Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP4:FactoryCandidates
buildkit
buildkit.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File buildkit.changes of Package buildkit
------------------------------------------------------------------- Tue Nov 12 06:11:35 UTC 2024 - madhankumar.chellamuthu@suse.com - Update to version 0.17.1: * Dockerfile: add a comment about runc v1.2 * Revert "Dockerfile: update runc binary to 1.2.1" * ci: enable archutil-arm64 job * dockerfile: update delve to v1.23.1 * dockerfile: missing updates of xx to 1.5.0 * update to go 1.23 * dockerfile: fix running onbuild rules from inherited stages * hack: update protolint * hack: update gopls to 0.26 * Add test for `IsCommitSHA` function * vendor: update hcsshim to v0.12.8 * build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 * util/tracing: switch to semconv v0.21.0 * docs(dockerfile): BuildKit does not discard Volume edits ------------------------------------------------------------------- Tue Nov 05 06:13:51 UTC 2024 - madhankumar.chellamuthu@suse.com - Update to version 0.17.0: * Dockerfile: update runc binary to 1.2.1 * docs: fix double parens in internal link * chore: regenerate dockerfile rules documentation * Dockerfile: use folded block for rule description in docs front matter * tests: client: set up for wcow integration tests * docs: remove older warning format * docs: s/parent image/base image/ * pb: regenerate protobuf * vendor: revert containerd 1.7.23 because errdefs changes incompatible * Dockerfile: update xx to v1.5.0 * vendor: update compress to v1.17.11 * vendor: update cli to v1.22.16 * vendor: update azidentity to v1.6.0 * vendor: update hcsshim to v0.12.5 * Dockerfile: update runc to v1.1.15 * vendor: update containerd to v1.7.23 * Dockerfile: update containerd to v1.7.23 * vendor: update fsutil to 397af530 * docs: update undefined var check reference * docs: add buildkitd.toml docs new gc options * ociindex: allow readonly access * docs: add workarounds for JSONArgsRecommended check * git: fix caching git commit through multiple refs * Add labs reference for ADD --exclude * Add/fix references to labs dockerfile version * git: allow cloning commit shas not referenced by branch/tag * filesync: reuse data buffer for diffcopy * git: export gitutil helper for identifying commit shas * chore: add disk stat error wrapping * dockerfile: expose TARGETSTAGE as builtin argument * Update ARG, ENV and LABEL reference definitions to clarify that first KV-pairs are required but additional ones are optional * authprovider: add OTEL spans for loading credentials * tracing: enable OTEL on authprovider requests * docs: add front matter title to attestation docs * update arg syntax ref * vendor: golang.org/x/net v0.29.0 * vendor: golang.org/x/crypto v0.27.0 * vendor: golang.org/x/sys v0.25.0 * make sure that is the latest version that is picked * Dockerfile: update rootlesskit binary to 2.3.1 * fix: set h2 protocol identifier to comply with TLS-ALPN * sets the InvalidDefinitionDescription check to be experimental * fixes for dockerfile checks * Revert "dockerfile: pin dockerfile frontend image" * Refactor various rulecheck related code to properly handle env vars. after EnvGetter refactoring * add an allow list for secret lint check and add public to said list * Dockerfile: update containerd binary to v1.7.22,v1.6.36 * grpcclient: return proper nil reference from grpcclient * fix merge conflict in generated proto * llb: use buildkit user-agent for HTTP source * solver: simplify edge-related functions in the solver * docs: add note about check with errors * remove the directive from the comments in the AST * Add rule for arg / stage name comment descriptions * fix: compute total cache usage on any new cache policy opt * cache: rename new prune/gc control fields * add capability to detect if new storage filters are supported * update default and basic gc control to use free and max storage * http: avoid possible digest mismatch error * protobuf: add vtproto as a supplemental marshaler * worker/containerd: NewWorkerOpt: remove workaround for named pipes * dockerfile: set error location for ONBUILD errors * dockerfile: mark commands invoked from ONBUILD with prefix * dockerfile: fix command count after new commands from ONBUILD * protobuf: normalize how protobuf files are generated * dockerfile: add support for non-octal COPY --chmod in labs * vendor: go.etcd.io/bbolt v1.3.11 * docs: fix incorrect information about arg scoping * tests: skip TestContextChangeDirToFile on Windows * llb: deterministic marshaling for protobuf and store results from multiple constraints * docs: remove `from` limitation for onbuild * history: remove records without attached blobs at startup * fix: lint ci issue * client: allow non-octal chmod config for fileop.copy * vendor: github.com/docker/cli v27.3.1 * vendor: github.com/docker/docker v27.3.1 * vendor: github.com/moby/sys/sequential v0.6.0 * vendor: github.com/moby/sys/mount v0.3.4 * vendor: golang.org/x/net v0.28.0 * vendor: golang.org/x/crypto v0.26.0, golang.org/x/text v0.17.0 * vendor: golang.org/x/time v0.6.0 * vendor: golang.org/x/sys v0.24.0 * vendor: github.com/containerd/containerd v1.7.22 * frontend/dockerfile: BFlags.Parse: include flag with "--" prefix in errors * docs: update "read more" link for dockerfile examples * chore: return an error when AppArmor is unsupported and profile specifie * Added way to configure SBOM scanner * frontend/dockerfile: BFlags.Parse: return earlier on "--" terminator * util/archutil: re-generate to fix validation for mips64 * llbsolver: add input validation to policy recompute * dockerfile: pin dockerfile frontend image * protobuf: remove gogoproto * protobuf: add marshaling benchmarks for some protobuf messages * Fix WCOW COPY --from failure in multistage builds on Windows * chore: use a better root for computing free disk space * config: allow configuring free gc policies * dockerfile: add support for ONBUILD in combination to from * dockerfile: update args definitions to llb.EnvList ------------------------------------------------------------------- Wed Sep 25 09:10:41 UTC 2024 - danish.prakash@suse.com - _service: * rely on version and not `PARENT_TAG` versionformat. By default, `PARENT_TAG` instructs git to use the first tag found for the revision. This causes issues when there are multiple tags for the same revision (ref/*) because git ends up choosing an incorrect tag. * switch to `obs_scm` - Update to version 0.16.0: * ci: switch to ubuntu runner for freebsd job * debug: add trace flight recorder * Updated tests in frontend/dockerfile/dockerfile_test.go to run on Windows. * docs: windows: add a note about ContainerUser limited permissions * solver: move scheduler debug statements to their own functions * Sort errors alphabetically by detail if line number is the same when comparing tests * exec: allow specifying non-zero exit codes for execs * Add stub implementations to make buildkitd build for Darwin * dockerfile: mask usage of secret env in command name * solver: fix possible panic from error handler * frontend/dockerfile/docs: add $ in mount env example * docs: fix broken link to dockerfile reference * solver: pipe implementation utilizes generics for better typing * ci: Fix govulncheck permissions, it needs at least content read to be able to checkout the repository. * readme: add r2d4/llb frontend and dacc project * util/resolver: ignore invalid (empty) scope * tests: frontend/dockerfile: add dockerfile lint tests for WCOW * vendor: github.com/docker/docker v27.2.1 * vendor: github.com/docker/docker v27.2.1 * tests: add more integration tests for windows/wcow * fix windows area label when modifications are under the vendor folder * bklog: always enable trace id if it exists * hack: update golangci-lint to 1.61 * vendor: update grpc to v1.62.0 * exec: fix pruning cache mounts with parent ref on no-cache * execlude vendor directory from windows label * hack: do not cache rootless stage on release * vendor: github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c * vendor: github.com/containerd/containerd v1.7.21 * docs: run mount secret env dockerfile example * Dockerfile: update containerd binary to v1.7.21 * Dockerfile: update runc binary to 1.1.14 * chore: update AUTHORS and mailmap * add SourceInfoMap callback to LintResults.PrintErrorTo params * docs: use front matter title in buildkitd.toml doc * vendor: github.com/moby/sys/mountinfo v0.7.2 * docs: update reference docs for `check` directive * vendor: github.com/moby/sys/signal v0.7.1 * docs: add min dockerfile version for flags * vendor: github.com/containerd/typeurl/v2 v2.2.0 * vendor: github.com/docker/docker v27.2.0 * Update rule check print to include path to dockerfile relative to context * Parallel layer upload for s3 cache * Cleanup Linux-isms in code * Updated tests in frontend/dockerfile/dockerfile_provenance_test.go to run on Windows. Partially addressing #4485 * README.md: Add DevZero as consuming project * Fix #4885: Use multipart upload instead of CopyObject for touching file > 5GB * Update docs to clarify in the shell-form section that heredocs apply only to supported commands * check command casing after parsing the ast * Implements frontend side of #2122. * docs: use gh alert syntax for callouts * executor: detect containers killed by OOMKiller * docs: fix instruction name (s/ADD/COPY/) * remotecache: handle not implemented error for Info() * refactor lint printing functionality * ci: update golangci-lint to v1.60.1 * tests: frontend/dockerfile: more windows/wcow tests (pt.2) * uploadprovider: allow closing used sources * chore: set pb.Empty on ssh and secret mounts * errdefs: mark ENOMEM & ENOSPC with ResourceExhausted code * errdefs: detect certain sycall errors as internal * exec: fix incorrect deps computation for special mounts * ci: enable validating all Dockerfiles * Dockerfile: check .git directory available in build context * dockerfile: add missing mount completions * docs: clarify valid from targets for run --mount * In host networking mode, unconditionally use "/etc/resolv.conf" * Add note in generated docs indicating experimental rule checks * docs: list supported algorithms for ADD --checksum * hack: ensure SARIF output has results field defined for govulncheck * expand globs for area/project in auto PR labeler * ci: update scout to 1.13.0 * ci: print scout result * dockerfile: update containerd to v1.7.20 * migrate to github.com/moby/sys/userns * ci: apply no-cache-filter for master tags * ci: missing tags to be scanned with scout * hack: fix no-cache-filter on release * ci: generate annotations on PR, not just push * ci: generate annotations on PR, not just push * docs: dockerfile chmod variable interpolation * docs: replace `and` with `or` * implement experimental rule checks * docs: emphasize the fact that secrets aren't saved in cache * docs: mention `dst` and `destination` options too * vendor: github.com/containerd/nydus-snapshotter v0.14.0 * vendor: github.com/containerd/nydus-snapshotter v0.13.14 * vendor: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 * govulncheck to report known vulnerabilities * chore(labeler): fix area/storage filter * chore(labeler): update area/hack filter * chore(labeler): align syntax * ci: add OCI image annotations to Dockerfile frontend images * ci: sync labels when files are reverted or no longer changed with labeler * snapshot/containerd: fix wrong errdefs package import * test: enabling integration tests on windows * db: move DB dependencies to transactor interface * ci: scan images with docker scout * migrate to github.com/moby/sys/user/userns * dockerfile: use ADD for fetching sources * vendor: github.com/moby/sys/user v0.2.0 * vendor: github.com/docker/docker v27.1.1 * vendor: github.com/docker/docker v27.1.1 * Check the validity of the chmod option arguments for COPY and ADD * Add environment replacement support for chmod option * ci: add OCI image annotations to docker images * introduce PR labeler GHA workflow and configuration * dockerfile: test support for custom sessionID for locals * otel: add wrapping "resolving" spans for ResolveImageConfig * vendor: bump github.com/gofrs/flock to v0.12.1 * llbsolver: avoid nil releaser on error * stack: compress shared stacks for clearer output * ops: improve error messages from fileop * executor: rebase the path of submount error * executor: ensure deeper stacktraces for system errors * vendor: github.com/docker/cli v27.1.0 * vendor: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 * vendor: google.golang.org/grpc v1.60.1 * vendor: github.com/docker/docker v27.1.0 * vendor: github.com/containerd/containerd v1.7.20 * vendor: google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 * dockerui: allow passing sessionID for specific local source * session: remove session name property * errors: remove usage of errors.Cause * build(deps): bump softprops/action-gh-release from 2.0.7 to 2.0.8 * history api: save number of warnings to build record * build(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.7 * solver: mark history and graph concistency errors as internal * lint: finish up testifylint * Check invalid environment replacement form like ${VAR:%} * Pass cache imports from solve ptions to solve request ------------------------------------------------------------------- Fri Aug 23 10:24:14 UTC 2024 - dcermak@suse.com - Update to version 0.15.2: * remotecache: handle not implemented error for Info() * chore: set pb.Empty on ssh and secret mounts * exec: fix incorrect deps computation for special mounts * snapshot/containerd: fix wrong errdefs package import * vendor: bump github.com/gofrs/flock to v0.12.1 * llbsolver: avoid nil releaser on error * Adds a rule check for copying files which match the .dockerignore patterns * dockerfile: avoid frontend panic when no stages defined * vendor: update go-csvvalue to ddb21b71 * checks: add check for constant in from platform flag * llbsolver: fix possible early delete of external error * testutil: fix call order in already-exists check * testutil: improve initializing mirrors * docs: add a multi-line ENV example * docs: rewrite copy/add instruction reference * llbsolver: make sure stoptrace called on bolt error * ci(docs-upstream): missing path for frontend rules docs * docs: fix broken link in lint docs after rule rename * adds InvalidDefaultArgInFrom lint check * Generate dockerfile documentation after updating SecretsUsedInArgOrEnv rule description * update format string for SecretsUsedInArgOrEnv rule check * Update frontend/dockerfile/linter/ruleset.go * Update frontend/dockerfile/docs/rules/secrets-used-in-arg-or-env.md * vendor: patch updates for some direct dependencies * vendor: bump github.com/hashicorp/golang-lru/v2 to v2.0.7 * update CNI to v1.5.1 * vendor: bump github.com/gofrs/flock to v0.12.0 * git: add file mode verification to tests * git: ensure exec option is propagated to child git clis * bboltcachestorage: only delete link after releasing result * Add documentation for SecretsUsedInArgOrEnv rule * switch to github.com/containerd/platforms module * vendor: github.com/containerd/containerd v1.7.19 * vendor: github.com/microsoft/hcsshim v0.11.7 * golangci: forbid uses of platforms.DefaultString() * golangci: sort forbid rules * update containerd binary to v1.7.19 * Always return non-nil contexts * docs: dockerfile-reference: fix links * solver: include vertex Description in OpError * Replace manual loop looking for secret related tokens with regex * Add check rule that looks at keynames in arg and env and checks for common secret names * solver: allow finalizing history record traces * llbsolver: move typed error to own blob in history * fix incorrect usage of json.NewDecoder * dockerfile: fix invalid usage of json.NewDecoder * executor: fix cancellation before start signal * vendor: docker/docker, docker/cli v27.0.3 * Update integration test for checking empty dockerfile arg behavior and move from linting tests * Adds a test that checks to ensure that empty arg is passed to env * linter: add redundant target platform check * vendor: docker/docker, docker/cli v27.0.2 * Adds a deprecated flag to linter rules * ociLayoutResolver.info: remove use of reference.SplitObject * docs: use json args in multiple instructions example * fix: dot path normalized correctly for COPY * Fix typo in FromAsCasing docs * vendor: docker/docker and docker/cli v27.0.1 * vendor: github.com/containerd/ttrpc v1.2.5 * vendor: github.com/docker/docker-credential-helpers v0.8.2 * vendor: github.com/google/uuid v1.6.0 * vendor: github.com/opencontainers/runtime-spec v1.2.0 * Refactor containerd `NewWorkerOpt` & containerdexecutor `New` parameters * Disallow `ADD --checksum=<SUM> <GITSRC> <DST>` * build(deps): bump github.com/hashicorp/go-retryablehttp * chore: fix dockerfile linting issues for rootless image * Move parseLintOptions into linter package * git: fix pulling commit SHA only referenced from a tag * vendor: add go-csvvalue for more efficient CSV parsing * llb: convert envlist from slice to linked list * dockerfile: update env replacement efficiency * instructions: avoid allocating memory and processing location for nil * parser: optimize memory allocation for command word parsing * parser: optimize memory usage on env processing * shell: avoid allocating scanner for each shellword * parser: avoid excessive memory usage and bogus type conversions * parser: avoid expensive heredocs evaluations early * parser: avoid creating temp error string * parser: remove bogus string byteslice conversion * parser: remove regexp for comment matching * parser: avoid reallocating memory per rune on parsing flags * contenthash: add test using counter metric in scanPath * contenthash: add tests to check needsScan's correctness * contenthash: improve the correctness of needsScan * archutil: update riscv64 to unblock CI * archutil: fix build for arm64 * archutil: update riscv64 binary * dockerfile: deduplicate and cache config resolve requests * dockerfile: clarify that checksum works with HTTPS * build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 * refactor: split runtime options definions by OS * ci: set gha cache repository and token * Update Go to 1.22 * vendor: update klauspost/compress to v1.17.9 * vendor: update testify to 1.9.0 * vendor: update simplelru to v2 * vendor: update immutable-radix to v2 * shell: handle empty string for var replacements * build(deps): bump docker/bake-action from 4 to 5 * build(deps): bump docker/build-push-action from 5 to 6 * Initialize build args from stage base * Updates lint output to print detail instead of description * Consolidate instruction casing lint rules * In case where build arg exists with nil value, count as unmatched arg * Fix method Dockefile2Outline to Dockerfile2Outline * util/resolver: Make httpFallback concurrent safe * containerd: add option to set parent cgroup * identity: remove pkg/errors * update rootlesskit to v2.0.2 * update runc binary to v1.1.13 * Adds 'WARNING' prefix to the rule check output and update lint subrequest to return a status of 1 if an error occurred * Dockerfile: update delve to v1.22.1 * Dockerfile: update CNI to 1.5.0 * ensure context.WithoutCancel in defer funcs * simplify with maps pkg functions * simplify to use slices.Reverse * remove deprecated seed calls * dockerui: use CachedGroup in dockerui context resolve * llb: rewrite llb.Async with CachedGroup * flightcontrol: add cached group support * history: fix empty Exporters attribute * ci: switch to ubuntu-24.04 runner * ci: enable disable_file_fixes in codecov action * lint: more testifylint fixes * minor lint formatting cleanups * dockerfile: fix lint rules links in index * wip: tar and local exporter running with privileges * flightcontrol: protect contention timeouts * Fix content not found with `push=true,rewrite-timestamp=true` * vendor: github.com/distribution/reference v0.6.0 * vendor: go.etcd.io/bbolt v1.3.10 * lint: add doc for UndefinedArgInFrom * lint: update descriptions, test and re-generate docs * lint: InvalidBaseImagePlatform does not need specific docs * lint: add alias to doc rule frontmatter * lint: generate _index.md docs * lint: add/generate docs for build rules * dockerfile: generate lint rules documentation * dockerfile: only report legacy key/value format when stage is reachable * Update lintTestParams to allow for different numbers of warnings between progress and unmarshal test types * dockerfile: default linter to run on all stages by default * contenthash: add tests for non-lexical symlinks * contenthash: unify "follow" and trailing-symlink handling for Checksum * contenthash: implement proper Linux symlink semantics for needsScan * contenthash: implement proper Linux symlink semantics for getFollowLinks * contenthash: switch recursive rootPath implementation to be iterative * llbsolver: add more otel spans for export and history * vendor: docker/docker, docker/cli v26.1.4 * vendor: golang.org/x/mod v0.17.0 * dockerfile/linter: check for nil linter in linter functions * Dockerfile: update containerd binary to v1.7.18, v1.6.33 * vendor: github.com/containerd/containerd v1.7.18 * Adds the rulename to the output of the PrintLintViolations function * dockerfile: make sure stage is reachable before validating base * docs: add details for setting up CNI for windows * Update tracing check for whether error has stack * bboltcachestorage: mitigate corrupt boltdb cache after panic * Adds controls for checking dockerfile lint rules * dockerfile: fix build conflict from previous updates * allow skipping backlinks where walking cache chains for provenance * dockerfile: detect base image with wrong platform being used * Fix http fallback * Add bounds to termHeight when BUILDKIT_TTY_LOG_LINES is set * vendor: update vt100 with fix for resizing height * lint: fix some testifylint warnings * verifier: verify platforms of the build result * allow controlling detected platforms cache timeout * Add thompson-shaun to curators * docs: add a note for opentel/jaeger on windows * linter: lint rule for using the legacy key/value format with whitespace * dockerfile: improve detection of reachable stages * ensure correct grpc max sizes for control API and frontends * dockerfile: bump alpine to 3.20 * tests: remove unnecessary declaration and fix typo * llbsolver: create single temp lease for exports for performance * fix: 20 sec timeout for write to disc too short * gitutil: preserve error type when wrapping * Upgrade: github.com/containerd/containerd v1.7.17 * Adjusts syscall.Statfs_t for OpenBSD * github: define disable_file_fixes on codecov upload * codecov: exclude generated files * hack: track helper process coverage in integration tests * dockerfile: avoid evaluating ARG default if unused * dockerfile: avoid ignoring errors global arg expansion * hack: add prometheus and grafana to hack/compose * vendor: update github.com/docker/docker to v26.1.3 * lint: enable gocritic * lint: enable noctx linter * lint: sort used linters * docs: fix typo and tweak formatting * hack: add validation for golangci config * dockerfile: add hint suggestions to UndefinedVar * dockerfile: add hint suggestions to UndeclaredArgInFrom * dockerfile: improve error messages and add suggest to platform flag parsing * linter: add rule to catch multiple conflicting instructions used in the same stage * removes the extra build-arg copy pasta-ed in * testutil: make sure context is canceled after test end * dockerfile: fix test mirror config bullseye-slim * call validateCommandVars from within the command.Expand call * move validateCommandVar to happen during dispatch and add additional test cases * Add undefined arg lint rule * linter: add rule for relative path used in workdir * buildkitd: Frontend restriction support * build(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5 * detect: refactor the detect package * stream a layer to s3 if possible, instead of getting it then sending it * linter: add lint rule for required json arguments * contenthash: make all paths strings when converting * progress: fix leak of pipe goroutine from MultiReader * updated this file docs\windows.md, * update lint tests to accept a struct instead of an increasing number of parameters * add linting rules for undeclared args in from * update lint subrequest to return build error and warnings up to error rather than a failed grpc response * solver: recursively add merge source jobs to target and ancestors * Adds alpine:latest to mirrored images in dockerfile integration tests * solver: use logrus fields for more scheduler debug logs * solver: prevent edge merge to inactive states * fix: close files in the toAgentSource func * linter: add linter rule for reserved stage names and duplicate stage names * docs: add documetation for --group and SecurityDescriptor config * frontend: missing compat check for TestCommandSourceMapping * dockerfile: add lint rule for maintainer instruction * align prune with disk usage command behavior * buildkitd: allow --group for windows * detect: remove extraneous check for detected exporters * vendor: update fsutil to 91a3fc4 * docs: dockerfile reference title in front matter * fix: gc policy for windows to use percentage of disk space * vendor: update github.com/docker/docker to v26.1.0 * chore: remove repetitive word * vendor: github.com/tonistiigi/fsutil @ 497d33b * build(deps): bump golang.org/x/net from 0.18.0 to 0.23.0 * chore: fix function names in comment * build(deps): bump github.com/docker/docker * Update lint warning sorting to handle mssing ranges and < 1 sourceIndex. * avoid appending line info in lint detail * add basic warning validations so we can safely sort and print the warnings we receive from the lint subrequest * sort lint warning output by file and line number, sourcemap format now consistent * git: restrict definition of git ref * Improve grammar in README.md * dockerfile: add statuscode to lint result * dockerfile: fix validation errors in linter tests * fix: use unix path separator since path already normalized * solver: infer builder id from user input for provenance in build record * refactored opt.Warn to simplify and updated warning data * Consolidate tests and update Warning output to include source data * update print to include lint subcommand * hack: add gopls analyzers * lint: unusedparams fixes for freebsd * lint: unusedparams fixes for windows * lint: unusedparams fixes * lint: fixes for overflows * lint: stdmethods fixes * vendor: github.com/docker/cli v26.0.0 * vendor: github.com/docker/docker v26.0.0 * vendor: golang.org/x/sys v0.18.0 * vendor: github.com/containerd/containerd v1.7.15 * hack: linter updates * lint: unusedwrite fixes * lint: nilness fixes * unify ReadAt to ReadCloser conversion * dockerfile: remove dependency on apitypes/container * dockerfile: remove strslice dependency * solver: add more debug logs to track down inconsistent graph state * add support for AlwaysReplaceExistingDestPaths in llb copy * chore: fix casing in containerd-alt-16 stage * chore: remove impossible err check * oci: fix missing release call * executor: fix overlay layer limit for non-rootfs mounts * rewrite-timestamp: fix incompatibility with `COPY --link` * util/converter: fix diffID computation * update containerd vendor and add test for OCI media type. * otel: update usage of otelgrpc interceptors to use stat handlers * Update file consistent cmd casing to match majority casing, not first instruction casing * inline stage lint helper functions * Add lint rule for consistent command casing across the dockerfile and update tests * update comment where we collect empty continuation line warnings * client: expose git auth header and token keys * docs: call out ONBUILD COPY --from as unsupported * docs: clarify that leading parent dir paths are stripped away * docs: add COPY --from section * tracing: refactor the trace recorder * ci: update workflow artifacts retention * docs: fix incorrect capitalization for "GitLab" * docs: fix incorrect syntax for exec form entrypoint * dockerfile: fix missing source mapping for COPY --link command * inline: fix uncompressed digest importing from multiple providers * refactor tests and add FROM/AS lint rule * gha: add support for batch checking existing keys * remotecache: replace CheckDescriptor with Info * explicitly tie linter messages to linter rules * improve alpine version selection per arch * oci: make mounting oci socket optional * add integration test to check for lint warnings * fix: use default dialer for client * fix integration tests for new dockerfile empty continuation warning output * git: ensure file-looking git refs aren't parsed as URLs * solver: stub out sysSampler close * remotecache: fix missing CheckDescriptor method * Remove indent so that every rawjson message is printed in one line. * vendor: github.com/containerd/containerd v1.7.14 * refactor linting to allow better, more consistent warnings * Add additional warnings for lint rules * hack: configure the otel-collector for hack/compose * docs: remove mention that buildkit warns about unconsumned build args * build(deps): bump softprops/action-gh-release from 2.0.2 to 2.0.4 * detect: fix auto-detection of metric exporters to handle none correctly * ci: update comment version for softprops/action-gh-release update * build(deps): bump softprops/action-gh-release from 1 to 2 * docs: add type=tmpfs to run mounts overview * testutil: add binary and extraEnv opt for dockerd worker * docs: replace references to the master branch with v0.13 * fix(docs): add the containers feature enabling step * ci: enable multi-platform lint only for upstream repo * solver: comment some annotations about solver lock * solver: remove unneccessary solver lock * Address review feedback and slightly refactor tests * dockerfile: add docs for --parents * chore: remove unneccessary parameter in newSharedOp * move zero-value initialization for oci indexes to separate function * fix: windows getting started guide for uniformity * dockerfile: allow pivot point for --parents flag * util: typo fix * sets the oci media type if unset in the index * Remove trailing newline * vendor: update github.com/tonistiigi/fsutil to 7525a1af2bb5 * Revert formatting change to state.go * Remove input ordering logic from Marshal(), enforce ordering in to (*FileOp).Inputs() and (*ExecOp).Inputs() * vendor: github.com/docker/docker v26.0.0-rc1 * Change output->input map name and slight formatting change * Pre-convert outputs to inputs in llb client marshaller in order to traverse input vertices in a consistent order * ci(validate): temporarily disable archutil-arm64 job * add loongarch support for buildkit archutil ------------------------------------------------------------------- Mon Apr 08 06:02:50 UTC 2024 - danish.prakash@suse.com - Update to version 0.13.1: * oci: make mounting oci socket optional * git: ensure file-looking git refs aren't parsed as URLs * remotecache: fix missing CheckDescriptor method * solver: stub out sysSampler close * fix(docs): add the containers feature enabling step * ci: enable multi-platform lint only for upstream repo * docs: replace references to the master branch with v0.13 * fix: windows getting started guide for uniformity * dockerfile: add docs for --parents * dockerfile: allow pivot point for --parents flag * util: typo fix * vendor: update github.com/tonistiigi/fsutil to 7525a1af2bb5 * ci(validate): temporarily disable archutil-arm64 job * add loongarch support for buildkit archutil * dockerfile: don't silently ignore --parents if not labs * test: switch to golang.org/x/mod to check containerd version constraint * move network sample to resources types * vendor: update github.com/Masterminds/semver to v3.2.1 * gateway: mount metadata with nodev * file: fix idmap passed to unpack when userns enabled * file: use best-effort xattr behavior on unpacking * docs: restructure flags/options for add, copy, run * docs: typo in windows.md * docs: add quick guide for macOS * vendor: update github.com/pkg/profile to v1.7.0 * docs: add quick guide for windows * vendor: update github.com/tonistiigi/go-actions-cache to a0b64f338598 * cache(gha): increase default timeout to 10m * cache(gha): add timeout attr for cache export/import * vendor: update go.etcd.io/bbolt to v1.3.9 * vendor: update github.com/spdx/tools-golang to v0.5.3 * vendor: update github.com/serialx/hashring to 22c0c7ab6b1b * vendor: update github.com/containerd/fuse-overlayfs-snapshotter to 1.0.8 * DescriptorProviderPair: expose methods used by multiprovider * util/multiprovider: Implement Info * provenance: move types to a dedicated package * dockerfile2llb: fix ci merge conflict * Revert "util/multiprovider: Implement Info" * Avoid applying `SOURCE_DATE_EPOCH` to base images * dockerfile2llb: emit base image config * Fix case where TESTFLAGS may be unset * dockerfile: add excludepatterns feature to labs * vendor: update github.com/tonistiigi/fsutil to 7a889f53dbf6 * vendor: OTEL v0.46.1 / v1.21.0 * vendor: golang.org/x/net v0.18.0 * set bridge name and subnet in appdefaults * ci(test-os): split windows tests * ci(test-os): merge windows and freebsd build * dockerfile: cross build freebsd support * remove accidental debug log * ci(test-os): build binaries from dockerfile for windows * dockerfile: binaries-for-test target * dockerfile: cross build windows support * ci: inherit secrets from the caller workflow * secret mount: avoid setting `noexec` when an exec bit it set * fix: typo * add buildkitd.exe to windows binaries * examples/dockerfile2llb: remove unused `-partial-metadata-file` * ci: set codecov token * exporter: use docker-spec instead of locally defined types * dockerfile: bump xx to 1.4.0 * dockerfile: bump alpine to 3.19 * Dockerfile update stargz-snapshotter to v0.15.1 * vendor: github.com/containerd/stargz-snapshotter v0.15.1 * vendor: github.com/hashicorp/go-retryablehttp v0.7.5 * vendor: github.com/hanwen/go-fuse/v2 v2.4.0 * vendor: github.com/prometheus/procfs v0.12.0 * vendor: github.com/prometheus/client_golang v1.17.0 * vendor: github.com/urfave/cli v1.22.14 * vendor: github.com/containerd/continuity v0.4.3 * client: fix result history media type with dockerd moby * hack: fix unbound variable * CNI bridge firewall: avoid using `iptables` backend on rootless mode * client: fix multiple exporter test for dockerd worker * Dockerfile frontend: add Integration test for context from git * Move Dockerfile copy/add --exclude implementation to Labs * Add llb.WithExcludePatterns * Integration test for Dockerfile --exclude option * Dockerfile: Document exclude patterns on COPY and ADD commands * Dockerfile frontend: expose exclude keyword to ADD and COPY commands * dockerfile2llb: consistent progress for HTTP and Git ops with ADD * exporter: make OnBuild omiteempty * make sure iptables installed in release image * Revert "temporarily use older frontend to unblock CI" * util/multiprovider: Implement Info * temporarily use older frontend to unblock CI * add missing fallback from new frontend to daemon without sourceresolver * Dockerfile: update Nydus Image Service to v2.2.4 * replace resolveimageconfig with generic sourcemetaresolver * vendor: github.com/containerd/nydus-snapshotter v0.13.7 * vendor: google.golang.org/genproto/googleapis/rpc 49dd2c1f3d0b * vendor: google.golang.org/grpc v1.59.0 * ci: validate archutil on arm64 * archutil: generate arch bins * dockerfile(archutil): strip debug info * dockerfile(archutil): mark the stack as non-executable for amd64 * dockerfile(archutil): bump to trixie * archutil: validate * archutil: move dockerfile to hack and update scripts * keep local dns in resolv.conf when host network enabled * Fix source police mutation for named context * resolver: Limit auth handler isolation to push scopes * resolver: Isolate auth token cache per session * go.mod: update containerd to v1.7.13 * docs/rootless.md: move auxiliary information to the bottom * vendor: github.com/docker/cli v25.0.3 * vendor: github.com/docker/docker v25.0.3 * test: add new content-cache exec mount tests * exec: allow caller-controlled content-based cache * exec: allow content-cache for root selected mounts * exec: refactor content-based cache detection * vendor: github.com/containerd/console v1.0.4 * vendor: github.com/docker/cli v25.0.2 * vendor: github.com/docker/docker v25.0.2 * Fix regression `/run/buildkit is inaccessible for socket user` * Update fallback logic to only fallback with previous host * chore(deps): bump actions/setup-go from 4 to 5 * chore(deps): bump nick-fields/retry from 2.9.0 to 3.0.0 * chore(deps): bump actions/cache from 3 to 4 * chore: refactor IsGitTransport to avoid duplication * docs: make the warning about build arguments * ci(docs-upstream): pin reusable workflow * ci: bump gotest-annotations to fa6141aedf23596fb8bdcceab9cce8dadaa31bd9 * ci: bump actions/upload-artifact and actions/download-artifact to 4 * test: warn if testing dockerd worker without disabled features * ci: bump codecov/codecov-action to v4 * ci: bump actions/github-script to v7 * ci(dockerd): bump docker to 25.0.2 * update runc to v1.1.12 * exec: add extra validation for submount sources * executor: recheck mount stub path within root after container run * llbsolver: make sure interactive container API validates entitlements * gateway: pass executor with build and not access worker directly * pb: add extra validation to protobuf types * sourcepolicy: add validations for nil values * exporter: add validation for platforms key value * exporter: add validation for invalid platorm * exporter: validate null config metadata from gateway * Fix missing chown/chmod when using parents flag with ADD/COPY command * Add --parents to commitMessage for ADD/COPY command * chore: fix remotecache/v1/doc.go * Add --chown and --chmod to commitMessage for ADD/COPY command * update runc to v1.1.11 * Add test to check that `client.SolveOpt.LocalDirs` still works * Replace usage of LocalDirs with LocalMounts in buildctl and examples * Integration tests: use LocalMounts instead of deprecated LocalDirs * chore: close solver resources on shutdown * s3: fix deprecated EndpointResolver * s3: rely on aws sdk v2 error types * vendor: bump github.com/aws/aws-sdk-go-v2 deps * vendor: github.com/docker/cli v25.0.1 * vendor: github.com/docker/docker v25.0.1 * chore: document CacheChains.Marshal * chore: refactor item.validate for readability * chore: add some doc-comments in remotecache * chore: update CacheExporterTarget docs * chore: remove unused cachechains parent link * Do not include a cache mount's ID in the ExecOp's cachemap * docs: tiny improvements * chore: remove noisy rootlesskit cni log * solver: use errors.Is when checking context.Cause() * oci: fix error handling on submount calls * Dockerfile: update dind script to latest version * fix: typo * ci: disable push if not upstream repo * hack: use git context only for upstream repo * chore: remove unnecessary locker from http source * gateway: ensure that all process io is correctly closed * history: wrap os.ErrNotExist errors * dockerfile: validate order when linking stages * vendor: github.com/docker/cli v25.0.0 * vendor: github.com/docker/docker v25.0.0 * dockerfile: allow errors with multiple source location * dockerfile: add source location to circular dependency error * CI: add oci-rootless-slirp4netns-detachnetns * cniprovider: support `rootlesskit --detach-netns` (RootlessKit v2) * vendor: github.com/docker/cli v25.0.0-rc.3 * vendor: github.com/docker/docker v25.0.0-rc.3 * vendor: github.com/moby/sys/mountinfo v0.7.1 * vendor: golang.org/x/sys v0.16.0 * vendor: github.com/google/uuid v1.5.0 * vendor: github.com/google/go-cmp v0.6.0 * test: add a test for cyclic merges * scheduler: always edge merge in one direction * progress: add panic for multiwriter cycles * chore: update merging log message to include index * chore: fix minor typos in scheduler_test.go * docs: fix up named context docs * filesync: append metadata for CopyToCaller * docs: clarify here-document word quote variable expansion * vendor: github.com/docker/cli v25.0.0-rc.2 * vendor: github.com/docker/docker v25.0.0-rc.2 * vendor: github.com/vbatts/tar-split v0.11.5 * vendor: github.com/containerd/containerd v1.7.12 * docs: fix copy/paste typo in Dockerfile reference * solver: ensure each ref in the result map is evaluated * rootless: use `~/.config/buildkit/cni.json` * hack/test: allow ALPINE_VERSION to be set from env * authors.Dockerfile: update to alpine 3.19 * cmd/buildkitd: show "bridge" net mode in `--help` * add CNI bridge network provider * test: add test case for multi-platform scratch * docs: fix typo for eksctl * fix lease management with flightcontrol * go.mod: fix dependencies being in the wrong group * vendor: github.com/docker/go-connections v0.5.0 * hack: add docker-compose file for development * control: fix typo in exporter slice comment * solver: avoid discarding nil refs entry * gateway: avoid calling Definition on nil ref * vendor: github.com/docker/cli v25.0.0-rc.1 * vendor: github.com/docker/docker v25.0.0-rc.1 * vendor: github.com/opencontainers/runc v1.1.11 * vendor: github.com/klauspost/compress v1.17.4 * exporter: use implicit ids for exporters * solver: add cap for multiple exporters * control: add multiple exporters * exporter: add new id parameter to exporter instances * session: add file send multiplexing * exporter: pass inline cache directly to exporter * exporter: make ParseKey platform parameter optional * session: create helper type for exporter file output * exporter: avoid modifying exporter inputs * filesync: add doc comments in proto * chore: remove function indirection for cache exporters * dockerfile: mitigate flaky smoke test with timeout * docs: clarify the purpose of the syntax parser directive * Fix hardlink issue with whiteout deletes in the merge snapshotter. * detect: refactor the default resource detector for detect * vendor: github.com/docker/cli v25.0.0-beta.3 * vendor: github.com/docker/docker v25.0.0-beta.3 * vendor: github.com/felixge/httpsnoop v1.0.4 * vendor: golang.org/x/crypto v0.17.0 * vendor: golang.org/x/crypto v0.16.0 * vendor: golang.org/x/text v0.14.0 * vendor: golang.org/x/sys v0.15.0 * docs: mention trace logging in buildkitd.toml docs * ci: remove timeout on image job * tracing: allow the `Resource` to be set externally * tests: enable previously skipped tests * lint: set proper cache key for golangci-lint target * ci(buildkit): set timeout to image job * ci(test-os): retry logic for freebsd smoke tests step * tests: enable integration test run on windows * chore: remove WithFailFast option * git: ensure that pin matches checked-out commit * util: expose otel metrics through grpc and prometheus * Dockerfile: bump up containerd to 1.7.11 * go.mod: bump up containerd to 1.7.11 * add gabriel-samfira to maintainers * Add project processes guide * fix/pr: fixes from pr review * replace WithTimeout with WithTimeoutCause * replace context.WithCancel with WithCancelCause * make docs * json-cache-metrics becomes debug-json-cache-metrics * add an option to show JSON cache metrics * chore: tidy up removal of digest algorithm * Dockerfile: Bump up containerd to v1.7.10 * go.mod: bump up github.com/containerd/containerd to v1.7.10 * solver: use toSelectors to filter root paths instead of custom logic * llbsolver: fix possible panic when setting event to nil * ci(deps): upgrade containerd to v1.7.9 * ci(deps): upgrade OpenTelemetry libraries to v1.19.0 / v0.45.0 * Update docs/attestations/sbom-protocol.md * docs: dockerfile instructions quick reference * github: add issue reporting guide * windows integration tests: plumbing work to be able to run on windows * Update to go 1.21 * dockerfile: remove duplicate layer chains from provenance attestation * fix bug that gen layer tar contains duplicated files * Dockerfile: Bump up runc to 1.1.10 * docs: refresh dockerfile frontend reference * String substitution in variable expansion * docs: update builtctl.md to fix markdown links and typo * buildctl: Add insecure config for registry-auth-tlscontext flag * dockerfile2llb: filter unused paths for named contexts * vendor: github.com/docker/cli v25.0.0-beta.1 * vendor: github.com/docker/docker v25.0.0-beta.1 * vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev) * vendor: github.com/opencontainers/runc v1.1.10 * vendor: github.com/docker/docker-credential-helpers v0.8.0 * vendor: github.com/go-logr/logr v1.2.4 * vendor: github.com/vbatts/tar-split v0.11.3 * vendor: github.com/opencontainers/runtime-spec v1.1.0 * vendor: github.com/cenkalti/backoff/v4 v4.2.1 * llbsolver: unmarshal protobuf objects into the provenance attestation correctly * docs: fix warning callouts * cache: set max batch size limit to prune * ci(test-os): enable SSH keep alive in vagrant vm * ci(validate): use target property to list all targets * golangci-lint: increase timeout * enable golangci-lint for supported platforms * solver: allow debugging specific builder steps * Update buildctl.md * containerd: support custom shim path * chore: update getTaskOpts to return multiple opts * git: add missing RedactCredentials call in cache description * docs: add a note that healthcheck --start-interval requires docker 25.0 * Whenever copying OCI Platform data, include OSVersion and OSFeatures * hack: enable linting for freebsd * hack: enable linting for windows * chore: move linux-specific oci spec to spec_linux.go * chore: remove unused functions for windows * chore: fix windows variable naming issues * chore: remove fmt.Errorf usage for windows * docs: retarget dockerfile reference link * ci: make test job depends on binaries one * dockerfile: smoke tests for binaries * frontend/dockerfile/dockerfile2llb: errmsg: quote build target * vendor: github.com/containerd/containerd v1.7.8 * vendor: google.golang.org/grpc v1.58.3 * vendor: google.golang.org/protobuf v1.31.0 * vendor: golang.org/x/tools v0.10.0 * vendor: golang.org/x/sync v0.3.0 * vendor: golang.org/x/mod v0.11.0 * Add string trimming (#, %, ##, %%) in variable expansion * test: add force-compression option for nydus case * solver: fix nydus force compression for provenance * fix typos * containerd: normalize platform received from introspection API * fix usage loss for snapshots with labels in MergeSnapshotter * vendor: update nydus-snapshotter to v0.13.1 * ci(test-os): switch to macos-13 runner for freebsd job * migrate to github.com/moby/sys/user * vendor: google.golang.org/grpc v1.56.3 * vendor: google.golang.org/grpc v1.56.2 * ci: bump up golangci-lint to v1.55.0 * dockerfile2llb: Add a MainContext option to ConvertOpt * buildkitd: use default config file location when run as root in rootless * Dockerfile: bump up registry to v2.8.3 * Dockerfile: bump up CNI plugins to v1.3.0 * solver: fix printing progress messages after merged edges * Fix broken link * vendor: github.com/klauspost/compress v1.17.2 * client: refactor to extract prepareMounts * exporter: refactor to clarify intent behind fs usage * client: allow exposing fsutil.FS through SolveOpts * session: modify FSSync provider to take fsutil.FS objects * vendor: update fsutil to master@f09800878302 * Send hcsshim's options struct when running with hcsshim * ci(test-os): increase vm boot time to 15m * llbsolver: fix possible deadlock in history listen * buildkitd: fix debug handler listener * cache: fix cache leak * Dockerfile: update xx to 1.3.0 * solver: minor typo in one of the logging messages * Dockerfile: bump up nerdctl to v1.6.2 * chore: enable riscv64 build * solver: fix possible concurrent map access on cache export * Fix linting issue * Use snapshot.Mountable as an argument type to readUser * Move readUser code outside of the file package * Remove the need for an exported Executor field * Implement readUser on Windows * Skip export of caches with no layers to OCI structures * Correct package name for inline remote-cache source * Revendor opencontainers/image-spec to v1.1.0-rc5 * chore: temporarily disable riscv64 build * ci: fix docs upstream validation workflow * README: BuildKit is now default in the Engine * vendor: golang.org/x/net v0.17.0 * vendor: golang.org/x/crypto v0.14.0 * vendor: golang.org/x/text v0.13.0 * vendor: golang.org/x/sys v0.13.0 * Dockerfile: update containerd binary to v1.7.7 * Add Unikraft to the list of BuildKit users * vendor: github.com/containerd/containerd v1.7.7 * vendor: golang.org/x/net v0.13.0 * vendor: golang.org/x/crypto v0.11.0, golang.org/x/text v0.11.0 * vendor: golang.org/x/sys v0.10.0 * vendor: github.com/stretchr/testify v1.8.4 * vendor: github.com/containerd/continuity v0.4.2 * solver: protect against nil rres upon errors * ResolveImageConfig: Only fetch best matching config * git: use custom giturl type to preserve original remote * sshutil: refactor to allow parsing scp-style urls * gateway: restore original filename in StatFile error message * dockerfile: add --parents flag for COPY * CI (containerd v1.6): bump up containerd to 1.6.24 * docs: mv .dockerignore help to context docs * uploadprovider: avoid too big grpc messages on tar upload * session: raise grpc message size limits for session endpoint * filesync: split stream data into 3MB chunks to avoid message limits * Bump up golangci-lint to 1.54.2 * Update go to 1.21 * docs: fix typo in nydus.md * Rename cgroupNamespaceSupported, add details * Don't support cgroupns on cgroups v1 * util/resolver: fillInsecureOpts don't return slice * util/resolver: Http fallback in the same host * util/resolver: Fix insecure mirrors * Make output window configurable: BUILDKIT_TTY_LOG_LINES * docs: fix incorrect option name in containerd runtime config * ci(test): fix unhandled buildkitd tags * solver: fix issue with double merged edges * hack: update BUILDKIT_DEBUG handling * dockerfile: introduce a debug variant for the buildkit docker image * integration: set otel socket path through buildkit config * chore: add todo note to remove runj specifics * Add options to specify containerd runtime * Ensure layers in the local content store on FileList API * cache: don't skip unlazy without blob check * docs/rootless: use Bottlerocket's API configurations * solver: correctly set the content selector with multiple bind mounts references * diff: gzip with custom level should be compressed by BuildKit's differ * docs: note that gckeepstorage can take different types * Revert "Update buildkitd.toml.md" * ci(test-os): increase vm boot time to 10m * hack(test): tidy create command and display invoked docker cmds * ci(test): dedicated step to build integration-tests image * create integration-tests bake target * hack(test): opt to avoid building the integration tests image * hack(dockerfile-frontend): remove daily release type * hack: align syntax * hack: progressFlag set not needed * hack: cleanup buildx install * hack(test): use trap to remove cache volume * buildctl: propagate `SOURCE_DATE_EPOCH` from client env to build arg * ci: update github actions to latest stable * buildctl: Add configured TLS certificate to trust store when making calls to registry auth * go fmt cache/blobs_nolinux.go * exporter/containerimage: new option: rewrite-timestamp * Move cache/converter.go to util/converter/converter.go * dockerfile2llb: set default llb.Local when client is not available * progressui: modify NewDisplay to accept io.Writer instead of console.File * authprovider: Fix error return from Credentials when logger is nil * Add Unikraft's kraft.yaml to list of LLB languages. * ci(test-os): cross build freebsd binaries using the Dockerfile * progress: add new quiet display mode * docs: Add `[dns]` snippet to `buildkitd.toml` example file * client: manually implement Wait backoffs * docs(source): mention successful snapshots can be nil * fix: return err when unable to hash * migrate to github.com/distribution/reference v0.5.0 * Revert "buildctl: set max backoff delay to 1 second" * ci: update github actions to latest stable * lint: fix linting rules for logrus * chore: use bklog instead of logrus * fix: use sha256 for merge/diff op cache maps * llb: avoid duplicate instances of sourcemaps in provenance * fix: log context for future debugging * fix(boltdb): close cache and history dbs on exit * Cleanup args, rename jobDetails * fix: check snapshot labels to avoid panic * fix(metadata): close store on exit * pull: fix possible negative blob pull time * docs: fix slsa definition markup issues * FreeBSD CI: cross-compile binaries * util/progress: silence go test -race * progressui: adds a json output that shows raw events for the solver status * docker: cleanup fields in image definition * test: git tag test should not sign tags * git: centralize git cli operations * deprecate frontend/dockerfile/dockerignore * replace dockerfile/dockerignore with patternmatcher/ignorefile * vendor: github.com/moby/patternmatcher v0.6.0 * git: avoid regexp for checking .git suffix * git: update parsing to clarify between scp-style urls * tests: tidy up gitutil testing structs * git: update llb.Git doc comment * hack: forward CGO_ENABLED into test container * solver: fix possible race for provenance ResolveImageConfig * solver: wrap gRPC codes.NotFound on unknown build ID * ci: dump context on failure * chore: fix git freebsd to match file names * source: make sources pluggable * Fix typo in README.md * Implement executor on Windows * chore: split vagrant provisioning * buildkitd: add grpc.health.v1.Health service * Dockerfile: RUNC_VERSION=v1.1.9 * go.mod: github.com/opencontainers/runc v1.1.9 * ci: add protolint validation * lint: add protolint config * chore: tidy up filesync encode headers handling * docs: index annotations fail if index is not produced * docs: update gcpolicy percentage to refer to total space * docs: improve CacheMap developer documentation * filesync: write closer err discarded * Avoid unnecessary map allocation when writing progress * Improve cache related trace logging. * test: add HasFeatureCompat helper * integration: fix rootless tests * buildkitd: otel config and otel-socket-path flag * tests: refactor integration test package * test: use integration.Tmpdir consistently * docs: removed labs ref for ADD checksum and git * ci(test-os): bump actions * tests: refactor Tmpdir as a test helper * FreeBSD CI Run logs retention * filesync: remove deprecated override-excludes * integration: preserve existing environment variables when using sudo * set tracing socket path to runtime dir * executor: fix resource sampler goroutine leak * docs: troubleshoot for `mount proc:/proc (via /proc/self/fd/6), flags: 0xe: operation not permitted` * FreeBSD port * examples: bump oci and containerd versions * examples: remove no_containerd_worker build tag * hack: add linting for multiple combinations of build tags * chore: remove unused blobIDs for nydus compression * chore: remove old no_{oci,containerd}_worker build tags * nydus: fix missing imports * frontend/dockerfile/dockerignore: remove hard-coded filename from error * frontend/dockerfile/dockerignore: touch-up godoc and code * frontend/dockerfile/dockerignore: cleanup unit test * chore: clean up file copy logic backend logic * filesync: append rather than replace grpc md. * progress: don't modify ResetTime inputs * vendor: github.com/docker/cli v24.0.5 * vendor: golang.org/x/net v0.10.0 * vendor: golang.org/x/text v0.9.0 * vendor: golang.org/x/sys v0.8.0 * vendor: github.com/sirupsen/logrus v1.9.3 * Add support for JSON formatted logs (#3133) * Dedupe "containerd.io/uncompressed" constants and literals * integration: missing env var to check feature compat * vendor: github.com/docker/docker@master (afd4805) * file: Fix incorrect handling of non-existent files in llbsolver's rmPath * llb: Add tests for WithUser * llb: Correct 'contexst' typo in State.Run function's documentation * test: update pinned busybox image to 1.36 * executor/resource: stub out NewSysSampler on Windows * vendor: github.com/docker/cli v24.0.4 * docs/build-repro.md: fix description about squashing * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev) * test: update pinned alpine image to 3.18 * examples: create certs bake definition * testutil: move CheckContainerdVersion to a separate package * chore: update AUTHORS and mailmap * Clarify the behavior of wildcards in .dockerignore file ------------------------------------------------------------------- Thu Feb 01 16:36:18 UTC 2024 - dcermak@suse.com - Update to version 0.12.5: * update runc to v1.1.12 * exec: add extra validation for submount sources (fixes CVE-2024-23651, bsc#1219267) * oci: fix error handling on submount calls * executor: recheck mount stub path within root after container run (fixes CVE-2024-23652, bsc#1219268) * llbsolver: make sure interactive container API validates entitlements (fixes CVE-2024-23653, bsc#1219438) * gateway: pass executor with build and not access worker directly * pb: add extra validation to protobuf types * sourcepolicy: add validations for nil values * exporter: add validation for platforms key value * exporter: add validation for invalid platorm * exporter: validate null config metadata from gateway * ci: disable push if not upstream repo * hack: use git context only for upstream repo * hack/test: allow ALPINE_VERSION to be set from env * hack: align syntax * vendor: github.com/cyphar/filepath-securejoin v0.2.4 * tracing: allow the `Resource` to be set externally ------------------------------------------------------------------- Mon Dec 04 13:14:41 UTC 2023 - fredrik.lonnegren@suse.com - Update to version 0.12.4: * Fix possible concurrent map access on remote cache export * Fix hang on debug server listener * Fix possible deadlock in History API under high number of parallel builds * Fix possible panic on handling deleted records in History API * Fix possible data corruption in zstd library - Update to version 0.12.3: * Fix possible duplicate source files in provenance attestation for chained builds * Fix possible negative step time in progressbar for step shared with other build request * Fix properly closing history and cache DB on shutdown to avoid corruption * Fix incorrect error handling for invalid HTTP source URLs * Fix fallback cases for ambiguous insecure configuration provided for registry used as push target. * Fix possible data race with parallel image config resolves * Fix regression in v0.12 for clients waiting on buildkitd to become available * Fix Cgroup NS handling for hosts supporting only CgroupV1 - Update to version 0.12.2: * Fix possible discarded network error when exporting result to client * Avoid unnecessary memory allocations when writing build progress ------------------------------------------------------------------- Wed Aug 02 21:37:05 UTC 2023 - elimat@opensuse.org - Update to version 0.12.1: * executor: fix resource sampler goroutine leak * [v0.11] make tracing socket forward error non-fatal * integration: missing env var to check feature compat * test: update pinned busybox image to 1.36 * test: update pinned alpine image to 3.18 * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev) * executor/resource: stub out NewSysSampler on Windows * vendor: github.com/docker/cli v24.0.4 * testutil: move CheckContainerdVersion to a separate package * llbsolver: fix policy rule ordering * filesync: fix backward compatibility with encoding + and % * hack: allow to set GO_VERSION during tests * test: always disable tls for dockerd worker * buildctl: set max backoff delay to 1 second * contenthash: data race * filesync: escape special query characters * applier: add hack to support docker zstd layers * Fix various nits * pullprogress data race * use sampler lock instead * Fix ResolveImageConfig to evaluate source policy * sampler data race fix * update cgroup parent test to work with cgroupns * Revert "specify a `ResponseHeaderTimeout` value" * oci: make sure cgroupns is enabled if supported * bash lint fix * rename BUILDFLAGS to GOBUILDFLAGS * allow ENOTSUP for PSI cgroup files * containerimage: use platform matcher to detect platform to unpack * exporter: silently skip unpacking unknown reference * improve error handling in ReadFile * dockerfile: arg for controlling go build flags * dockerfile: arg to enable go race detection * Add support for health start interval * Re-vendor moby/moby * filesync: mark if options have been encoded to detect old versions * dockerfile: heredoc should use 0644 permissions * docs: update README to reference OpenTelemetry instead of OpenTracing * gateway: restore original filename in ReadFile error message * Dockerfile: update containerd to v1.7.2 * Use system.ToSlash() instead of filepath.ToSlash() * Revert most changes to client/llb * Remove Architecture * Default to linux in client * Ensure we use proper path separators * Set default platform * Add nil pointer check in dispatchWorkdir * Remove nil pointer check and extra NormalizePath * Rename variable, remove superfluous check * Use current OS as a default * Handle file paths base on target platform * exporter: unlazy references in parallel * exporter: simplify unlazy references to reduce duplication * exporter: allow unpack on multi-platform images * tests: add unpack to scratch export test * overlay: set whiteout timestamps to 1970-01-01 (not to SOURCE_DATE_EPOCH) * dockerfile: graduate `ADD --checksum=<checksum>` from labs * dockerfile: graduate `ADD <git ref>` from labs * dockerfile: mod-outdated target to check modules updates * dockerfile: use xx in dnsname stage * dockerfile: install musl-dev to fix compilation issue * dockerfile: update Alpine to 3.18 * vendor: update fsutil to 36ef4d8 * export(local): split opt * buildctl: Provide --wait option * containerimage: support SOURCE_DATE_EPOCH for CreatedAt * move flightcontrol to use generics * containerimage: keep layer labels for exported images * shell: start shell from cmd, not entrypoint * sbom: propogate image-resolve-mode for generator image * client: add extra debug to tests * handle missing provenance for non-evaluated result * tests: add provenance test for duplicate platform * tests: add provenance test for when context directory does not exist * forward: make BridgeClient public for lint * gateway: enable named contexts for gateway frontend * vendor: update vt100 with resize panic fix * docs: dockerfile: remove "known issues" related to AuFS * docs: add running instruction to CONTRIBUTING.md * tests: add worker close method to interface * add and check for gateway.exec.secretenv cap * move Secretenv from Meta to InitMessage * support passing SecretEnv to gateway containers * Add comment, update from review * Fix issue with digest merge (inconsistent graph state) * docs: add helper commands section to CONTRIBUTING.md * docs: update CONTRIBUTING.md whitespace formatting * integration: fix not deleting dockerd workdir * remove uses of deprecated ResolverOptions.Client * filesync: fix handling non-ascii in file paths * tests: add test for unicode filenames * Adding more docs to client/llb * Add special case for rw bind mounts * vendor: github.com/docker/cli v24.0.2 * vendor: github.com/docker/docker v24.0.2 * progressui: fix index printing on partial rows * gateway: wrap ExecProcessServer Send calls with a mutex * resources: make maxsamples configurable * llbsolver: add systemusage samples to provenance attestation * resources: store sys cpu usage per step * resources: add sampler for periodic stat reads * resources: CNI network usage sampling support * resources: add build step resource tracking via cgroups * solver: lock before using actives * Emulate "bind" mounts using the bind filter * Fix mount layers on host * llbsolver: set temporary lease in Commit context * Update containerd dependency * exporter: Add exptypes with Common exporter keys * exporter/image/exptypes: Make strongly typed * solver: move AddBuildConfig into llbsolver package * tests: add test to check url format for image loaded from oci layout * solver: mark locally loaded images as such * solver: merge local and remote images into single list * purl: allow RefToPURL to take a type parameter * tests: don't use purl code to test itself * Use linux as a default for inputOS * Add path handling functions * response to comments * containerimage: Export option keys * vendor: update spdx/tools-golang to v0.5.1 * exporter: remove non dist options from tar exporter * exporter: move fs opt parsing to method * tests: fixup attestation tar to not panic when file not found * git: set umask without reexec * add language property for sourcemap * dockerfile/docs: add set -ex to heredoc #3870 * authprovider: fix a bug where registry-1.docker.io auth was always a cache miss * response to comments * tracing: fix buildx tracing delegation * Update continuity and fsutil * cache: add a few more fields to ref trace logs. * vendor: github.com/containerd/go-runc v1.1.0 * provenance: fix possible empty digest access * vendor: fix broken vendoring * dockerfile: bump up nerdctl to v1.4.0 * bump nydus-snapshotter dependence to v0.8.2 * vendor: github.com/docker/cli v24.0.1 * vendor: github.com/docker/docker v24.0.1 * vendor: github.com/containerd/containerd v1.7.1 * vendor: github.com/Microsoft/hcsshim v0.10.0-rc.8 * vendor: github.com/Microsoft/go-winio v0.6.1 * vendor: golang.org/x/sys v0.7.0 * vendor: github.com/containerd/typeurl/v2 v2.1.1 * chore: bump spdx tools * Fix typo in attestation-storage.md * vendor: github.com/docker/cli v24.0.0 * vendor: github.com/docker/docker v24.0.0 * vendor: github.com/opencontainers/runc v1.1.7 * vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2 * vendor: github.com/klauspost/compress v1.16.3 * Dockerfile: CONTAINERD_VERSION=v1.7.1 * Dockerfile: CONTAINERD_ALT_VERSION_16=v1.6.21 * Dockerfile: RUNC_VERSION=v1.1.7 * session: avoid logging healthcheck error on canceled connection * session: fix run and close synchronization * testutil: update ReadImages to fallback to reading manifest * Add trace logs for cache leaks. * Add some doc strings for LLB functions * attestations: move containerd media type warnings * update generated proto files * attestations: replace intoto media type with vendored const * nydus: bump nydus versions in Dockerfile and doc * feedback changes for moby/buildkit #2251 * testutil: expose underlying docker address for supported workers * testutil: expose integration workers as public * remove type aliases for leasemanager/contentstore * llbsolver: move history blobs to a separate namespace * build(deps): bump github.com/docker/distribution * added import/export support for OCI compatible image manifest version of cache manifest (opt-in on export, inferred on import) moby/buildkit #2251 * llb: carry platform from inputs for merge/diff * llb: don't include platform in fileop * control: fix possible deadlock on network error * exporter/containerimage: remove redundant type for var declaration * Fix not to set the value on empty vertex * Fix to import as digest * cache: always release ref when getting size in usage. * Drop unneeded variable * ssh: add fallback to ensure conn is closed in all cases. * vendor: github.com/opencontainers/image-spec v1.1.0-rc3 * vendor: github.com/docker/cli v23.0.5 * vendor: github.com/docker/docker v23.0.5 * nydus: update nydus-snapshotter dependency to v0.8.0 * progressui: fix possible zero prefix numbers in logs * llbsolver: send active event only to current client * llbsolver: send delete status event * llbsolver: filter out records marked deleted from list responses * Add Windows service support * docs: fixup build repro doc with updated policy format * test: use appropriate snapshotter service to walk snapshots * overlay: use function to check for overlay-based mounts * Update uses of Image platform fields in OCI image-spec * allow setting user agent products * Bump up golangci-lint to v1.52.2 * chore: tidy up duplicated imports * solver: Release unused refs in LoadWithParents * Avoid panic on parallel walking on DefinitionOp * solver: skip sbom post processor if result is nil * vendor: github.com/docker/docker v23.0.4 * vendor: github.com/docker/cli v23.0.4 * vendor: golang.org/x/time v0.3.0 * vendor: github.com/docker/cli v23.0.2 * vendor: github.com/docker/docker v23.0.2 * test: don't hang if a process doesn't run * ci: put worker name first for better UX in actions * go.mod: remove github.com/kr/pretty * Revert "Problem: can't use anonymous S3 credentials" * go.mod: bump up runc to v1.1.6 * go.mod: Bump up stargz-snapshotter to v0.14.3 * dockerfile: bump up stargz-snapshotter to v0.14.3 * dockerfile: bump up runc to v1.1.6 * buildkitd: add grpc reflection * Bump up nerdctl to 1.3.0 * Bump up containerd 1.6.20 * Fix gzip decoding of HTTP sources. * ci: update runner os to ubuntu 22.04 * Fix bearer token expiration check (fixes #3779) * docs: update buildkitd.toml with new field info * buildkitd: allow durations for gc config * buildkitd: allow multiple units for gc config * dockerui: expose context detection functions as public * Prevent overflow of runc exit code. * Upgrade to latest go-runc. * runc worker: fix sigkill handling * Dockerfile: RUNC_VERSION=v1.1.5 * client: add client opts to enable system certificates * Make ClientOpts type safe * build(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 * fileop: create new fileOpSolver instance per Exec call * Provide CacheManager to Controller instead of CacheKeyManager. * http: ensure HEAD and GET requests have same headers * docs: add auto-generated sections to buildctl.md * client: allow grpc dial option passthrough * cni: simplify netns creation * add Bass to list of LLB languages * llbsolver: fix sorting of history records * llbsolver: Fix performance of recomputeDigests * solve: use comparables instead of reflection in result struct * vendor: github.com/docker/cli v23.0.1 * vendor: github.com/docker/docker v23.0.1 * client: create oci-layout file in StoreIndex * ci: output annotations for failures * test: set mod vendor * test: use gotestsum to generate reports * fix gateway exec tty cleanup on context.Canceled * fix process termination handling for runc exec * Register builds before recording build history * docs(dockerfile): minimal Dockerfile version support for chmod * Update builder.md to document newly supported --chmod features in both ADD and COPY statements. * use bklog.G(ctx) instead of logrus directly * integration: missing mergeDiff compat check * chore: `translateLegacySolveRequest` does not need to return error checking. * integration: split feature compat check for subtests * integration: missing feature compat check for cache * dockerfile: fix reproducible digest test for non-amd64 * integration: add FeatureMergeDiff compat * integration: add FeatureCacheBackend* compat * integration: enforce features compat through env vars * ci: upstream docs conformance validation * dockerfile(docs): fix liquid syntax * Problem: can't use anonymous S3 credentials * hack: remove build_ci_first_pass script * hack: binaries and cross bake targets * go.mod: update to go 1.20 * Dockerfile: CONTAINERD_VERSION=v1.7.0 * go.mod: github.com/containerd/containerd v1.7.0 * Add Namespace to list of buildkit users. * remove buildinfo * buildinfo: add BUILDKIT_BUILDINFO build arg * buildinfo: mark as deprecated * docs: deprecated features page * rootless: guide for Bottlerocket OS (`sysctl -w user.max_user_namespaces=N`) * rootless: fix up unprivileged mount opts * Dockerfile: CONTAINERD_VERSION=v1.7.0-rc.3, CONTAINERD_ALT_VERSION_16=v1.6.19 * go.mod: github.com/containerd/containerd v1.7.0-rc.3 * version: add "v" prefix to version for tagging convention consistency * remove context name validation from kubepod connhelper * gateway: add hostname option to NewContainer API * fix error message typo * provenance: ensure URLs are redacted before written * test/client: Close buildkit client * docs: missing security policy markdown file * diffapply: do chown before xattrs * Add test for merge of files with capabilities. * fix a possible panic on cache * Update cmd/buildkitd/main_windows.go * ci(validate): use bake * hack: shfmt bake target * hack: generated-files bake target * hack: doctoc bake target * hack: lint bake target * hack: authors Dockerfile and bake target * hack: bake definition with vendor targets * Fix buildkitd panic when frontend input is nil. * ci: trigger workflows on push to release branches * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 * ci: create GitHub Release for frontend as well * ci: make release depends on image job * lint: fix issues with go 1.20 * remove deprecated golangci-lint linters * update golangci-lint to v1.51.1 * update to go 1.20 * Allow DefinitionOp to track sources * specify a `ResponseHeaderTimeout` value * Ensures that the primary GID is also included in the additional GIDs * ci: fix missing TESTFLAGS env var in test-os workflow * Dockerfile: update containerd to v1.7.0-beta.4, v1.6.18 * go.mod: github.com/containerd/containerd v1.7.0-beta.4 * ci: update softprops/action-gh-release to v0.1.15 * ci: remove unused vars in dockerd workflow * ci: split cross job * Dockerfile: remove binaries-linux-helper stage * ci: rename unclear env vars * readme: fix and update badges * ci: rename build workflow to buildkit * ci: reusable test workflow * ci: move test-os to a dedicated workflow * ci: move frontend integration tests and build to a dedicated workflow * stargz-snapshotter: graduate from experimental * Bump up stargz-snapshotter to v0.14.1 * set osversion in index descriptor from base image * progress: solve status description * ci: update buildx to latest * Dockerfile: update xx to 1.2.1 * integration: make sure registry directory exists * gha: avoid range requests with too big offset * ci: merge test-nydus job in test one * ci: remove branch restriction on pull request event * client: add tests for layerID in comment field * exporter: fix sbom supplement core detection * exporter: fix supplement sboms on empty scratch layer * exporter: fix file layer finder whiteout detection * exporter: canonicalize sbom file paths during search * Add platform tracing socket paths and mounts * integration: log dockerd cmd * integration: set custom flags for dockerd worker * remotecache: proper exporter naming for gha, s3 and azblob * remotecache: explicit names for registry and local * exporter: use compression.ParseAttributes func * remotecache: mutualize compression parsing attrs * lex: add support for optional colon in variable expansion * test: rework TestProcessWithMatches to use a matrix * dockerfile: update to use dockerui pkg * dockerui: separate docker frontend params to reusable package * cache: add fallback for snapshotID * exporter: remove wrappers for oci data types * vendor: github.com/docker/cli v23.0.0 * vendor: github.com/docker/docker v23.0.0 * hack: do not cache some stages on release * hack: do not set attest flags when exporting to docker * git: override the locale to ensure consistent output * fix support for empty git ref with subdir * gitutil: use subtests * source: more tests cases for git identifier * source: use subtests cases for git identifier * otel: bump dependencies to v1.11.2/v0.37.0 * hack: treat unset variables as an error * frontend: fix typo in release script * ci: create matrix for building frontend image * inline cache: fix blob indexes by uncompressed digest * Skip configuring cache exporter if it is nil. * docs: update syntax for labs channel in examples * integration: remove wrong compat condition * integration: fix compat check for CNI DNS test * cache: don’t link blobonly based on chainid * do not mount secrets that are optional and missing from solve opts * SOURCE_DATE_EPOCH: drop timezone * sbom: create tmp directory for scanner image * progress: keep color enabled with NO_COLOR empty * hack: remove azblob_test * integration: basic azblob cache test * test: add proxy build args when existed * vendor: github.com/docker/cli v23.0.0-rc.3 * vendor: github.com/docker/docker v23.0.0-rc.3 * vendor: golang.org/x/net v0.5.0 * vendor: golang.org/x/text v0.6.0 * vendor: golang.org/x/sys v0.4.0 * Dockerfile: CNI plugins v1.2.0 * Dockerfile: CONTAINERD_VERSION=v1.7.0-beta.3, CONTAINERD_ALT_VERSION_16=v1.6.16 * Fix tracing listener on Windows * go.mod: github.com/containerd/containerd v1.7.0-beta.3 * control: send current timestamp header with event streams * vendor: update containerd to v1.6.16-0.1709cfe273d9 * buildctl: add ref-file to get history record for a build * client: make sure ref is configurable for the history API * history: save completed steps with cache stats * history: fix exporter key not being passed * history: fix logs and traces are saving on canceled builds * hack: add correct entrypoint to shell script * ci: use moby/buildkit:latest in build action * dockerfile: add testReproSourceDateEpoch * Fix cache cannot reuse lazy layers * Correct manifests_prefix documentation for S3 cache * Use golang.org/x/sys/windows instead of syscall * dockerfile: release frontend for i386 platform * Add get-user-info utility * optimize --dry-run flag * fix(tracing): spelling of OTEL_TRACES_EXPORTER value * Propagate sshforward send side connection close * buildctl: add `buildctl debug histories, buildctl prune-histories` * dockerfile: fix panic on warnings with multi-platform * vendor: github.com/docker/cli v23.0.0-rc.2 * vendor: github.com/docker/docker v23.0.0-rc.2 * vendor: github.com/containerd/containerd v1.6.15 * cache: add registry.insecure option to registry exporter * Make local cache non-lazy * docs/build-repro.md: add the SOURCE_DATE_EPOCH section * docs: clarified build argument example by changing the variable name * azblob cache: account_name attribute * docs: master -> 0.11 * ci: fix dockerd workflow with latest changes from moby * integration: set mirrors and entitlements with dockerd worker * github: update CI to buildkit version * exporter: ensure spdx order prioritizes primary sbom * hack: remove s3_test * integration: basic s3 cache test * integration: add runCmd and randomString utils * integration: expose backend logs in sandbox interface * azblob_test: pin busybox to avoid "Illegal instruction" error * docs: add nerdctl container buildkitd address docs * feat: add namespace support for nerdctl container * ci: add ci to check README toc * testutil: pin busybox and alpine used in releases * exporter: allow configuring inline attestations for image exporters * exporter: force enabling inline attestations for image export * docs: change semicolons to double ampersands * llbsolver: fix panic when requesting provenance on nil result * vendor: update fsutil to fb43384 * attestation: only supplement file data for the core scan * docs: add index page for attestations * docs: move attestation docs to dedicated directory * docs: rename slsa.md to slsa-provenance.md * docs: tidy up json examples for slsa definitions * docs: add cross-linking between slsa pages * Flakiness in azblob test job * vendor: update spdx/tools-golang to d6f58551be3f * feat: add nerdctl-container support for client * docs: slsa review updates * docs: moved slsa definitions to a separate page * docs: slsa editorial fixes * docs: add filename to provenance attestation * docs: update hermetic field after it was moved in implementation * docs: update provenance docs * docs: add slsa provenance documentation * progress: fix clean context cancelling * fix: updated_at -> updated-at * Solve panic due to concurrent access to ExportSpans * feat: allow ignoring remote cache-export error if failing * add cache stats to the build history API * vendor: github.com/docker/cli v23.0.0-rc.1 * vendor: github.com/docker/docker v23.0.0-rc.1 * vendor: github.com/containerd/containerd v1.6.14 * frontend: fix testMultiStageImplicitFrom to account for busybox changes * sshforward: skip conn close on stream CloseSend. * chore: update buildkitd.toml docs with mirror path example * feat: handle mirror url with path * provenance: fix the order of the build steps * provenance: move hermetic field into a correct struct * add possibility to override filename for provenance * Fix typo in CapExecMountBindReadWriteNoOutput. * Use SkipOutput instead of -1 for output indexes to clarify semantics. * fix indentation for in-toto and traces * attestation: forbid provenance attestations from frontend * attestation: validate attestations before unbundling as well * exporter: make attestation validation public * result: change reason types to strings * attestations: ignore spdx parse errors * attestations: propogate metadata through unbundling * gateway: add addition check to prevent content func from being forwarded * ociindex: add utility method for getting a single manifest from the index * ociindex: refactor to hide implementation internally * cache: test gha cache exporter * containerdexecutor: add network namespace callback * frontend/dockerfile: BFlags.Parse(): use strings.Cut() * frontend/dockerfile: parseExtraHosts(): use strings.Cut() * frontend/dockerfile: parseMount() use strings.Cut(), and some minor cleanup * frontend/dockerfile: move check for cache-sharing * frontend/dockerfile: provide suggestions for mount share mode * frontend/dockerfile: define types for enums * frontend/dockerfile/shell: use strings.Equalfold * frontend/dockerfile/parser: remove redundant concat * frontend/dockerfile: parseBuildStageName(): pre-compile regex * frontend/dockerfile: remove isSSHMountsSupported, isSecretMountsSupported * docs: Enable rootless for stargz-snapshotter * executor/oci: GetResolvConf(): simplify handling of resolv.conf - fix rpmlint errors * systemd units should not have execute permissions * add missing %service_add_pre for the systemd units ------------------------------------------------------------------- Tue Jan 31 17:50:32 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 0.11.2: * Update containerd patches to fix regression in handling push errors * Multiple fixes for History API #3530 * Fix issue with parallel build requests using local cache imports #3493 * Builtin Dockerfile frontend has been updated to 1.5.1, fixing possible panic in certain warning condition #3505 * Fix possible hang when closing down the SSH forwarding socket in v0.11.0 * Fix typo in an environment variable used to configure OpenTelemetry endpoints #3508 * Builtin Dockerfile frontend has been updated to v1.5.0 https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0 * BuildKit and compatible frontends can now produce SBOM (Software Bill of Materials) attestations for the build results to show the dependencies of the build. These attestations can be added to images and locally exported files. Using Dockerfiles, SBOM information can be configured to be produced also based on files in intermediate build stages or build context, or run processes that manually define the SBOM dependencies. When exporting an image, layer mapping is also produced that allows tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983 #3358 #3312 #3407 #3408 #3410 #3414 #3422 * BuildKit can now produce a Provenance attestation for the build result in SLSA format. Provenance attestations describe how a build was produced, and what sources/parameters were used. In addition to fields part of the SLSA specification, Buildkit's provenance also exports BuildKit-specific metadata like LLB steps with their source- and layer mapping. Provenance attestation will capture all the build sources visible to BuildKit, for example, not only the Git repository where the project's source is coming from but also the digests of all the container images used during the build. #3240 #3428 #3428 #3462 * BuildKit now supports reproducible builds by setting `SOURCE_DATE_EPOCH` build argument or `source-date-epoch` exporter attribute. This deterministic date will be used in image metadata instead of the current time. #2918 #3262 #3152 Read documentation * OCI annotations can now be set to build results exported as images or OCI layouts. Annotations can be set on both image manifests and indexes, as well as descriptors to them. #3283 #3061 #2975 #2879 Read documentation * New Build History API allows listening to events about builds starting and completing, and streaming progress of active builds. New commands `buildctl debug monitor`, `buildctl debug logs` and `buildctl debug get` have been added to use this API. Build records also keep OpenTelemetry traces, provenance attestations, and image manifests if they were created by the build. #3294 #3339 #3440 * Build results exported with image, local or tar exporters now support attestations. In addition to builtin SBOM and Provenance attestations, frontends can produce custom attestations in in-toto format #3197 #3070 #3129 #3073 #3063 #2935 #3289 #3389 #3321 #3342 #3461 Read documentation * New Source type `oci-layout://` allows builds to import images from OCI directory structure on the client side. This allows using local versions of the image. #3112 #3300 #3122 #3034 #2971 #2827 #3397 * Build requests now support sending a Source policy definition. A policy can be used to deny access to specific sources (e.g. images or URLs) or only allow access to specific image namespaces. Policies can also be used to modify sources when they are requested by the build, for example, pin a tag requested by the build to a specific digest even if it has already changed in the registry. #3332 * New remote cache backend: Azure Blob Storage #3010 * New remote cache backend: S3 #2824 #3065 * BuildKit now supports Nydus compression type #2581 * OCI exporter now supports attribute `tar=false` to export OCI layout into a directory instead of downloading a tarball. #3162 * Setting multiple cache exporters for a single build is now supported #3024 #3271 * Cache exporters can now be configured to ignore exporting errors #3430 * Remote cache import/export to client-side local files now supports tag parameter for scoping cache #3111 * CNI network namespaces are now provisioned from a pool for increased performance #3107 * New Info service has been added to control API for asking BuildKit daemon's version #2725 * Gateway API now has a new `Evaluate` method to control the lazy solve behavior #3137 * Allow mounting secrets with empty contents #3081 * New RemoveMountStubsRecursive option has been added to LLB ExecOp to control the cleanup behavior of mounts. By default, empty mount stubs are now cleaned up recursively in new frontends. #3314 * LLB Image source now allows pulling partial layer chains from image * Allow hostname to be set by network provider (K8S_POD_NAME) #3044 * Improve handling and logging of API health checks #2998 * RegistryToken auth from Docker config is now allowed as authentication input #2868 * Image exporter with containerd worker now allows skipping adding image to containerd image store with `store=false`. If not set then images stored images are now guaranteed to be unlazied and unpacked. #2800 * `buildctl` now loads Github runtime environment when using GHA remote cache #2707 * Support for `conflist` when configuring CNI networking #3029 * Platform info has been added to the build result descriptor metadata * Allow sourcemaps to link single LLB vertex to multiple source locations * Support for SSH connection helper #2843 * Empty stub paths created by mount points when build container runs are now cleaned up and do not remain in the final image. #3307 #3149 * Improve performance on BoltDB commits #3261 * Indentation of some of the image manifests has been fixed to use double spaces #3259 * Fix caching checksum error on copying files with custom UID/GID #3295 * Fix cases where copy operation left behind nondeterministic timestamps for better support for reproducible builds #3298 * Fix SSH forwarding incompatibility with OpenSSH >= 8.9 #3274 * Stargz has been updated to v0.13.0 #3280 * Embedded QEMU emulators have been updated to v7.1.0 with new patches for path handling. #3386 * Fix unpacking images with no layers #3251 * Fix possible nil pointer exception in LLB bridge #3233 #3169 #3066 * Fix cleanup of containerd tasks if a start fails #3253 * Fix handling Windows paths in content checksums #3227 * Fix possible missing newline in progress output #3072 * Fix possible early EOF on SSH forwarding #3431 * Fix possible panic in concurrent OpenTelemetry access #3058 * Previously deprecated old cache options have been removed #2982 * Daemonless script has been updated to handle already stopped process #3005 * Fix closing session if shared by multiple clients #2995 * `buildctl du` command now supports JSON formatting #2992 * Registry push errors now show additional context #2981 * Improve default description of FileOp vertexes #2932 * Make sure progress from exporting is properly keyed on parallel requests * Terminal colors are now configurable #2954 * Build errors now always print stacktraces to daemon logs in debug mode - switch packaging to zstd - include ldflags to set the version number in the binaries correctly ------------------------------------------------------------------- Wed Nov 24 09:43:06 UTC 2021 - Richard Brown <rbrown@suse.com> - Initial Packaging
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor