = await buildx.getVersion();
-    const defContext = context.defaultContext();
-    let inputs: context.Inputs = await context.getInputs(defContext);
+    stateHelper.setTmpDir(Context.tmpDir());

-    const args: string[] = await context.getArgs(inputs, defContext, buildxVersion);
-    await exec
-      .getExecOutput('docker', args, {
-        ignoreReturnCode: true
-      })
-      .then(res => {
-        if (res.stderr.length > 0 && res.exitCode != 0) {
-          throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)![0].trim()}`);
-        }
-      });
+    await core.group(`Buildx version`, async () => {
+      await toolkit.buildx.printVersion();
+    });

-    await core.group(`Setting outputs`, async () => {
-      const imageID = await buildx.getImageID();
-      const metadata = await buildx.getMetadata();
-      if (imageID) {
-        core.info(`digest=${imageID}`);
-        context.setOutput('digest', imageID);
-      }
-      if (metadata) {
-        core.info(`metadata=${metadata}`);
-        context.setOutput('metadata', metadata);
+    const args: string[] = await context.getArgs(inputs, toolkit);
+    const buildCmd = await toolkit.buildx.getCommand(args);
+    await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
+      ignoreReturnCode: true
+    }).then(res => {
+      if (res.stderr.length > 0 && res.exitCode != 0) {
+        throw new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
      }
    });
-  } catch (error) {
-    core.setFailed(error.message);
-  }
-}

-async function cleanup(): Promise<void> {
-  if (stateHelper.tmpDir.length > 0) {
-    core.startGroup(`Removing temp folder ${stateHelper.tmpDir}`);
-    fs.rmdirSync(stateHelper.tmpDir, {recursive: true});
-    core.endGroup();
-  }
-}
+    const imageID = BuildxInputs.resolveBuildImageID();
+    const metadata = BuildxInputs.resolveBuildMetadata();
+    const digest = BuildxInputs.resolveDigest();

-if (!stateHelper.IsPost) {
-  run();
-} else {
-  cleanup();
-}
+    if (imageID) {
+      await core.group(`ImageID`, async () => {
+        core.info(imageID);
+        core.setOutput('imageid', imageID);
+      });
+    }
+    if (digest) {
+      await core.group(`Digest`, async () => {
+        core.info(digest);
+        core.setOutput('digest', digest);
+      });
+    }
+    if (metadata) {
+      await core.group(`Metadata`, async () => {
+        core.info(metadata);
+        core.setOutput('metadata', metadata);
+      });
+    }
+  },
+  // post
+  async () => {
+    if (stateHelper.tmpDir.length > 0) {
+      await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
+        fs.rmSync(stateHelper.tmpDir, {recursive: true});
+      });
+    }
+  }
+);
--- a/src/state-helper.ts
+++ b/src/state-helper.ts
@ -1,12 +1,7 @@
 import * as core from '@actions/core';

-export const IsPost = !!process.env['STATE_isPost'];
 export const tmpDir = process.env['STATE_tmpDir'] || '';

 export function setTmpDir(tmpDir: string) {
  core.saveState('tmpDir', tmpDir);
 }
-
-if (!IsPost) {
-  core.saveState('isPost', 'true');
-}
--- a/test/Dockerfile
+++ b/test/Dockerfile
@ -1,3 +1,3 @@
+# syntax=docker/dockerfile:1
 FROM alpine
-
 RUN echo "Hello world!"
--- a/test/addhost.Dockerfile
+++ b/test/addhost.Dockerfile
@ -0,0 +1,3 @@
+# syntax=docker/dockerfile:1
+FROM busybox
+RUN cat /etc/hosts
--- a/test/cgroup.Dockerfile
+++ b/test/cgroup.Dockerfile
@ -0,0 +1,3 @@
+# syntax=docker/dockerfile:1
+FROM alpine
+RUN cat /proc/self/cgroup
--- a/test/go/Dockerfile
+++ b/test/go/Dockerfile
@ -0,0 +1,19 @@
+# syntax=docker/dockerfile:1
+
+FROM golang:alpine AS base
+ENV CGO_ENABLED=0
+RUN apk add --no-cache file git
+WORKDIR /src
+
+FROM base AS build
+RUN --mount=type=bind,target=/src \
+    --mount=type=cache,target=/root/.cache/go-build \
+    go build -ldflags "-s -w" -o /usr/bin/app .
+
+FROM scratch AS binary
+COPY --from=build /usr/bin/app /bin/app
+
+FROM alpine AS image
+COPY --from=build /usr/bin/app /bin/app
+EXPOSE 8080
+ENTRYPOINT ["/bin/app"]
--- a/test/go/go.mod
+++ b/test/go/go.mod
@ -0,0 +1,3 @@
+module github.com/docker/build-push-action/test/go
+
+go 1.18
--- a/test/go/main.go
+++ b/test/go/main.go
@ -0,0 +1,14 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+)
+
+func main() {
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "Hello, Go!")
+	})
+	log.Fatal(http.ListenAndServe(":8080", nil))
+}
--- a/test/multi-sudo.Dockerfile
+++ b/test/multi-sudo.Dockerfile
@ -1,9 +1,8 @@
+# syntax=docker/dockerfile:1
 FROM --platform=$BUILDPLATFORM golang:alpine AS build
-
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
-
 RUN apk --update --no-cache add \
    shadow \
    sudo \
@ -17,6 +16,5 @@ RUN sudo chown buildx. /log
 USER root

 FROM alpine
-
 COPY --from=build /log /log
 RUN ls -al /log
--- a/test/multi.Dockerfile
+++ b/test/multi.Dockerfile
@ -1,3 +1,4 @@
+# syntax=docker/dockerfile:1
 FROM --platform=$BUILDPLATFORM golang:alpine AS build

 ARG TARGETPLATFORM
--- a/test/named-context-base.Dockerfile
+++ b/test/named-context-base.Dockerfile
@ -0,0 +1,4 @@
+# syntax=docker/dockerfile:1
+
+FROM debian
+RUN echo "Hello debian!"
--- a/test/named-context.Dockerfile
+++ b/test/named-context.Dockerfile
@ -0,0 +1,4 @@
+# syntax=docker/dockerfile:1
+
+FROM alpine
+RUN cat /etc/*release
--- a/test/nocachefilter.Dockerfile
+++ b/test/nocachefilter.Dockerfile
@ -0,0 +1,9 @@
+# syntax=docker/dockerfile:1
+FROM busybox AS base
+RUN echo "Hello world!" > /hello
+
+FROM alpine AS build
+COPY --from=base /hello /hello
+RUN uname -a
+
+FROM build
--- a/test/secret.Dockerfile
+++ b/test/secret.Dockerfile
@ -0,0 +1,4 @@
+# syntax=docker/dockerfile:1
+FROM busybox
+RUN --mount=type=secret,id=MYSECRET \
+  echo "MYSECRET=$(cat /run/secrets/MYSECRET)"
--- a/test/shmsize.Dockerfile
+++ b/test/shmsize.Dockerfile
@ -0,0 +1,3 @@
+# syntax=docker/dockerfile:1
+FROM busybox
+RUN mount | grep /dev/shm
--- a/test/ulimit.Dockerfile
+++ b/test/ulimit.Dockerfile
@ -0,0 +1,3 @@
+# syntax=docker/dockerfile:1
+FROM busybox
+RUN ulimit -a
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,21 +1,22 @@
 {
  "compilerOptions": {
+    "esModuleInterop": true,
    "target": "es6",
    "module": "commonjs",
-    "lib": [
-      "es6",
-      "dom"
-    ],
+    "strict": true,
    "newLine": "lf",
    "outDir": "./lib",
    "rootDir": "./src",
-    "strict": true,
+    "forceConsistentCasingInFileNames": true,
    "noImplicitAny": false,
-    "esModuleInterop": true,
-    "sourceMap": true
+    "resolveJsonModule": true,
+    "useUnknownInCatchVariables": false,
  },
  "exclude": [
+    "./__mocks__/**/*",
+    "./__tests__/**/*",
+    "./lib/**/*",
    "node_modules",
-    "**/*.test.ts"
+    "jest.config.ts"
  ]
 }
--- a/yarn.lock
+++ b/yarn.lock