Merge pull request #555 from crazy-max/fix-add-host

Fix add-hosts context

.github/workflows/ci.yml

@@ -4,10 +4,10 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - master
+      - 'master'
   pull_request:
     branches:
-      - master
+      - 'master'
 
 jobs:
   minimal:
@@ -416,6 +416,30 @@ jobs:
         if: always()
         uses: crazy-max/ghaction-dump-context@v1
 
+  add-hosts:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Build
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/addhost.Dockerfile
+          tags: name/app:latest
+          add-hosts: |
+            docker:10.180.0.1
+            foo:10.0.0.1
+      -
+        name: Dump context
+        if: always()
+        uses: crazy-max/ghaction-dump-context@v1
+
   multi:
     runs-on: ubuntu-latest
     strategy:

.github/workflows/e2e.yml

@@ -6,7 +6,7 @@ on:
     - cron: '0 10 * * *'
   push:
     branches:
-      - master
+      - 'master'
     tags:
       - v*
 
@@ -52,6 +52,11 @@ jobs:
             slug: gcr.io/sandbox-298914/test-docker-action
             username_secret: GCR_USERNAME
             password_secret: GCR_JSON_KEY
+          -
+            registry: officialgithubactions.azurecr.io
+            slug: officialgithubactions.azurecr.io/test-docker-action
+            username_secret: AZURE_CLIENT_ID
+            password_secret: AZURE_CLIENT_SECRET
     steps:
       -
         name: Checkout

README.md

@@ -38,30 +38,7 @@ ___
 
 ## Usage
 
-By default, this action uses the [Git context](#git-context) so you don't need to use the
+In the examples below we are also using 3 other actions:
-[`actions/checkout`](https://github.com/actions/checkout/) action to checkout the repository because this will be
-done directly by buildkit. The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
-and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
-
-You can provide a subdirectory to the [Git context](#git-context) by using the following [Handlebars template](https://handlebarsjs.com/guide/) expression `{{defaultContext}}`:
-
-```yaml
-      -
-        name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: {{defaultContext}}:docker
-          push: true
-          tags: user/app:latest
-```
-
-Be careful because **any file mutation in the steps that precede the build step will be ignored, including processing of the `.dockerignore` file** since
-the context is based on the git reference. However, you can use the [Path context](#path-context) using the
-[`context` input](#inputs) alongside the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
-this restriction.
-
-In the examples below we are using 3 other actions:
 
 * [`setup-buildx`](https://github.com/docker/setup-buildx-action) action will create and boot a builder using by 
 default the `docker-container` [builder driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
@@ -72,13 +49,20 @@ to add emulation support with QEMU to be able to build against more platforms.
 
 ### Git context
 
+By default, this action uses the [Git context](#git-context) so you don't need
+to use the [`actions/checkout`](https://github.com/actions/checkout/) action to
+check out the repository because this will be done directly by [BuildKit](https://github.com/moby/buildkit).
+
+The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/reference/events-that-trigger-workflows)
+and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+
 ```yaml
 name: ci
 
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -98,21 +82,42 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        id: docker_build
         uses: docker/build-push-action@v2
         with:
           push: true
           tags: user/app:latest
 ```
 
-Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+Be careful because **any file mutation in the steps that precede the build step
-so it does not need to be passed. If you want to authenticate against another private repository, you have to use
+will be ignored, including processing of the `.dockerignore` file** since
-a [secret](docs/advanced/secrets.md) named `GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
+the context is based on the Git reference. However, you can use the
+[Path context](#path-context) using the [`context` input](#inputs) alongside
+the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+this restriction.
+
+Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
+expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
+to the default Git context:
+
+```yaml
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: "{{defaultContext}}:mysubdir"
+          push: true
+          tags: user/app:latest
+```
+> :warning: Subdirectory for Git context is not yet available for the buildx [`docker` driver](https://github.com/docker/buildx/blob/master/docs/reference/buildx_create.md#driver).
+
+Building from the current repository automatically uses the [GitHub Token](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token)
+so it does not need to be passed. If you want to authenticate against another
+private repository, you have to use a [secret](docs/advanced/secrets.md) named
+`GIT_AUTH_TOKEN` to be able to authenticate against it with buildx:
 
 ```yaml
       -
         name: Build and push
-        id: docker_build
         uses: docker/build-push-action@v2
         with:
           push: true
@@ -129,7 +134,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -194,12 +199,13 @@ Following inputs can be used as `step.with` keys
 
 | Name                | Type     | Description                        |
 |---------------------|----------|------------------------------------|
+| `add-hosts`         | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) |
 | `allow`             | List/CSV | List of [extra privileged entitlement](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#allow) (e.g., `network.host,security.insecure`) |
 | `builder`           | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
 | `build-args`        | List     | List of build-time variables |
 | `cache-from`        | List     | List of [external cache sources](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) (e.g., `type=local,src=path/to/dir`) |
 | `cache-to`          | List     | List of [cache export destinations](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-to) (e.g., `type=local,dest=path/to/dir`) |
-| `cgroup-parent`     | String   | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
+| `cgroup-parent`¹    | String   | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build |
 | `context`           | String   | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
 | `file`              | String   | Path to the Dockerfile. (default `{context}/Dockerfile`) |
 | `labels`            | List     | List of metadata for an image |
@@ -212,11 +218,22 @@ Following inputs can be used as `step.with` keys
 | `push`              | Bool     | [Push](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#push) is a shorthand for `--output=type=registry` (default `false`) |
 | `secrets`           | List     | List of secrets to expose to the build (e.g., `key=string`, `GIT_AUTH_TOKEN=mytoken`) |
 | `secret-files`      | List     | List of secret files to expose to the build (e.g., `key=filename`, `MY_SECRET=./secret.txt`) |
-| `shm-size`          | String   | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) |
+| `shm-size`¹         | String   | Size of [`/dev/shm`](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-size-of-devshm---shm-size) (e.g., `2g`) |
 | `ssh`               | List     | List of SSH agent socket or keys to expose to the build |
 | `tags`              | List/CSV | List of tags |
 | `target`            | String   | Sets the target stage to build |
-| `ulimit`            | List     | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) |
+| `ulimit`¹           | List     | [Ulimit](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#-set-ulimits---ulimit) options (e.g., `nofile=1024:1024`) |
+| `github-token`      | String   | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`) |
+
+> ¹ `cgroup-parent`, `shm-size` and `ulimit` are only available using `moby/buildkit:master`
+> as builder image atm:
+> ```yaml
+> - name: Set up Docker Buildx
+>   uses: docker/setup-buildx-action@v1
+>   with:
+>   driver-opts: |
+>     image=moby/buildkit:master
+> ```
 
 ### outputs
 

__tests__/context.test.ts

@@ -446,6 +446,7 @@ ccc`],
         ['context', '.'],
         ['tag', 'localhost:5000/name/app:latest'],
         ['file', './test/Dockerfile'],
+        ['add-hosts', 'docker:10.180.0.1,foo:10.0.0.1'],
         ['network', 'host'],
         ['load', 'false'],
         ['no-cache', 'false'],
@@ -455,6 +456,8 @@ ccc`],
       [
         'buildx',
         'build',
+        '--add-host', 'docker:10.180.0.1',
+        '--add-host', 'foo:10.0.0.1',
         '--file', './test/Dockerfile',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',
         '--metadata-file', '/tmp/.docker-build-push-jest/metadata-file',
@@ -469,6 +472,7 @@ ccc`],
       new Map<string, string>([
         ['context', '.'],
         ['file', './test/Dockerfile'],
+        ['add-hosts', 'docker:10.180.0.1\nfoo:10.0.0.1'],
         ['cgroup-parent', 'foo'],
         ['shm-size', '2g'],
         ['ulimit', `nofile=1024:1024
@@ -481,6 +485,8 @@ nproc=3`],
       [
         'buildx',
         'build',
+        '--add-host', 'docker:10.180.0.1',
+        '--add-host', 'foo:10.0.0.1',
         '--cgroup-parent', 'foo',
         '--file', './test/Dockerfile',
         '--iidfile', '/tmp/.docker-build-push-jest/iidfile',

action.yml

@@ -7,6 +7,9 @@ branding:
   color: 'blue'
 
 inputs:
+  add-hosts:
+    description: "List of a customs host-to-IP mapping (e.g., docker:10.180.0.1)"
+    required: false
   allow:
     description: "List of extra privileged entitlement (e.g., network.host,security.insecure)"
     required: false

docs/advanced/cache.md

@@ -20,7 +20,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -60,7 +60,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -110,7 +110,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:
@@ -154,7 +154,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/copy-between-registries.md

@@ -12,7 +12,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/dockerhub-desc.md

@@ -10,7 +10,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/export-docker.md

@@ -9,7 +9,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/isolated-builders.md

@@ -6,7 +6,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/local-registry.md

@@ -8,7 +8,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/multi-platform.md

@@ -12,7 +12,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/push-multi-registries.md

@@ -14,7 +14,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/secrets.md

@@ -22,7 +22,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/share-image-jobs.md

@@ -11,7 +11,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   build:

docs/advanced/tags-labels.md

@@ -1,7 +1,6 @@
 # Handle tags and labels
 
-If you come from [`v1`](https://github.com/docker/build-push-action/tree/releases/v1#readme) and want an
+If you want an "automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-"automatic" tag management and [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
 for labels, you can do it in a dedicated step. The following workflow will use the [Docker metadata action](https://github.com/docker/metadata-action)
 to handle tags and labels based on GitHub actions events and Git metadata.
 
@@ -10,7 +9,7 @@ name: ci
 
 on:
   schedule:
-    - cron: '0 10 * * *' # everyday at 10am
+    - cron: '0 10 * * *'
   push:
     branches:
       - '**'
@@ -18,7 +17,7 @@ on:
       - 'v*.*.*'
   pull_request:
     branches:
-      - 'master'
+      - 'main'
 
 jobs:
   docker:

docs/advanced/test-before-push.md

@@ -14,7 +14,7 @@ name: ci
 on:
   push:
     branches:
-      - 'master'
+      - 'main'
 
 env:
   TEST_TAG: user/myapp:test

src/context.ts

@@ -14,6 +14,7 @@ import * as handlebars from 'handlebars';
 let _defaultContext, _tmpDir: string;
 
 export interface Inputs {
+  addHosts: string[];
   allow: string[];
   buildArgs: string[];
   builder: string;
@@ -67,6 +68,7 @@ export function tmpNameSync(options?: tmp.TmpNameOptions): string {
 
 export async function getInputs(defaultContext: string): Promise<Inputs> {
   return {
+    addHosts: await getInputList('add-hosts'),
     allow: await getInputList('allow'),
     buildArgs: await getInputList('build-args', true),
     builder: core.getInput('builder'),
@@ -104,6 +106,9 @@ export async function getArgs(inputs: Inputs, defaultContext: string, buildxVers
 
 async function getBuildArgs(inputs: Inputs, defaultContext: string, buildxVersion: string): Promise<Array<string>> {
   let args: Array<string> = ['build'];
+  await asyncForEach(inputs.addHosts, async addHost => {
+    args.push('--add-host', addHost);
+  });
   if (inputs.allow.length > 0) {
     args.push('--allow', inputs.allow.join(','));
   }

test/addhost.Dockerfile

@@ -0,0 +1,2 @@
+FROM busybox
+RUN cat /etc/hosts

yarn.lock

@@ -2734,9 +2734,11 @@ nice-try@^1.0.4:
   integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==
 
 node-fetch@^2.3.0, node-fetch@^2.6.1:
-  version "2.6.1"
+  version "2.6.7"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.1.tgz#045bd323631f76ed2e2b55573394416b639a0052"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
-  integrity sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==
+  integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
+  dependencies:
+    whatwg-url "^5.0.0"
 
 node-int64@^0.4.0:
   version "0.4.0"
@@ -3498,6 +3500,11 @@ tr46@^2.1.0:
   dependencies:
     punycode "^2.1.1"
 
+tr46@~0.0.3:
+  version "0.0.3"
+  resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
+  integrity sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=
+
 ts-jest@^26.5.6:
   version "26.5.6"
   resolved "https://registry.yarnpkg.com/ts-jest/-/ts-jest-26.5.6.tgz#c32e0746425274e1dfe333f43cd3c800e014ec35"
@@ -3652,6 +3659,11 @@ walker@^1.0.7, walker@~1.0.5:
   dependencies:
     makeerror "1.0.x"
 
+webidl-conversions@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871"
+  integrity sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=
+
 webidl-conversions@^5.0.0:
   version "5.0.0"
   resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff"
@@ -3674,6 +3686,14 @@ whatwg-mimetype@^2.3.0:
   resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf"
   integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g==
 
+whatwg-url@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d"
+  integrity sha1-lmRU6HZUYuN2RNNib2dCzotwll0=
+  dependencies:
+    tr46 "~0.0.3"
+    webidl-conversions "^3.0.0"
+
 whatwg-url@^8.0.0, whatwg-url@^8.5.0:
   version "8.6.0"
   resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.6.0.tgz#27c0205a4902084b872aecb97cf0f2a7a3011f4c"