From d9c1469b73f8cc1742693ee19dda1619415f6d4e Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Mon, 9 Dec 2024 12:57:51 +0100
Subject: [PATCH 1/6] build: add oci-artifact exporter opt

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 .../manuals/build/exporters/image-registry.md |  2 +
 .../build/metadata/attestations/_index.md     | 81 +++++++++++++++++++
 2 files changed, 83 insertions(+)

diff --git a/content/manuals/build/exporters/image-registry.md b/content/manuals/build/exporters/image-registry.md
index f807c2980a4f..159be14265fa 100644
--- a/content/manuals/build/exporters/image-registry.md
+++ b/content/manuals/build/exporters/image-registry.md
@@ -37,6 +37,7 @@ The following table describes the available parameters that you can pass to
 | `force-compression`    | `true`,`false`                         | `false` | Forcefully apply compression, see [compression][1]                                                                                                                                                                                  |
 | `rewrite-timestamp`    | `true`,`false`                         | `false` | Rewrite the file timestamps to the `SOURCE_DATE_EPOCH` value. See [build reproducibility][4] for how to specify the `SOURCE_DATE_EPOCH` value.                                                                                      |
 | `oci-mediatypes`       | `true`,`false`                         | `false` | Use OCI media types in exporter manifests, see [OCI Media types][2]                                                                                                                                                                 |
+| `oci-artifact`         | `true`,`false`                         | `false` | Attestations are formatted as OCI artifacts, see [OCI Media types][2]                                                                                                                                                               |
 | `unpack`               | `true`,`false`                         | `false` | Unpack image after creation (for use with containerd)                                                                                                                                                                               |
 | `store`                | `true`,`false`                         | `true`  | Store the result images to the worker's (for example, containerd) image store, and ensures that the image has all blobs in the content store. Ignored if the worker doesn't have image store (when using OCI workers, for example). |
 | `annotation.<key>`     | String                                 |         | Attach an annotation with the respective `key` and `value` to the built image,see [annotations][3]                                                                                                                                  |
@@ -45,6 +46,7 @@ The following table describes the available parameters that you can pass to
 [2]: _index.md#oci-media-types
 [3]: #annotations
 [4]: https://github.com/moby/buildkit/blob/master/docs/build-repro.md
+[5]: /manuals/build/metadata/attestations/_index.md#attestations-as-oci-artifacts
 
 ## Annotations
 
diff --git a/content/manuals/build/metadata/attestations/_index.md b/content/manuals/build/metadata/attestations/_index.md
index fc9530a05b5e..e18977bf4679 100644
--- a/content/manuals/build/metadata/attestations/_index.md
+++ b/content/manuals/build/metadata/attestations/_index.md
@@ -95,6 +95,8 @@ the attestations to an image manifest, since it's outputting a directory of
 files or a tarball, not an image. Instead, these exporters write the
 attestations to one or more JSON files in the root directory of the export.
 
+## Example
+
 The following example shows a truncated in-toto JSON representation of an SBOM
 attestation.
 
@@ -161,6 +163,85 @@ attestation.
 To deep-dive into the specifics about how attestations are stored, see
 [Image Attestation Storage (BuildKit)](attestation-storage.md).
 
+## Attestation manifest format
+
+Attestations are stored as manifests, referenced by the image's index. Each
+_attestation manifest_ refers to a single _image manifest_ (one
+platform-variant of the image). Attestation manifests contain a single layer,
+the "value" of the attestation.
+
+The following example shows the structure of an attestation manifest:
+
+```json
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "size": 167,
+    "digest": "sha256:916d7437a36dd0e258e64d9c5a373ca5c9618eeb1555e79bd82066e593f9afae"
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.in-toto+json",
+      "size": 1833349,
+      "digest": "sha256:3138024b98ed5aa8e3008285a458cd25a987202f2500ce1a9d07d8e1420f5491",
+      "annotations": {
+        "in-toto.io/predicate-type": "https://spdx.dev/Document"
+      }
+    }
+  ]
+}
+```
+
+### Attestations as OCI artifacts
+
+You can configure the format of the attestation manifest using the
+[`oci-artifact` option](/manuals/build/exporters/image-registry.md#synopsis)
+for the `image` and `registry` exporters. If set to `true`, the structure of
+the attestation manifest changes as follows:
+
+- An `artifactType` field is added to the attestation manifest, with a value of `application/vnd.docker.attestation.manifest.v1+json`.
+- The `config` field is an [empty descriptor] instead of a "dummy" config.
+- A `subject` field is also added, pointing to the image manifest that the attestation refers to.
+
+[empty descriptor]: https://github.com/opencontainers/image-spec/blob/main/manifest.md#guidance-for-an-empty-descriptor
+
+The following example shows an attestation with the OCI artifact format:
+
+```json
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "artifactType": "application/vnd.docker.attestation.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.empty.v1+json",
+    "size": 2,
+    "digest": "sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
+    "data": "e30="
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.in-toto+json",
+      "size": 2208,
+      "digest": "sha256:6d2f2c714a6bee3cf9e4d3cb9a966b629efea2dd8556ed81f19bd597b3325286",
+      "annotations": {
+        "in-toto.io/predicate-type": "https://slsa.dev/provenance/v0.2"
+      }
+    }
+  ],
+  "subject": {
+    "mediaType": "application/vnd.oci.image.manifest.v1+json",
+    "size": 1054,
+    "digest": "sha256:bc2046336420a2852ecf915786c20f73c4c1b50d7803aae1fd30c971a7d1cead",
+    "platform": {
+      "architecture": "amd64",
+      "os": "linux"
+    }
+  }
+}
+```
+
 ## What's next
 
 Learn more about the available attestation types and how to use them:

From 1a9dc69bd0c2f425673ad3ca088b5b8cd947f004 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Fri, 17 Jan 2025 17:06:00 +0100
Subject: [PATCH 2/6] chore: tidy templates, add comments

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 layouts/_default/search.html            |  8 ++++++++
 layouts/index.metadata.json             |  2 +-
 layouts/index.redirects.json            | 22 ++++++++++++++++++++++
 layouts/index.robots.txt                |  6 ++++++
 layouts/partials/github-links.html      |  5 +++++
 layouts/partials/head.html              | 11 -----------
 layouts/partials/meta.html              |  9 ++++-----
 layouts/partials/pagemeta.html          |  7 +++++++
 layouts/partials/search-bar.html        |  8 ++++++++
 layouts/partials/sidebar/guides.html    |  8 ++++++++
 layouts/partials/sidebar/mainnav.html   |  6 ++++++
 layouts/partials/sidebar/sections.html  |  8 ++++++++
 layouts/partials/sidebar/tags.html      |  5 +++++
 layouts/partials/tooltip.html           |  4 ++++
 layouts/partials/utils/css.html         |  5 +++++
 layouts/partials/utils/description.html |  6 ++++++
 layouts/partials/utils/keywords.html    |  6 ++++++
 layouts/partials/utils/title.html       | 17 -----------------
 layouts/sitemap.xml                     |  5 +++++
 tailwind.config.js                      |  6 ------
 20 files changed, 114 insertions(+), 40 deletions(-)
 delete mode 100644 layouts/partials/utils/title.html

diff --git a/layouts/_default/search.html b/layouts/_default/search.html
index 1f9a03e168ab..f4e70cfe061f 100644
--- a/layouts/_default/search.html
+++ b/layouts/_default/search.html
@@ -35,6 +35,14 @@ <h1 class="py-4">{{ .Title }}</h1>
     window.addEventListener("load", async function () {
       // Hydrate pagefind
       pagefind = await import("/pagefind/pagefind.js");
+      await pagefind.options({
+        ranking: {
+          termFrequency: 0.2,
+          pageLength: 0.75,
+          termSaturation: 1.4,
+          termSimilarity: 6.0,
+        },
+      });
 
       // Get the query parameter from the URL
       const urlParams = new URLSearchParams(window.location.search);
diff --git a/layouts/index.metadata.json b/layouts/index.metadata.json
index e3426bb18d26..acfaf21f2b80 100644
--- a/layouts/index.metadata.json
+++ b/layouts/index.metadata.json
@@ -1,6 +1,6 @@
 [
 {{- range where site.Pages "Params.sitemap" "!=" false -}}
-  {{- $title := partialCached "utils/title.html" . . -}}
+  {{- $title := .LinkTitle -}}
   {{- $desc := partialCached "utils/description.html" . . -}}
   {{- $kwd := partialCached "utils/keywords.html" . . -}}
   {{- $tags := slice -}}
diff --git a/layouts/index.redirects.json b/layouts/index.redirects.json
index 5add5074019b..6229dfc8d185 100644
--- a/layouts/index.redirects.json
+++ b/layouts/index.redirects.json
@@ -1,3 +1,25 @@
+{{- /*
+
+  This template generates the redirects.json file used to generate 301
+  redirects in production. It takes all the redirects defined in
+  data/redirects.yml, as well as all the aliases defined in front matter, and
+  outputs a simple key-value JSON file:
+
+  {
+    "<request-path>": "<redirect-path>",
+    ...
+  }
+
+  e.g.
+
+  {
+    "/engine/reference/builder/": "/reference/dockerfile/",
+    ...
+  }
+
+  */
+-}}
+
 {{- $redirects := newScratch }}
 {{- range $i, $e := site.AllPages -}} 
   {{- if .Params.aliases -}}
diff --git a/layouts/index.robots.txt b/layouts/index.robots.txt
index d3590928c9e8..3e9a658fdf96 100644
--- a/layouts/index.robots.txt
+++ b/layouts/index.robots.txt
@@ -1,3 +1,9 @@
+{{- /*
+	For Netlify deployments, we disallow all routes to prevent search
+	engines from indexing our preview sites.
+	*/
+-}}
+
 {{- if hugo.IsProduction -}}
 User-agent: *
 
diff --git a/layouts/partials/github-links.html b/layouts/partials/github-links.html
index 75ce8d543290..1f7e518b7393 100644
--- a/layouts/partials/github-links.html
+++ b/layouts/partials/github-links.html
@@ -1,3 +1,8 @@
+{{- /*
+  Adds links for editing the page or requesting changes:
+  - "Edit this page": Only in production, skips files from `_vendor/` (upstream repositories).
+  - "Request changes": Links to a pre-filled issue form.
+*/ -}}
 {{ if hugo.IsProduction }}
 {{ with .File }}
 {{ if not (in .Filename "/_vendor/") }}
diff --git a/layouts/partials/head.html b/layouts/partials/head.html
index cadc04249b8e..0edada5a576b 100644
--- a/layouts/partials/head.html
+++ b/layouts/partials/head.html
@@ -1,16 +1,5 @@
 <meta charset="utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
-<script type="module">
-const pagefind = await import("/pagefind/pagefind.js");
-await pagefind.options({
-  ranking: {
-    termFrequency: 0.2,
-    pageLength: 0.75,
-    termSaturation: 1.4,
-    termSimilarity: 6.0,
-  },
-});
-</script>
 {{ partial "meta.html" . }}
 {{- if hugo.IsProduction -}}
   <script
diff --git a/layouts/partials/meta.html b/layouts/partials/meta.html
index d89f7391f9aa..56692711320e 100644
--- a/layouts/partials/meta.html
+++ b/layouts/partials/meta.html
@@ -1,10 +1,9 @@
-{{ $title := partial "utils/title.html" . }}
 {{ $description := partial "utils/description.html" . }}
 {{ if .IsHome }}
   <title>{{ site.Title }}</title>
 {{ else }}
   <title>
-    {{ printf "%s | %s" $title site.Title }}
+    {{ printf "%s | %s" .LinkTitle site.Title }}
   </title>
 {{ end }}
 {{ if or (eq .Params.sitemap false) (not hugo.IsProduction) }}
@@ -22,7 +21,7 @@
 <meta name="theme-color" content="#2496ed" />
 
 <!-- SEO -->
-<meta name="twitter:title" itemprop="title name" content="{{ $title }}" />
+<meta name="twitter:title" itemprop="title name" content="{{ .LinkTitle }}" />
 <meta
   name="twitter:description"
   property="og:description"
@@ -38,7 +37,7 @@
   content="{{ (resources.Get "images/thumbnail.webp").Permalink }}"
 />
 <meta name="twitter:image:alt" content="Docker Documentation" />
-<meta property="og:title" content="{{ $title }}" />
+<meta property="og:title" content="{{ .LinkTitle }}" />
 <meta property="og:description" content="{{ $description }}" />
 <meta property="og:type" content="website" />
 <meta
@@ -59,4 +58,4 @@
   itemprop="datePublished"
   content="{{ .PublishDate | default .Lastmod }}"
 />
-  <script type="application/ld+json">{"@context":"https://schema.org","@type":"WebPage","headline":{{ $title | jsonify }},"description":{{ $description | jsonify }},"url":"{{ .Permalink }}"}</script>
+  <script type="application/ld+json">{"@context":"https://schema.org","@type":"WebPage","headline":{{ .LinkTitle | jsonify }},"description":{{ $description | jsonify }},"url":"{{ .Permalink }}"}</script>
diff --git a/layouts/partials/pagemeta.html b/layouts/partials/pagemeta.html
index f799522409eb..426897e23e74 100644
--- a/layouts/partials/pagemeta.html
+++ b/layouts/partials/pagemeta.html
@@ -1,3 +1,10 @@
+{{- /*
+  Renders a table of contents (ToC) for the page.
+  - Uses `.Fragments.Headings` to generate a nested ToC if headings exist and `notoc` is not set to `true`.
+  - Limits heading levels to a min and max range (`$min` and `$max`).
+  - Wraps the ToC in a `data-pagefind-ignore` container to exclude it from search indexing.
+  - Includes a recursive template (`walkHeadingFragments`) to handle nested headings.
+*/ -}}
 {{- $toc := false }}
 {{- with .Fragments }}
   {{- $toc = and (ne page.Params.notoc true) .Headings }}
diff --git a/layouts/partials/search-bar.html b/layouts/partials/search-bar.html
index 72da1f4e5c0e..6595e32d3ff7 100644
--- a/layouts/partials/search-bar.html
+++ b/layouts/partials/search-bar.html
@@ -43,6 +43,14 @@
   <script type="module">
     window.addEventListener("load", async function () {
       const pagefind = await import("/pagefind/pagefind.js");
+      await pagefind.options({
+        ranking: {
+          termFrequency: 0.2,
+          pageLength: 0.75,
+          termSaturation: 1.4,
+          termSimilarity: 6.0,
+        },
+      });
 
       const searchBarInput = document.querySelector("#search-bar-input");
       const searchBarResults = document.querySelector(
diff --git a/layouts/partials/sidebar/guides.html b/layouts/partials/sidebar/guides.html
index 18a40510f1ce..6a51b3474d2a 100644
--- a/layouts/partials/sidebar/guides.html
+++ b/layouts/partials/sidebar/guides.html
@@ -1,3 +1,11 @@
+{{- /*
+  Renders a sidebar for pages in the `/guides` section.
+  - Detects if the current page is part of a multipage guide (`.Store.Set "multipage"`).
+  - Displays the section's title, summary, languages, tags, and estimated time (`Params.time`).
+  - Includes a stepper navigation (`guides-stepper.html`) for multipage guides.
+  - Optionally lists resource links from `Params.resource_links`.
+  - Provides a link back to the main `/guides/` index.
+*/ -}}
 <div class="flex flex-col gap-4 px-4 pt-2">
   {{- $root := . }}
   {{- .Store.Set "multipage" false }}
diff --git a/layouts/partials/sidebar/mainnav.html b/layouts/partials/sidebar/mainnav.html
index 8c2ffe35c644..7055a6f79f6e 100644
--- a/layouts/partials/sidebar/mainnav.html
+++ b/layouts/partials/sidebar/mainnav.html
@@ -1,3 +1,9 @@
+{{- /*
+  Complements the section-specific sidebar navigation.
+  - Renders the main navigation for site sections, linking to the current or ancestor section/page.
+  - Uses the `site.Menus.main` configuration to determine primary navigation structure.
+  - Toggles visibility of nested menu items for the main sections.
+*/ -}}
 <!-- Main navigation for the sidebar -->
 <div class="py-2 px-4" x-data="{ expanded: false }">
   <div class="flex w-full items-center justify-between">
diff --git a/layouts/partials/sidebar/sections.html b/layouts/partials/sidebar/sections.html
index d166b61e21a6..168c534f89de 100644
--- a/layouts/partials/sidebar/sections.html
+++ b/layouts/partials/sidebar/sections.html
@@ -1,3 +1,11 @@
+{{- /*
+  This template recursively renders the sidebar navigation, grouping pages by `Params.sidebar.groups`.
+  Highlights:
+  - Supports hierarchical navigation with collapsible sections (`renderList` template).
+  - Dynamically applies current page highlighting and expanded states.
+  - Handles external links via `Params.sidebar.goto` in `renderSingle`.
+  - Requires `Params.sitemap` and `Params.sidebar` for filtering and behavior.
+*/ -}}
 <!-- section tree -->
 <nav class="md:text-sm flex flex-col">
   <div
diff --git a/layouts/partials/sidebar/tags.html b/layouts/partials/sidebar/tags.html
index e4a8ae9c1ce0..fd1e70d0ce8f 100644
--- a/layouts/partials/sidebar/tags.html
+++ b/layouts/partials/sidebar/tags.html
@@ -1,3 +1,8 @@
+{{- /*
+  Renders a flat list of tags for the "tags" taxonomy.
+  - Unlike `sections.html`, this template is based on taxonomy terms, not section pages.
+  - Highlights the current tag page and links to all tag pages.
+*/ -}}
 <ul class="md:text-sm">
   {{- range site.Taxonomies.tags }}
     <li class="pl-4 hover:text-blue-light hover:dark:text-blue-dark
diff --git a/layouts/partials/tooltip.html b/layouts/partials/tooltip.html
index 51020d05718b..5c4cc30be6e7 100644
--- a/layouts/partials/tooltip.html
+++ b/layouts/partials/tooltip.html
@@ -1,3 +1,7 @@
+{{- /*
+  Renders a tooltip component using Floating UI for positioning.
+  See script at `assets/js/src/tooltip.js` for functionality.
+*/ -}}
 <div data-tooltip-wrapper>
   <div data-tooltip-button class="icon-svg flex items-center text-blue-light dark:text-blue-dark">
     {{ partialCached "icon" "help" "help" }}
diff --git a/layouts/partials/utils/css.html b/layouts/partials/utils/css.html
index 88e48d59f633..5278447a177d 100644
--- a/layouts/partials/utils/css.html
+++ b/layouts/partials/utils/css.html
@@ -1,3 +1,8 @@
+{{- /*
+  Processes and links the main CSS file (`assets/css/styles.css`).
+  - Applies PostCSS, minification, fingerprinting, and post-processing in production.
+  - Adds inline CSS to hide injected images in production builds.
+*/ -}}
 {{ $styles := resources.Get "css/styles.css" }}
 {{ $styles = $styles | css.PostCSS }}
 {{ if hugo.IsProduction }}
diff --git a/layouts/partials/utils/description.html b/layouts/partials/utils/description.html
index 41dea9c8f280..fde917161e34 100644
--- a/layouts/partials/utils/description.html
+++ b/layouts/partials/utils/description.html
@@ -1,3 +1,9 @@
+{{- /*
+  Utility template to extract a description for the current page.
+  - Prioritizes `.Description` or falls back to front matter in `site.Data.frontmatter`.
+  - Replaces newlines with spaces and trims trailing spaces.
+  - Designed for reuse via `partial` calls to generate meta descriptions or similar content.
+*/ -}}
 {{ $desc := "" }}
 {{ if .Description }}
   {{ $desc = strings.Replace .Description "\n" " " }}
diff --git a/layouts/partials/utils/keywords.html b/layouts/partials/utils/keywords.html
index 29bfaeece946..bbcfff56b01a 100644
--- a/layouts/partials/utils/keywords.html
+++ b/layouts/partials/utils/keywords.html
@@ -1,3 +1,9 @@
+{{- /*
+  Utility template to extract keywords for the current page.
+  - Uses `.Keywords` if available or falls back to front matter in `site.Data.frontmatter`.
+  - Cleans and trims keywords, joining them into a comma-separated string.
+  - Intended for reuse in meta tags or other keyword-based contexts.
+*/ -}}
 {{ $keywords := "" }}
 {{ if .Keywords }}
   {{ $keywords = collections.Apply .Keywords "strings.Trim" "." ", " }}
diff --git a/layouts/partials/utils/title.html b/layouts/partials/utils/title.html
deleted file mode 100644
index 101b8baf1ff2..000000000000
--- a/layouts/partials/utils/title.html
+++ /dev/null
@@ -1,17 +0,0 @@
-{{ $title := "" }}
-{{ if .LinkTitle }}
-  {{ $title = .LinkTitle }}
-{{ else }}
-  {{ $title = index (findRE `# .*` .RawContent) 0 | strings.TrimLeft "# " }}
-  {{ with .File }}
-    {{ with (index (site.Data.frontmatter) .Path) }}
-      {{ with .title }}
-        {{ $title = . }}
-      {{ end }}
-    {{ end }}
-    {{ if not $title }}
-      {{ $title = strings.ReplaceRE "[-_]" " " .TranslationBaseName }}
-    {{ end }}
-  {{ end }}
-{{ end }}
-{{ return $title }}
diff --git a/layouts/sitemap.xml b/layouts/sitemap.xml
index 3468e5abe192..0c8f565eff16 100644
--- a/layouts/sitemap.xml
+++ b/layouts/sitemap.xml
@@ -1,3 +1,8 @@
+{{- /*
+  Requires the file `static/sitemap.xsl` to exist for the XSL styling to work.
+  If missing, the sitemap will lack the associated styling.
+  */
+-}}
 {{ printf "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>" | safeHTML }}
 {{ printf "<?xml-stylesheet type=\"text/xsl\" href=\"%s\"?>" (urls.AbsURL "sitemap.xsl") | safeHTML }}
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
diff --git a/tailwind.config.js b/tailwind.config.js
index b02e5903a22b..b71287b50f00 100644
--- a/tailwind.config.js
+++ b/tailwind.config.js
@@ -43,12 +43,6 @@ module.exports = {
           },
         },
       }),
-
-      gridTemplateColumns: {
-        'main-xl': 'minmax(300px, 1fr) minmax(100ch, 1fr) 1fr',
-        'main-lg': '300px minmax(75ch, 2fr) 1fr',
-        'main-md': '250px 1fr',
-      },
     },
 
     // theme values

From 71052e0679fd935e0b985f545d0cfb7a43cb5650 Mon Sep 17 00:00:00 2001
From: Sarah Sanders <sarah.sanders@docker.com>
Date: Fri, 24 Jan 2025 07:52:54 -0800
Subject: [PATCH 3/6] security: add FAQ for domain verification (#21888)

## Description
- Kapa had an [uncertain
response](https://app.kapa.ai/6e2e867c-43a5-47b9-8f1f-9f092b5d81b3/conversations/4f6c5bd9-6814-4e77-9b29-6b9109ab5845)
when a user asked about verifying a domain for multiple orgs
- Added FAQ to add as a Kapa source for improved answer

## Related issues or tickets
https://docker.atlassian.net/browse/ENGDOCS-2384

## Reviews
- [ ] Editorial review
---
 content/manuals/security/faqs/single-sign-on/domain-faqs.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/content/manuals/security/faqs/single-sign-on/domain-faqs.md b/content/manuals/security/faqs/single-sign-on/domain-faqs.md
index 1946068befcc..805a45be66d7 100644
--- a/content/manuals/security/faqs/single-sign-on/domain-faqs.md
+++ b/content/manuals/security/faqs/single-sign-on/domain-faqs.md
@@ -23,3 +23,7 @@ Adding and verifying a domain is required to enable and enforce SSO. See [Config
 ### Is IdP-initiated authentication supported?
 
 IdP-initiated authentication isn't supported by Docker SSO. Users must initiate sign-in through Docker Desktop or Hub.
+
+### Can I verify the same domain on multiple organizations?
+
+You can't verify the same domain for multiple orgnaizations at the organization level. If you want to verify one domain for multiple organizations, you must have a Docker Business subscription, and [create a company](/manuals/admin/company/new-company.md). A company enables centralized management of organizations and allows domain verification at the company level.

From 9e3da36298585a0423c116bac4c9dc7f7f563342 Mon Sep 17 00:00:00 2001
From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
Date: Fri, 24 Jan 2025 16:24:19 +0000
Subject: [PATCH 4/6] ENGDOCS-2394 (#21892)

<!--Delete sections as needed -->

## Description

https://docker.slack.com/archives/C07J5KCP3GD/p1737481775573619

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
---
 content/includes/hub-limits.md                |  2 +-
 content/manuals/_index.md                     |  2 +-
 content/manuals/billing/docker-hub-pricing.md |  2 +-
 content/manuals/subscription/details.md       | 10 +++++-----
 content/manuals/subscription/scale.md         |  6 +++---
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/content/includes/hub-limits.md b/content/includes/hub-limits.md
index 69373200884f..58f37ef1982b 100644
--- a/content/includes/hub-limits.md
+++ b/content/includes/hub-limits.md
@@ -4,5 +4,5 @@
 > [!NOTE]
 >
 > The Docker Hub plan limits will take effect on March 1, 2025. No charges on
-> Docker Hub image pulls or storage will be incurred between December 10, 2024,
+> Docker Hub pulls or storage will be incurred between December 10, 2024,
 > and February 28, 2025.
\ No newline at end of file
diff --git a/content/manuals/_index.md b/content/manuals/_index.md
index 31252a51cae6..7aea7a82fa98 100644
--- a/content/manuals/_index.md
+++ b/content/manuals/_index.md
@@ -51,7 +51,7 @@ params:
     description: Customize your Docker Desktop workflow.
     icon: extension
     link: /extensions/
-  - title: Testcontainers cloud
+  - title: Testcontainers Cloud
     description: Run integration tests, with real dependencies, in the cloud.
     icon: package_2
     link: https://testcontainers.com/cloud/docs/
diff --git a/content/manuals/billing/docker-hub-pricing.md b/content/manuals/billing/docker-hub-pricing.md
index f1b60043e8e1..3c8aa40f023e 100644
--- a/content/manuals/billing/docker-hub-pricing.md
+++ b/content/manuals/billing/docker-hub-pricing.md
@@ -10,7 +10,7 @@ to help you understand your storage consumption and costs.
 
 > [!NOTE]
 >
-> Docker Hub plan limits will take effect on March 1, 2025. No charges on Docker Hub image pulls
+> Docker Hub plan limits will take effect on March 1, 2025. No charges on Docker Hub pulls
 or storage will be incurred from December 10, 2024 and February 28, 2025.
 
 ## How storage is measured
diff --git a/content/manuals/subscription/details.md b/content/manuals/subscription/details.md
index b4158c92bf09..a36ce673361e 100644
--- a/content/manuals/subscription/details.md
+++ b/content/manuals/subscription/details.md
@@ -69,7 +69,7 @@ Testcontainers Cloud.
 
 Docker Pro includes:
 
-- 200 Docker Build Cloud minutes per month.
+- 200 Docker Build Cloud build minutes per month.
 - 2 included repositories with continuous vulnerability analysis in Docker Scout.
 - 100 Testcontainers Cloud runtime minutes per month for use either in Docker Desktop or for CI.
 - No Docker Hub image pull rate limits.
@@ -89,7 +89,7 @@ Docker Hub, Docker Scout, Docker Build Cloud, and Testcontainers Cloud.
 
 Docker Team includes:
 
-- 500 Docker Build Cloud minutes per month.
+- 500 Docker Build Cloud build minutes per month.
 - Unlimited Docker Scout repositories with continuous vulnerability analysis.
 - 500 Testcontainers Cloud runtime minutes per month for use either in Docker Desktop or for CI.
 - No Docker Hub image pull rate limits.
@@ -113,7 +113,7 @@ Build Cloud, and Testcontainers Cloud.
 
 Docker Business includes:
 
-- 1500 Docker Build Cloud minutes per month.
+- 1500 Docker Build Cloud build minutes per month.
 - Unlimited Docker Scout repositories with continuous vulnerability analysis.
 - 1500 Testcontainers Cloud runtime minutes per month for use either in Docker Desktop or
   for CI.
@@ -193,7 +193,7 @@ For a list of features available in each legacy tier, see [Legacy Docker Pricing
 
 When you upgrade your Legacy Docker Pro plan to a Docker Pro subscription plan, your plan includes the following changes:
 
-- Docker Build Cloud minutes increased from 100/month to 200/month and no monthly fee.
+- Docker Build Cloud build minutes increased from 100/month to 200/month and no monthly fee.
 - 2 included repositories with continuous vulnerability analysis in Docker Scout.
 - 100 Testcontainers Cloud runtime minutes are now included for use either in Docker Desktop or for CI.
 - Docker Hub image pull rate limits are removed.
@@ -226,7 +226,7 @@ For a list of features available in each legacy tier, see [Legacy Docker Pricing
 When you upgrade your Legacy Docker Team plan to a Docker Team subscription plan, your plan includes the following changes:
 
 - Instead of paying an additional per-seat fee, Docker Build Cloud is now available to all users in your Docker plan.
-- Docker Build Cloud minutes increase from 400/mo to 500/mo.
+- Docker Build Cloud build minutes increase from 400/mo to 500/mo.
 - Docker Scout now includes unlimited repositories with continuous vulnerability analysis, an increase from 3.
 - 500 Testcontainers Cloud runtime minutes are now included for use either in Docker Desktop or for CI.
 - Docker Hub image pull rate limits are removed.
diff --git a/content/manuals/subscription/scale.md b/content/manuals/subscription/scale.md
index 9f3f51f2e7f5..fbe9719cd75c 100644
--- a/content/manuals/subscription/scale.md
+++ b/content/manuals/subscription/scale.md
@@ -30,7 +30,7 @@ amount of consumption. You can scale your consumption at any time during your su
 
 You can scale consumption for the following:
 
-- Docker Build Cloud minutes
+- Docker Build Cloud build minutes
 - Docker Testcontainers Cloud runtime minutes
 - Docker Hub storage and image pulls
 
@@ -38,9 +38,9 @@ To better understand your needs, you can view your consumption at any time. For
 more details, see [View Docker product
 usage](../admin/organization/manage-products.md#view-docker-product-usage).
 
-## Add Docker Build Cloud minutes
+## Add Docker Build Cloud build minutes
 
-You can pre-purchase Docker Build Cloud minutes in the Docker Build Cloud Dashboard:
+You can pre-purchase Docker Build Cloud build minutes in the Docker Build Cloud Dashboard:
 
 1. Sign in to [Docker Home](https://app.docker.com/).
 2. Under Settings and administration, select **Billing**.

From b9a3f191a9bf9902eb3a024d6e46c42182c4c191 Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Thu, 19 Dec 2024 14:16:39 +0100
Subject: [PATCH 5/6] build: add manuals section about named contexts

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 content/manuals/build/concepts/context.md | 190 ++++++++++++++++++++++
 1 file changed, 190 insertions(+)

diff --git a/content/manuals/build/concepts/context.md b/content/manuals/build/concepts/context.md
index cb5a41c4d443..2818bec9b7b6 100644
--- a/content/manuals/build/concepts/context.md
+++ b/content/manuals/build/concepts/context.md
@@ -567,3 +567,193 @@ README-secret.md
 
 All of the README files are included. The middle line has no effect because
 `!README*.md` matches `README-secret.md` and comes last.
+
+## Named contexts
+
+In addition to the default build context (the positional argument to the
+`docker build` command), you can also pass additional named contexts to builds.
+
+Named contexts are specified using the `--build-context` flag, followed by a
+name-value pair. This lets you include files and directories from multiple
+sources during the build, while keeping them logically separated.
+
+```console
+$ docker build --build-context docs=./docs .
+```
+
+In this example:
+
+- The named `docs` context points to the `./docs` directory.
+- The default context (`.`) points to the current working directory.
+
+### Using named contexts in a Dockerfile
+
+Dockerfile instructions can reference named contexts as if they are stages in a
+multi-stage build.
+
+For example, the following Dockerfile:
+
+1. Uses a `COPY` instruction to copy files from the default context into the
+   current build stage.
+2. Bind mounts the files in a named context to process the files as part of the
+   build.
+
+```dockerfile
+# syntax=docker/dockerfile:1
+FROM buildbase
+WORKDIR /app
+
+# Copy all files from the default context into /app/src in the build container
+COPY . /app/src
+RUN make bin
+
+# Mount the files from the named "docs" context to build the documentation
+RUN --mount=from=docs,target=/app/docs \
+    make manpages
+```
+
+### Use cases for named contexts
+
+Using named contexts allows for greater flexibility and efficiency when
+building Docker images. Here are some scenarios where using named contexts can
+be useful:
+
+#### Example: combine local and remote sources
+
+You can define separate named contexts for different types of sources. For
+example, consider a project where the application source code is local, but the
+deployment scripts are stored in a Git repository:
+
+```console
+$ docker build --build-context scripts=https://github.com/user/deployment-scripts.git .
+```
+
+In the Dockerfile, you can use these contexts independently:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+FROM alpine:latest
+
+# Copy application code from the main context
+COPY . /opt/app
+
+# Run deployment scripts using the remote "scripts" context
+RUN --mount=from=scripts,target=/scripts /scripts/main.sh
+```
+
+#### Example: dynamic builds with custom dependencies
+
+In some scenarios, you might need to dynamically inject configuration files or
+dependencies into the build from external sources. Named contexts make this
+straightforward by allowing you to mount different configurations without
+modifying the default build context.
+
+```console
+$ docker build --build-context config=./configs/prod .
+```
+
+Example Dockerfile:
+
+```dockerfile
+# syntax=docker/dockerfile:1
+FROM nginx:alpine
+
+# Use the "config" context for environment-specific configurations
+COPY --from=config nginx.conf /etc/nginx/nginx.conf
+```
+
+#### Example: pin or override images
+
+You can refer to named contexts in a Dockerfile the same way you can refer to
+an image. That means you can change an image reference in your Dockerfile by
+overriding it with a named context. For example, given the following
+Dockerfile:
+
+```dockerfile
+FROM alpine:{{% param example_alpine_version %}}
+```
+
+If you want to force image reference to resolve to a different version, without
+changing the Dockerfile, you can pass a context with the same name to the
+build. For example:
+
+```console
+docker buildx build --build-context alpine:{{% param example_alpine_version %}}=docker-image://alpine:edge .
+```
+
+The `docker-image://` prefix marks the context as an image reference. The
+reference can be a local image or an image in your registry.
+
+### Named contexts with Bake
+
+[Bake](/manuals/build/bake/_index.md) is a tool built into `docker build` that
+lets you manage your build configuration with a configuration file. Bake fully
+supports named contexts.
+
+To define named contexts in a Bake file:
+
+```hcl {title=docker-bake.hcl}
+target "app" {
+  contexts = {
+    docs = "./docs"
+  }
+}
+```
+
+This is equivalent to the following CLI invocation:
+
+```console
+$ docker build --build-context docs=./docs .
+```
+
+#### Linking targets with named contexts
+
+In addition to making complex builds more manageable, Bake also provides
+additional features on top of what you can do with `docker build` on the CLI.
+You can use named contexts to create build pipelines, where one target depends
+on and builds on top of another. For example, consider a Docker build setup
+where you have two Dockerfiles:
+
+- `base.Dockerfile`: for building a base image
+- `app.Dockerfile`: for building an application image
+
+The `app.Dockerfile` uses the image produced by `base.Dockerfile` as it's base
+image:
+
+```dockerfile {title=app.Dockerfile}
+FROM mybaseimage
+```
+
+Normally, you would have to build the base image first, and then either load it
+to Docker Engine's local image store or push it to a registry. With Bake, you
+can reference other targets directly, creating a dependency between the `app`
+target and the `base` target.
+
+```hcl {title=docker-bake.hcl}
+target "base" {
+  dockerfile = "base.Dockerfile"
+}
+
+target "app" {
+  dockerfile = "app.Dockerfile"
+  contexts = {
+    # the target: prefix indicates that 'base' is a Bake target
+    mybaseimage = "target:base"
+  }
+}
+```
+
+With this configuration, references to `mybaseimage` in `app.Dockerfile` use
+the results from building the `base` target. Building the `app` target will
+also trigger a rebuild of `mybaseimage`, if necessary:
+
+```console
+$ docker buildx bake app
+```
+
+### Further reading
+
+For more information about working with named contexts, see:
+
+- [`--build-context` CLI reference](/reference/cli/docker/buildx/build.md#build-context)
+- [Using Bake with additional contexts](/manuals/build/bake/contexts.md)

From e536caae579915a59a15c4c472fcaf33d95dd573 Mon Sep 17 00:00:00 2001
From: Brandon Hunt <101275235+brandonh6k@users.noreply.github.com>
Date: Mon, 27 Jan 2025 03:33:29 -0700
Subject: [PATCH 6/6] Merge pull request #21877 from brandonh6k/main

Update dotnet to .NET 8.0 (LTS)
---
 content/guides/dotnet/containerize.md |  2 +-
 content/guides/dotnet/develop.md      |  8 ++++----
 content/guides/dotnet/run-tests.md    | 16 ++++++++--------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/content/guides/dotnet/containerize.md b/content/guides/dotnet/containerize.md
index 0d297b767e02..146874ca9d8c 100644
--- a/content/guides/dotnet/containerize.md
+++ b/content/guides/dotnet/containerize.md
@@ -60,7 +60,7 @@ Let's get started!
 
 ? What application platform does your project use? ASP.NET Core
 ? What's the name of your solution's main project? myWebApp
-? What version of .NET do you want to use? 6.0
+? What version of .NET do you want to use? 8.0
 ? What local port do you want to use to access your server? 8080
 ```
 
diff --git a/content/guides/dotnet/develop.md b/content/guides/dotnet/develop.md
index baf32627ef58..accf7622723b 100644
--- a/content/guides/dotnet/develop.md
+++ b/content/guides/dotnet/develop.md
@@ -307,19 +307,19 @@ The following is the updated Dockerfile.
 ```Dockerfile {hl_lines="10-13"}
 # syntax=docker/dockerfile:1
 
-FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
 ARG TARGETARCH
 COPY . /source
 WORKDIR /source/src
 RUN --mount=type=cache,id=nuget,target=/root/.nuget/packages \
     dotnet publish -a ${TARGETARCH/amd64/x64} --use-current-runtime --self-contained false -o /app
 
-FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS development
+FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS development
 COPY . /source
 WORKDIR /source/src
 CMD dotnet run --no-launch-profile
 
-FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine AS final
+FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS final
 WORKDIR /app
 COPY --from=build /app .
 ARG UID=10001
@@ -380,7 +380,7 @@ secrets:
     file: db/password.txt
 ```
 
-Your containerized application will now use the `mcr.microsoft.com/dotnet/sdk:6.0-alpine` image, which includes development tools like `dotnet test`. Continue to the next section to learn how you can run `dotnet test`.
+Your containerized application will now use the `mcr.microsoft.com/dotnet/sdk:8.0-alpine` image, which includes development tools like `dotnet test`. Continue to the next section to learn how you can run `dotnet test`.
 
 ## Summary
 
diff --git a/content/guides/dotnet/run-tests.md b/content/guides/dotnet/run-tests.md
index 1a6f2eb2ee70..1e404c345965 100644
--- a/content/guides/dotnet/run-tests.md
+++ b/content/guides/dotnet/run-tests.md
@@ -36,7 +36,7 @@ You should see output that contains the following.
 Starting test execution, please wait...
 A total of 1 test files matched the specified pattern.
 
-Passed!  - Failed:     0, Passed:     1, Skipped:     0, Total:     1, Duration: < 1 ms - /source/tests/bin/Debug/net6.0/tests.dll (net6.0)
+Passed!  - Failed:     0, Passed:     1, Skipped:     0, Total:     1, Duration: < 1 ms - /source/tests/bin/Debug/net8.0/tests.dll (net8.0)
 ```
 
 To learn more about the command, see [docker compose run](/reference/cli/docker/compose/run/).
@@ -50,7 +50,7 @@ The following is the updated Dockerfile.
 ```dockerfile {hl_lines="9"}
 # syntax=docker/dockerfile:1
 
-FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS build
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
 ARG TARGETARCH
 COPY . /source
 WORKDIR /source/src
@@ -58,12 +58,12 @@ RUN --mount=type=cache,id=nuget,target=/root/.nuget/packages \
     dotnet publish -a ${TARGETARCH/amd64/x64} --use-current-runtime --self-contained false -o /app
 RUN dotnet test /source/tests
 
-FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS development
+FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS development
 COPY . /source
 WORKDIR /source/src
 CMD dotnet run --no-launch-profile
 
-FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine AS final
+FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS final
 WORKDIR /app
 COPY --from=build /app .
 ARG UID=10001
@@ -92,16 +92,16 @@ You should see output containing the following.
 #11 1.564   Determining projects to restore...
 #11 3.421   Restored /source/src/myWebApp.csproj (in 1.02 sec).
 #11 19.42   Restored /source/tests/tests.csproj (in 17.05 sec).
-#11 27.91   myWebApp -> /source/src/bin/Debug/net6.0/myWebApp.dll
-#11 28.47   tests -> /source/tests/bin/Debug/net6.0/tests.dll
-#11 28.49 Test run for /source/tests/bin/Debug/net6.0/tests.dll (.NETCoreApp,Version=v6.0)
+#11 27.91   myWebApp -> /source/src/bin/Debug/net8.0/myWebApp.dll
+#11 28.47   tests -> /source/tests/bin/Debug/net8.0/tests.dll
+#11 28.49 Test run for /source/tests/bin/Debug/net8.0/tests.dll (.NETCoreApp,Version=v8.0)
 #11 28.67 Microsoft (R) Test Execution Command Line Tool Version 17.3.3 (x64)
 #11 28.67 Copyright (c) Microsoft Corporation.  All rights reserved.
 #11 28.68
 #11 28.97 Starting test execution, please wait...
 #11 29.03 A total of 1 test files matched the specified pattern.
 #11 32.07
-#11 32.08 Passed!  - Failed:     0, Passed:     1, Skipped:     0, Total:     1, Duration: < 1 ms - /source/tests/bin/Debug/net6.0/tests.dll (net6.0)
+#11 32.08 Passed!  - Failed:     0, Passed:     1, Skipped:     0, Total:     1, Duration: < 1 ms - /source/tests/bin/Debug/net8.0/tests.dll (net8.0)
 #11 DONE 32.2s
 ```