From e3b1eb968d372d38b5c1bd0c89d0ee39fa0b3826 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 22 Jan 2025 11:53:29 +0100 Subject: [PATCH 01/10] layouts: cli.html: fix incorrect closing tag The opening tag was a "td", but the closing tag a "th". Looks like browsers fix this up, but let's change it to be correct. updates 56679aec9870a57dc306a781e3e445be70aba1a6 Signed-off-by: Sebastiaan van Stijn --- layouts/_default/cli.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layouts/_default/cli.html b/layouts/_default/cli.html index f9cd66d1dc79..1a5b0fad8a5d 100644 --- a/layouts/_default/cli.html +++ b/layouts/_default/cli.html @@ -17,7 +17,7 @@

{{ .Title }}

{{ with $data.short }} Description - {{ . }} + {{ . }} {{ end }} {{ with $data.usage }} From f369c0ea12690726f773aee41432c1534cf11407 Mon Sep 17 00:00:00 2001 From: Jeff Date: Wed, 22 Jan 2025 10:14:41 -0500 Subject: [PATCH 02/10] rg-2372: Update allow list to include R2 URL (#21867) ## Description Registry is exploring using a new domain to serve data in more efficient way. ## Related issues or tickets https://docker.atlassian.net/browse/RG-2372 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/manuals/desktop/setup/allow-list.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/manuals/desktop/setup/allow-list.md b/content/manuals/desktop/setup/allow-list.md index a801607e0466..28b285919ecb 100644 --- a/content/manuals/desktop/setup/allow-list.md +++ b/content/manuals/desktop/setup/allow-list.md @@ -29,5 +29,6 @@ This page contains the domain URLs that you need to add to a firewall allowlist |https://hub.docker.com| Docker Pull/Push | |https://registry-1.docker.io| Docker Pull/Push | |https://production.cloudflare.docker.com| Docker Pull/Push | +|https://docker-images-prod.r2.cloudflarestorage.com| Docker Pull/Push | |https://docker-pinata-support.s3.amazonaws.com| Troubleshooting | |https://api.dso.docker.com| Docker Scout service | From 59cac8eabf449e083577d35ed01bbc0cc51b84b2 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 22 Jan 2025 07:47:36 -0800 Subject: [PATCH 03/10] freshness: add Beta badge to OATs doc (#21862) ## Description Little nit. Noticed OATs was using (Beta) and not the blue Beta badge. Removed (Beta) and added badge to be in line with style guide standards ## Related issues or tickets [ENGDOCS-2386](https://docker.atlassian.net/browse/ENGDOCS-2386) ## Reviews - [ ] Technical review - [ ] Editorial review [ENGDOCS-2386]: https://docker.atlassian.net/browse/ENGDOCS-2386?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- content/manuals/security/for-admins/access-tokens.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/manuals/security/for-admins/access-tokens.md b/content/manuals/security/for-admins/access-tokens.md index 470a0cb96885..d7d60e6fa024 100644 --- a/content/manuals/security/for-admins/access-tokens.md +++ b/content/manuals/security/for-admins/access-tokens.md @@ -3,7 +3,12 @@ title: Organization access tokens description: Learn how to create and manage organization access tokens to securely push and pull images programmatically. keywords: docker hub, security, OAT, organization access token -linkTitle: Organization access tokens (Beta) +linkTitle: Organization access tokens +params: + sidebar: + badge: + color: blue + text: Beta --- {{< summary-bar feature_name="OATs" >}} From 86a78e08466aeea4dfa34dfc1045fcb83293383d Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 22 Jan 2025 08:20:12 -0800 Subject: [PATCH 04/10] iam: add firewall SSO FAQ (#21863) ## Description - Added question and answer to SSO FAQs about firewall rules during SSO config - This question was asked in Kapa and Kapa returned an uncertain response since we do not cover this in existing docs - This will add a source for Kapa and allow me to improve the answer ## Related issues or tickets [ENGDOCS-2385](https://docker.atlassian.net/browse/ENGDOCS-2385) ## Reviews - [ ] Editorial review [ENGDOCS-2385]: https://docker.atlassian.net/browse/ENGDOCS-2385?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --------- Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/manuals/security/faqs/single-sign-on/faqs.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/manuals/security/faqs/single-sign-on/faqs.md b/content/manuals/security/faqs/single-sign-on/faqs.md index 85964d83d01d..383ee8df8aa8 100644 --- a/content/manuals/security/faqs/single-sign-on/faqs.md +++ b/content/manuals/security/faqs/single-sign-on/faqs.md @@ -58,3 +58,7 @@ other sensitive data in the directory. Due to potential security risks, Docker doesn't support this configuration. Instead, Docker recommends [configuring SCIM to enable group sync securely](/security/for-admins/provisioning/group-mapping/#use-group-mapping-with-scim). + +### Are there any firewall rules required for SSO configuration? + +No. There are no specific firewall rules required for configuring SSO, as long as the domain `login.docker.com` is accessible. This domain is commonly accessible by default. However, in rare cases, some organizations may have firewall restrictions in place that block this domain. If you encounter issues during SSO setup, ensure that `login.docker.com` is allowed in your network's firewall settings. \ No newline at end of file From 525d9910750a646cff727a71a3d54a5262e99326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Wed, 22 Jan 2025 17:52:04 +0100 Subject: [PATCH 05/10] engine: 27.5.1 release notes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski --- content/manuals/engine/release-notes/27.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/content/manuals/engine/release-notes/27.md b/content/manuals/engine/release-notes/27.md index cb539519bf87..9761f4edcf8b 100644 --- a/content/manuals/engine/release-notes/27.md +++ b/content/manuals/engine/release-notes/27.md @@ -27,6 +27,28 @@ For more information about: Release notes for Docker Engine version 27.5 releases. +## 27.5.1 + +{{< release-date date="2025-01-22" >}} + +For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: + +- [docker/cli, 27.5.1 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.5.1) +- [moby/moby, 27.5.1 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.5.1) + + +### Bug fixes and enhancements + +- Fix an issue that could persistently prevent daemon startup after failure to initialize the default bridge. [moby/moby#49307](https://github.com/moby/moby/pull/49307) +- Add a `DOCKER_IGNORE_BR_NETFILTER_ERROR` environment variable. Setting it to `1` allows running on hosts that cannot load `br_netfilter`. Some things won't work, including disabling inter-container communication in a bridge network. With the userland proxy disabled, it won't be possible to access one container's published ports from another container on the same network. [moby/moby#49306](https://github.com/moby/moby/pull/49306) + +### Packaging updates + +- Update Go runtime to 1.22.11 (fix CVE-2024-45341, CVE-2024-45336). [moby/moby#49312](https://github.com/moby/moby/pull/49312), [docker/docker-ce-packaging#1147](https://github.com/docker/docker-ce-packaging/pull/1147), [docker/cli#5762](https://github.com/docker/cli/pull/5762) +- Update RootlessKit to v2.3.2 to support `passt` >= 2024_10_30.ee7d0b6. [moby/moby#49304](https://github.com/moby/moby/pull/49304) +- Update Buildx to [v0.20.0](https://github.com/docker/buildx/releases/tag/v0.20.0). [docker/docker-ce-packaging#1149](https://github.com/docker/docker-ce-packaging/pull/1149) + + ### 27.5.0 {{< release-date date="2025-01-13" >}} From a68d7b0749551ab8296fa430a435e886fa0bae83 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Wed, 22 Jan 2025 21:29:05 +0000 Subject: [PATCH 06/10] ENGDOCS-2388 (#21868) ## Description Quick docs fix for a common reason why users may see that error. (Am aware the rest of the page could do with some attention, but it's gotta wait its turn). ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- .../troubleshoot/_index.md | 20 +++++++++---------- .../troubleshoot/topics.md | 6 +++++- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md index 90d5481efc17..8e127ce261d2 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md @@ -6,16 +6,16 @@ toc_max: 2 title: Troubleshoot Docker Desktop linkTitle: Troubleshoot and diagnose aliases: -- /desktop/linux/troubleshoot/ -- /desktop/mac/troubleshoot/ -- /desktop/windows/troubleshoot/ -- /docker-for-mac/troubleshoot/ -- /mackit/troubleshoot/ -- /windows/troubleshoot/ -- /docker-for-win/troubleshoot/ -- /docker-for-windows/troubleshoot/ -- /desktop/troubleshoot/overview/ -- /desktop/troubleshoot/ + - /desktop/linux/troubleshoot/ + - /desktop/mac/troubleshoot/ + - /desktop/windows/troubleshoot/ + - /docker-for-mac/troubleshoot/ + - /mackit/troubleshoot/ + - /windows/troubleshoot/ + - /docker-for-win/troubleshoot/ + - /docker-for-windows/troubleshoot/ + - /desktop/troubleshoot/overview/ + - /desktop/troubleshoot/ tags: [ Troubleshooting ] weight: 10 --- diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md index f43344eca3a2..b4ba08920dc1 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md @@ -84,10 +84,14 @@ Following are the examples of errors on MacOS which indicate that the startup fa ### Incompatible CPU detected +> [!TIP] +> +> If you are seeing this error, check you've installed the correct Docker Desktop for your architecture. + Docker Desktop requires a processor (CPU) that supports virtualization and, more specifically, the [Apple Hypervisor framework](https://developer.apple.com/library/mac/documentation/DriversKernelHardware/Reference/Hypervisor/). -Docker Desktop is only compatible with Mac systems that have a CPU that supports the Hypervisor framework. Most Macs built in 2010 and later support it,as described in the Apple Hypervisor Framework documentation about supported hardware: +Docker Desktop is only compatible with Mac systems that have a CPU that supports the Hypervisor framework. Most Macs built in 2010 and later support it, as described in the Apple Hypervisor Framework documentation about supported hardware: *Generally, machines with an Intel VT-x feature set that includes Extended Page Tables (EPT) and Unrestricted Mode are supported.* From 2321e0685775bb25fb88af066e17563ba78ed82b Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 22 Jan 2025 13:39:37 -0800 Subject: [PATCH 07/10] Revert "ENGDOCS-2388 (#21868)" (#21873) This reverts commit a68d7b0749551ab8296fa430a435e886fa0bae83. Accidentally merged Allie's PR :( --- .../troubleshoot/_index.md | 20 +++++++++---------- .../troubleshoot/topics.md | 6 +----- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md index 8e127ce261d2..90d5481efc17 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/_index.md @@ -6,16 +6,16 @@ toc_max: 2 title: Troubleshoot Docker Desktop linkTitle: Troubleshoot and diagnose aliases: - - /desktop/linux/troubleshoot/ - - /desktop/mac/troubleshoot/ - - /desktop/windows/troubleshoot/ - - /docker-for-mac/troubleshoot/ - - /mackit/troubleshoot/ - - /windows/troubleshoot/ - - /docker-for-win/troubleshoot/ - - /docker-for-windows/troubleshoot/ - - /desktop/troubleshoot/overview/ - - /desktop/troubleshoot/ +- /desktop/linux/troubleshoot/ +- /desktop/mac/troubleshoot/ +- /desktop/windows/troubleshoot/ +- /docker-for-mac/troubleshoot/ +- /mackit/troubleshoot/ +- /windows/troubleshoot/ +- /docker-for-win/troubleshoot/ +- /docker-for-windows/troubleshoot/ +- /desktop/troubleshoot/overview/ +- /desktop/troubleshoot/ tags: [ Troubleshooting ] weight: 10 --- diff --git a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md index b4ba08920dc1..f43344eca3a2 100644 --- a/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md +++ b/content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md @@ -84,14 +84,10 @@ Following are the examples of errors on MacOS which indicate that the startup fa ### Incompatible CPU detected -> [!TIP] -> -> If you are seeing this error, check you've installed the correct Docker Desktop for your architecture. - Docker Desktop requires a processor (CPU) that supports virtualization and, more specifically, the [Apple Hypervisor framework](https://developer.apple.com/library/mac/documentation/DriversKernelHardware/Reference/Hypervisor/). -Docker Desktop is only compatible with Mac systems that have a CPU that supports the Hypervisor framework. Most Macs built in 2010 and later support it, as described in the Apple Hypervisor Framework documentation about supported hardware: +Docker Desktop is only compatible with Mac systems that have a CPU that supports the Hypervisor framework. Most Macs built in 2010 and later support it,as described in the Apple Hypervisor Framework documentation about supported hardware: *Generally, machines with an Intel VT-x feature set that includes Extended Page Tables (EPT) and Unrestricted Mode are supported.* From ddde5353725acbac22fac966e6f63dc4976fe099 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 22 Jan 2025 13:49:20 -0800 Subject: [PATCH 08/10] billing: clarity on private repos (#21872) ## Description - Received a request from @sheltongraves to re-add a missing sentence from Docker Hub billing page: https://docker.slack.com/archives/C04300R4G5U/p1737576577083559 - Small nits updated too ## Related issues or tickets [ENGDOCS-2389](https://docker.atlassian.net/browse/ENGDOCS-2389?atlOrigin=eyJpIjoiZDQyMDkwMjVjZjIzNDE1OWFiYTZjNDM3YTg5MWRlNzQiLCJwIjoiaiJ9) ## Reviews - [ ] Editorial review [ENGDOCS-2389]: https://docker.atlassian.net/browse/ENGDOCS-2389?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- content/manuals/billing/docker-hub-pricing.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/manuals/billing/docker-hub-pricing.md b/content/manuals/billing/docker-hub-pricing.md index 9b97802cde7e..f1b60043e8e1 100644 --- a/content/manuals/billing/docker-hub-pricing.md +++ b/content/manuals/billing/docker-hub-pricing.md @@ -10,7 +10,7 @@ to help you understand your storage consumption and costs. > [!NOTE] > -> Docker Hub plan limits will take effect on March 1, 2025. No charge on Docker Hub image pulls +> Docker Hub plan limits will take effect on March 1, 2025. No charges on Docker Hub image pulls or storage will be incurred from December 10, 2024 and February 28, 2025. ## How storage is measured @@ -23,7 +23,7 @@ Docker Hub measures storage using: ## How storage is calculated -Docker subscription plans include a specific amount of allocated +[Docker subscription plans](/manuals/subscription/details.md) include a specific amount of allocated private repository storage: - Personal plan: Includes up to 2GB of storage. @@ -31,10 +31,10 @@ private repository storage: - Team plan: Includes up to 50GB of storage. - Business plan: Includes up to 500GB of storage. -Docker Hub determines additional charges based on your average monthly usage of private repository storage. +Docker Hub determines additional charges based on your average monthly usage of private repository storage. If a repository is private at any point within an hour, it is counted as private for the full hour. If you go over your allocated private repository storage, you will incur overage -costs. To calculate overage costs the included storage for your plan is subtracted from your average monthly +costs. To calculate overage costs, the included storage for your plan is subtracted from your average monthly usage. ## Docker Hub consumption pricing @@ -56,7 +56,7 @@ at the end of your billing cycle. ### Storage carryover -If you pre-pay for storage, your purchased storage is valid for the entire subscription period. You can use it any time during that period, and any unused portion will roll over to the next month until the subscription period ends. +If you pre-pay for storage, your purchased storage is valid for your entire subscription period. You can use it any time during that period, and any unused portion will roll over to the next month until the subscription period ends. In the following example, a customer with an annual Business plan pre-pays for 500GB of storage for the year. Their plan includes a base allocation of 500GB of storage per month. - In January, they use 510 GB-month, exceed their base allocation, and use 10GB from their pre-paid storage. Their remaining pre-paid @@ -68,7 +68,7 @@ storage is 490GB. |---------------------------------|----------|----------|---------| | Included GB-month | 500 | 500 | 500 | | Used storage in month | 510 | 450 | 600 | -| Overage in GB-month | 10 | 0 | 100 | +| Overage in GB-month | 10 | 0 | 100 | | Remaining pre-purchased storage | 490 | 490 | 390 | At the end of March, the customer has 390GB of pre-purchased storage left to use for the rest of the year. From 3dc492a0d3f04cfa4bea62c6a2b737a993949d77 Mon Sep 17 00:00:00 2001 From: tonistiigi <585223+tonistiigi@users.noreply.github.com> Date: Wed, 22 Jan 2025 23:14:27 +0000 Subject: [PATCH 09/10] vendor: github.com/docker/buildx v0.20.1 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../docker/buildx/docs/bake-reference.md | 28 +++++++ _vendor/modules.txt | 2 +- data/buildx/docker_buildx_bake.yaml | 75 +++++++++++++++++++ go.mod | 4 +- go.sum | 2 + 5 files changed, 108 insertions(+), 3 deletions(-) diff --git a/_vendor/github.com/docker/buildx/docs/bake-reference.md b/_vendor/github.com/docker/buildx/docs/bake-reference.md index 192dded4fe60..d8fd5ecc3015 100644 --- a/_vendor/github.com/docker/buildx/docs/bake-reference.md +++ b/_vendor/github.com/docker/buildx/docs/bake-reference.md @@ -221,8 +221,10 @@ The following table shows the complete list of attributes that you can assign to | [`attest`](#targetattest) | List | Build attestations | | [`cache-from`](#targetcache-from) | List | External cache sources | | [`cache-to`](#targetcache-to) | List | External cache destinations | +| [`call`](#targetcall) | String | Specify the frontend method to call for the target. | | [`context`](#targetcontext) | String | Set of files located in the specified path or URL | | [`contexts`](#targetcontexts) | Map | Additional build contexts | +| [`description`](#targetdescription) | String | Description of a target | | [`dockerfile-inline`](#targetdockerfile-inline) | String | Inline Dockerfile string | | [`dockerfile`](#targetdockerfile) | String | Dockerfile location | | [`inherits`](#targetinherits) | List | Inherit attributes from other targets | @@ -371,6 +373,13 @@ target "app" { } ``` +Supported values are: + +- `build` builds the target (default) +- `check`: evaluates [build checks](https://docs.docker.com/build/checks/) for the target +- `outline`: displays the target's build arguments and their default values if available +- `targets`: lists all Bake targets in the loaded definition, along with its [description](#targetdescription). + For more information about frontend methods, refer to the CLI reference for [`docker buildx build --call`](https://docs.docker.com/reference/cli/docker/buildx/build/#call). @@ -481,6 +490,25 @@ FROM baseapp RUN echo "Hello world" ``` +### `target.description` + +Defines a human-readable description for the target, clarifying its purpose or +functionality. + +```hcl +target "lint" { + description = "Runs golangci-lint to detect style errors" + args = { + GOLANGCI_LINT_VERSION = null + } + dockerfile = "lint.Dockerfile" +} +``` + +This attribute is useful when combined with the `docker buildx bake --list=targets` +option, providing a more informative output when listing the available build +targets in a Bake file. + ### `target.dockerfile-inline` Uses the string value as an inline Dockerfile for the build target. diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 3a19633bb399..1a83022753c9 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v27.5.0+incompatible # github.com/moby/buildkit v0.19.0 -# github.com/docker/buildx v0.20.0 +# github.com/docker/buildx v0.20.1 # github.com/docker/cli v27.5.0+incompatible # github.com/docker/compose/v2 v2.32.4 # github.com/docker/scout-cli v1.15.0 diff --git a/data/buildx/docker_buildx_bake.yaml b/data/buildx/docker_buildx_bake.yaml index 203d066a00a1..14666cf341a3 100644 --- a/data/buildx/docker_buildx_bake.yaml +++ b/data/buildx/docker_buildx_bake.yaml @@ -20,6 +20,7 @@ options: value_type: stringArray default_value: '[]' description: Allow build to access specified resources + details_url: '#allow' deprecated: false hidden: false experimental: false @@ -218,6 +219,80 @@ inherited_options: kubernetes: false swarm: false examples: |- + ### Allow extra privileged entitlement (--allow) {#allow} + + ```text + --allow=ENTITLEMENT[=VALUE] + ``` + + Entitlements are designed to provide controlled access to privileged + operations. By default, Buildx and BuildKit operates with restricted + permissions to protect users and their systems from unintended side effects or + security risks. The `--allow` flag explicitly grants access to additional + entitlements, making it clear when a build or bake operation requires elevated + privileges. + + In addition to BuildKit's `network.host` and `security.insecure` entitlements + (see [`docker buildx build --allow`](/reference/cli/docker/buildx/build/#allow), + Bake supports file system entitlements that grant granular control over file + system access. These are particularly useful when working with builds that need + access to files outside the default working directory. + + Bake supports the following filesystem entitlements: + + - `--allow fs=` - Grant read and write access to files outside of the + working directory. + - `--allow fs.read=` - Grant read access to files outside of the + working directory. + - `--allow fs.write=` - Grant write access to files outside of the + working directory. + + The `fs` entitlements take a path value (relative or absolute) to a directory + on the filesystem. Alternatively, you can pass a wildcard (`*`) to allow Bake + to access the entire filesystem. + + ### Example: fs.read + + Given the following Bake configuration, Bake would need to access the parent + directory, relative to the Bake file. + + ```hcl + target "app" { + context = "../src" + } + ``` + + Assuming `docker buildx bake app` is executed in the same directory as the + `docker-bake.hcl` file, you would need to explicitly allow Bake to read from + the `../src` directory. In this case, the following invocations all work: + + ```console + $ docker buildx bake --allow fs.read=* app + $ docker buildx bake --allow fs.read=../src app + $ docker buildx bake --allow fs=* app + ``` + + ### Example: fs.write + + The following `docker-bake.hcl` file requires write access to the `/tmp` + directory. + + ```hcl + target "app" { + output = "/tmp" + } + ``` + + Assuming `docker buildx bake app` is executed outside of the `/tmp` directory, + you would need to allow the `fs.write` entitlement, either by specifying the + path or using a wildcard: + + ```console + $ docker buildx bake --allow fs=/tmp app + $ docker buildx bake --allow fs.write=/tmp app + $ docker buildx bake --allow fs.write=* app + ``` + ### Override the configured builder instance (--builder) {#builder} Same as [`buildx --builder`](/reference/cli/docker/buildx/#builder). diff --git a/go.mod b/go.mod index 500a6b9e9f24..595dcbb688bc 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/docker/docs go 1.23.1 require ( - github.com/docker/buildx v0.20.0 // indirect + github.com/docker/buildx v0.20.1 // indirect github.com/docker/cli v27.5.0+incompatible // indirect github.com/docker/compose/v2 v2.32.4 // indirect github.com/docker/scout-cli v1.15.0 // indirect @@ -12,7 +12,7 @@ require ( ) replace ( - github.com/docker/buildx => github.com/docker/buildx v0.20.0 + github.com/docker/buildx => github.com/docker/buildx v0.20.1 github.com/docker/cli => github.com/docker/cli v27.5.0+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.32.4 github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0 diff --git a/go.sum b/go.sum index ba47eca2db11..76a15346c1eb 100644 --- a/go.sum +++ b/go.sum @@ -90,6 +90,8 @@ github.com/docker/buildx v0.19.2 h1:2zXzgP2liQKgQ5BiOqMc+wz7hfWgAIMWw5MR6QDG++I= github.com/docker/buildx v0.19.2/go.mod h1:k4WP+XmGRYL0a7l4RZAI2TqpwhuAuSQ5U/rosRgFmAA= github.com/docker/buildx v0.20.0 h1:XM2EvwEfohbxLPAheVm03biNHpspB/dA6U9F0c6yJsI= github.com/docker/buildx v0.20.0/go.mod h1:VVi4Nvo4jd/IkRvwyExbIyW7u82fivK61MRx5I0oKic= +github.com/docker/buildx v0.20.1 h1:q88EfoYwrWEKVqNb9stOFq8fUlFp/OPlDcFE+QUYZBM= +github.com/docker/buildx v0.20.1/go.mod h1:VVi4Nvo4jd/IkRvwyExbIyW7u82fivK61MRx5I0oKic= github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM= github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw= From 48cb69f82c418f878e084e41ebec7665c1f5c1d0 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 23 Jan 2025 10:39:57 +0100 Subject: [PATCH 10/10] build-ui: release notes for 4.36 and 4.37 (#21866) ## Description Missing release notes for the build UI. ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/manuals/desktop/release-notes.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 77e393ef4eee..edc23caed501 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -92,6 +92,11 @@ Take a look at the [Docker Public Roadmap](https://github.com/orgs/docker/projec - Fixed a bug where resetting default settings would also reset the CLI context. - Fixed a bug where the Docker Desktop Dashboard would get out of sync with the Docker daemon after restarting the engine while in Resource Saver mode (Windows with WSL2 backend only) or after switching engines (macOS). - Fixed a bug where Resource Saver mode would fail to re-engage after restarting the engine while in Resource Saver mode. +- Build UI: + - Fixed a bug where the source file could not be found for some builds. + - Fixed a bug where error logs were not displayed in the **Source** tab. + - Fixed a bug where users had to scroll to the bottom for error logs in **Source** tab. + - Fixed a bug where timestamps would be broken in the **Logs** tab. #### For Mac @@ -178,6 +183,13 @@ Take a look at the [Docker Public Roadmap](https://github.com/orgs/docker/projec - Fixed a bug that restricted containers using `--network=host` to 18 open host ports. - Fixed bind mount ownership for non-root containers. Fixes [docker/for-mac#6243](https://github.com/docker/for-mac/issues/6243). - Docker Desktop will not unpause automatically after a manual pause. The system will stay paused until you manually resume the Docker engine. This fixes a bug where other software would accidentally trigger a resume by running a CLI command in the background. Fixes [for-mac/#6908](https://github.com/docker/for-mac/issues/6908) +- Build UI: + - The **Source** tab now supports multiple source files. + - Links for image dependencies in the **Info** tab now support other well-known registries such as GitHub, Google, and GitLab. + - Disabled the **Delete** button if only cloud builds are selected. + - Fixed an issue where users were unable to delete builds. + - Fixed malformed Jaeger traces that were missing events and links. + - Fixed missing export attributes when building with the cloud driver. #### For Mac