From 3e3a01f57ed5407dde366109fccbd9a8ae675f3c Mon Sep 17 00:00:00 2001 From: crazy-max <1951866+crazy-max@users.noreply.github.com> Date: Tue, 18 Mar 2025 14:26:43 +0000 Subject: [PATCH 1/5] vendor: github.com/docker/buildx v0.22.0 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- _vendor/modules.txt | 2 +- data/buildx/docker_buildx_bake.yaml | 27 +++++++++-- data/buildx/docker_buildx_history.yaml | 2 + data/buildx/docker_buildx_history_import.yaml | 46 +++++++++++++++++++ go.mod | 4 +- go.sum | 2 + 6 files changed, 77 insertions(+), 6 deletions(-) create mode 100644 data/buildx/docker_buildx_history_import.yaml diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 1dd17acc4c24..16698adfcd05 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v28.0.1+incompatible # github.com/moby/buildkit v0.20.1 -# github.com/docker/buildx v0.21.3 +# github.com/docker/buildx v0.22.0 # github.com/docker/cli v28.0.1+incompatible # github.com/docker/compose/v2 v2.34.0 # github.com/docker/scout-cli v1.15.0 diff --git a/data/buildx/docker_buildx_bake.yaml b/data/buildx/docker_buildx_bake.yaml index 14666cf341a3..066d67119da0 100644 --- a/data/buildx/docker_buildx_bake.yaml +++ b/data/buildx/docker_buildx_bake.yaml @@ -515,18 +515,22 @@ examples: |- ```console $ docker buildx bake --set target.args.mybuildarg=value $ docker buildx bake --set target.platform=linux/arm64 - $ docker buildx bake --set foo*.args.mybuildarg=value # overrides build arg for all targets starting with 'foo' - $ docker buildx bake --set *.platform=linux/arm64 # overrides platform for all targets - $ docker buildx bake --set foo*.no-cache # bypass caching only for targets starting with 'foo' + $ docker buildx bake --set foo*.args.mybuildarg=value # overrides build arg for all targets starting with 'foo' + $ docker buildx bake --set *.platform=linux/arm64 # overrides platform for all targets + $ docker buildx bake --set foo*.no-cache # bypass caching only for targets starting with 'foo' + $ docker buildx bake --set target.platform+=linux/arm64 # appends 'linux/arm64' to the platform list ``` You can override the following fields: + * `annotations` + * `attest` * `args` * `cache-from` * `cache-to` * `context` * `dockerfile` + * `entitlements` * `labels` * `load` * `no-cache` @@ -539,6 +543,23 @@ examples: |- * `ssh` * `tags` * `target` + + You can append using `+=` operator for the following fields: + + * `annotations`¹ + * `attest`¹ + * `cache-from` + * `cache-to` + * `entitlements`¹ + * `no-cache-filter` + * `output` + * `platform` + * `secrets` + * `ssh` + * `tags` + + > [!NOTE] + > ¹ These fields already append by default. deprecated: false hidden: false experimental: false diff --git a/data/buildx/docker_buildx_history.yaml b/data/buildx/docker_buildx_history.yaml index eaf966456fe8..e563d56c7bea 100644 --- a/data/buildx/docker_buildx_history.yaml +++ b/data/buildx/docker_buildx_history.yaml @@ -5,6 +5,7 @@ usage: docker buildx history pname: docker buildx plink: docker_buildx.yaml cname: + - docker buildx history import - docker buildx history inspect - docker buildx history logs - docker buildx history ls @@ -12,6 +13,7 @@ cname: - docker buildx history rm - docker buildx history trace clink: + - docker_buildx_history_import.yaml - docker_buildx_history_inspect.yaml - docker_buildx_history_logs.yaml - docker_buildx_history_ls.yaml diff --git a/data/buildx/docker_buildx_history_import.yaml b/data/buildx/docker_buildx_history_import.yaml new file mode 100644 index 000000000000..089a7b328da0 --- /dev/null +++ b/data/buildx/docker_buildx_history_import.yaml @@ -0,0 +1,46 @@ +command: docker buildx history import +short: Import a build into Docker Desktop +long: Import a build into Docker Desktop +usage: docker buildx history import [OPTIONS] < bundle.dockerbuild +pname: docker buildx history +plink: docker_buildx_history.yaml +options: + - option: file + shorthand: f + value_type: stringArray + default_value: '[]' + description: Import from a file path + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +inherited_options: + - option: builder + value_type: string + description: Override the configured builder instance + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: debug + shorthand: D + value_type: bool + default_value: "false" + description: Enable debug logging + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false +deprecated: false +hidden: false +experimental: false +experimentalcli: false +kubernetes: false +swarm: false + diff --git a/go.mod b/go.mod index fe250809f80b..9433cab62826 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/docker/docs go 1.23.6 require ( - github.com/docker/buildx v0.21.3 // indirect + github.com/docker/buildx v0.22.0 // indirect github.com/docker/cli v28.0.1+incompatible // indirect github.com/docker/compose/v2 v2.34.0 // indirect github.com/docker/scout-cli v1.15.0 // indirect @@ -12,7 +12,7 @@ require ( ) replace ( - github.com/docker/buildx => github.com/docker/buildx v0.21.3 + github.com/docker/buildx => github.com/docker/buildx v0.22.0 github.com/docker/cli => github.com/docker/cli v28.0.1+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.34.0 github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0 diff --git a/go.sum b/go.sum index d311417d379a..a57e80b192e6 100644 --- a/go.sum +++ b/go.sum @@ -100,6 +100,8 @@ github.com/docker/buildx v0.21.2 h1:r09paH8q9nvAX2PR1ntRrc+C6FBH93bvKUsn1WOb/jU= github.com/docker/buildx v0.21.2/go.mod h1:8V4UMnlKsaGYwz83BygmIbJIFEAYGHT6KAv8akDZmqo= github.com/docker/buildx v0.21.3 h1:LEmhk3D9WOboMeC+hlfOUnB1jylXcDfGHjqAL7Tvwks= github.com/docker/buildx v0.21.3/go.mod h1:8V4UMnlKsaGYwz83BygmIbJIFEAYGHT6KAv8akDZmqo= +github.com/docker/buildx v0.22.0 h1:pGTcGZa+kxpYUlM/6ACsp1hXhkEDulz++RNXPdE8Afk= +github.com/docker/buildx v0.22.0/go.mod h1:ThbnUe4kNiStlq6cLXruElyEdSTdPL3k/QerNUmPvHE= github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM= github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw= From 01f9f3d8ae140e5d3f4852ecb9251ddcfe1a768e Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Tue, 18 Mar 2025 15:35:15 +0100 Subject: [PATCH 2/5] buildx: buildx history import stub Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .../cli/docker/buildx/history/import.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 content/reference/cli/docker/buildx/history/import.md diff --git a/content/reference/cli/docker/buildx/history/import.md b/content/reference/cli/docker/buildx/history/import.md new file mode 100644 index 000000000000..cd918893cdda --- /dev/null +++ b/content/reference/cli/docker/buildx/history/import.md @@ -0,0 +1,16 @@ +--- +datafolder: buildx +datafile: docker_buildx_history_import +title: docker buildx history import +layout: cli +aliases: +- /engine/reference/commandline/buildx_history_import/ +--- + + From f54284dfb157b03b906c6d3ebb344148eda4b15e Mon Sep 17 00:00:00 2001 From: Guillaume Lours <705411+glours@users.noreply.github.com> Date: Wed, 19 Mar 2025 12:10:09 +0100 Subject: [PATCH 3/5] correct compose down example with profile (#22278) The down command used with profile will stop the services with a given profile but also all the services without any profiles ## Description Correct the section of stopping services with a specific profile in the how-to profile documentation page ## Related issues or tickets https://github.com/docker/compose/issues/12648 ## Reviews - [ ] Technical review - [x] Editorial review - [ ] Product review Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com> --- content/includes/compose/profiles.md | 2 +- content/manuals/compose/how-tos/profiles.md | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/content/includes/compose/profiles.md b/content/includes/compose/profiles.md index 03802cedba14..b019bde24285 100644 --- a/content/includes/compose/profiles.md +++ b/content/includes/compose/profiles.md @@ -1 +1 @@ -Profiles help you adjust your Compose application for different environments or use cases by selectively activating services. Services can be assigned to one or more profiles; unassigned services start by default, while assigned ones only start when their profile is active. This setup means specific services, like those for debugging or development, to be included in a single `compose.yml` file and activated only as needed. +Profiles help you adjust your Compose application for different environments or use cases by selectively activating services. Services can be assigned to one or more profiles; unassigned services start/stop by default, while assigned ones only start/stop when their profile is active. This setup means specific services, like those for debugging or development, to be included in a single `compose.yml` file and activated only as needed. diff --git a/content/manuals/compose/how-tos/profiles.md b/content/manuals/compose/how-tos/profiles.md index 416d397d3d16..9f745510b94b 100644 --- a/content/manuals/compose/how-tos/profiles.md +++ b/content/manuals/compose/how-tos/profiles.md @@ -175,7 +175,7 @@ $ docker compose --profile dev up phpmyadmin $ COMPOSE_PROFILES=dev docker compose up phpmyadmin ``` -## Stop specific profiles +## Stop application and services with specific profiles As with starting specific profiles, you can use the `--profile` [command-line option](/reference/cli/docker/compose.md#use--p-to-specify-a-project-name) or use the [`COMPOSE_PROFILES` environment variable](environment-variables/envvars.md#compose_profiles): @@ -187,7 +187,7 @@ $ docker compose --profile debug down $ COMPOSE_PROFILES=debug docker compose down ``` -Both commands stop and remove services with the `debug` profile. In the following `compose.yaml` file, this stops the services `db` and `phpmyadmin`. +Both commands stop and remove services with the `debug` profile and services without a profile. In the following `compose.yaml` file, this stops the services `db`, `backend` and `phpmyadmin`. ```yaml services: @@ -207,6 +207,15 @@ services: image: mysql ``` +if you only want to stop the `phpmyadmin` service, you can run +```console +$ docker compose down phpmyadmin +``` +or +```console +$ docker compose stop phpmyadmin +``` + > [!NOTE] > > Running `docker compose down` only stops `backend` and `db`. From 45aeb0c83a5621f69d605af295a0d2f66ba7be14 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 19 Mar 2025 11:06:52 -0400 Subject: [PATCH 4/5] chore: add contact support button (#22275) ## Description - Removes Support link to WWW from footer - Replaces w/ Contact support button in footer that goes to the support form - This is an improvement to the get support experience from Docs, testing to see how this new format and configuration works **Do not merge, waiting for final approval from Support** ## Related issues or tickets - [ENGDOCS-2484](https://docker.atlassian.net/browse/ENGDOCS-2484) ## Reviews - [ ] Editorial review - [ ] Product review [ENGDOCS-2484]: https://docker.atlassian.net/browse/ENGDOCS-2484?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- hugo_stats.json | 2 ++ layouts/partials/components/support-button.html | 7 +++++++ layouts/partials/footer.html | 6 ++++-- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 layouts/partials/components/support-button.html diff --git a/hugo_stats.json b/hugo_stats.json index e7379312f29b..4d34be18e7ed 100644 --- a/hugo_stats.json +++ b/hugo_stats.json @@ -418,6 +418,7 @@ "pb-0.5", "pb-1", "pb-2", + "pb-20", "pb-4", "pb-8", "pl-1", @@ -429,6 +430,7 @@ "placeholder:text-white", "pr-2", "prose", + "pt-10", "pt-2", "pt-4", "px-1", diff --git a/layouts/partials/components/support-button.html b/layouts/partials/components/support-button.html new file mode 100644 index 000000000000..5680f6f6b0a0 --- /dev/null +++ b/layouts/partials/components/support-button.html @@ -0,0 +1,7 @@ + + Contact support + \ No newline at end of file diff --git a/layouts/partials/footer.html b/layouts/partials/footer.html index 4158b0c70da2..07072f380eb8 100644 --- a/layouts/partials/footer.html +++ b/layouts/partials/footer.html @@ -1,10 +1,12 @@ -
+
+ {{ partialCached "components/support-button.html" . }} +
+
Product offerings Pricing About us - Support {{- with .GetPage "/contribute" }} {{ .LinkTitle }} {{- end }} From 030c686cfdb540f8bc91b4942707b75a4283b906 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Wed, 19 Mar 2025 15:56:06 +0000 Subject: [PATCH 5/5] engine: v28.0.2 (#22242) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Signed-off-by: Paweł Gronowski Co-authored-by: aevesdocker --- content/manuals/engine/release-notes/28.md | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 784d1cbb88cb..95a2e6e936f4 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -22,6 +22,67 @@ For more information about: - Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md). - Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history.md). +## 28.0.2 + +{{< release-date date="2025-03-19" >}} + +For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: + +- [docker/cli, 28.0.2 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.2) +- [moby/moby, 28.0.2 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.2) + +### Bug fixes and enhancements + +- Fix CLI-specific attributes (`docker.cli.*`) being unintentionally passed to downstream OTel services. [docker/cli#5842](https://github.com/docker/cli/pull/5842) +- Fix an issue where user-specified `OTEL_RESOURCE_ATTRIBUTES` were being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. [docker/cli#5842](https://github.com/docker/cli/pull/5842) +- Fix the daemon failing to start on Windows when a container created before v28.0.0 was present. [moby/moby#49626](https://github.com/moby/moby/pull/49626) +- Fix possible error on `docker buildx prune` with `--min-free-space`. [moby/moby#49623](https://github.com/moby/moby/pull/49623) +- Fix spurious `io: read/write on closed pipe` error in the daemon log when closing a container. [moby/moby#49590](https://github.com/moby/moby/pull/49590) +- Fix the Docker daemon failing too early if the containerd socket isn't immediately available. [moby/moby#49603](https://github.com/moby/moby/pull/49603) +- Mask Linux thermal interrupt info in a container's `/proc` and `/sys` by default. Mitigates potential [Thermal Side-Channel Vulnerability Exploit](https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm). [moby/moby#49560](https://github.com/moby/moby/pull/49560) +- Update `contrib/check-config.sh` to check for more kernel modules related to iptables. [moby/moby#49622](https://github.com/moby/moby/pull/49622) +- containerd image store: Fix integer overflow in User ID handling passed via `--user`. [moby/moby#49652](https://github.com/moby/moby/pull/49652) +- containerd image store: Fix spurious `reference for unknown type: application/vnd.in-toto+json` warning being logged to the daemon's log. [moby/moby#49652](https://github.com/moby/moby/pull/49652) +- containerd image store: Improve performance of `docker ps` when running a large number of containers. [moby/moby#49365](https://github.com/moby/moby/pull/49365) + +### Packaging updates + +- Update BuildKit to [v0.20.1](https://github.com/moby/buildkit/releases/tag/v0.20.1). [moby/moby#49587](https://github.com/moby/moby/pull/49587) +- Update Buildx to [v0.22.0](https://github.com/docker/buildx/releases/tag/v0.22.0). [docker/docker-ce-packaging#1175](https://github.com/docker/docker-ce-packaging/pull/1175) +- Update Compose to [v2.34.0](https://github.com/docker/compose/releases/tag/v2.34.0). [docker/docker-ce-packaging#1172](https://github.com/docker/docker-ce-packaging/pull/1172) +- Update Go runtime to [1.23.7](https://go.dev/doc/devel/release#go1.23.7). [docker/cli#5890](https://github.com/docker/cli/pull/5890), [docker/docker-ce-packaging#1171](https://github.com/docker/docker-ce-packaging/pull/1171), [moby/moby#49580](https://github.com/moby/moby/pull/49580) +- Update RootlessKit to [v2.3.4](https://github.com/rootless-containers/rootlesskit/releases/tag/v2.3.4). [moby/moby#49614](https://github.com/moby/moby/pull/49614) +- Update containerd (static binaries only) to [v1.7.27](https://www.github.com/containerd/containerd/releases/tag/v1.7.27). [moby/moby#49656](https://github.com/moby/moby/pull/49656) + +### Networking + +- Add the environment variable `DOCKER_INSECURE_NO_IPTABLES_RAW=1` to allow Docker to run on systems where the Linux kernel can't provide `CONFIG_IP_NF_RAW` support. When enabled, Docker will not create rules in the iptables `raw` table. Warning: This is not recommended for production environments as it reduces security by allowing other hosts on the local network to route to ports published to host addresses, even when they are published to `127.0.0.1.` This option bypasses some of the security hardening introduced in Docker Engine 28.0.0. [moby/moby#49621](https://github.com/moby/moby/pull/49621) +- Allow container startup when an endpoint is attached to a macvlan network driver where the parent interface is down. [moby/moby#49630](https://github.com/moby/moby/pull/49630) +- Do not skip DNAT for packets originating in a `gateway_mode=routed` network. [moby/moby#49577](https://github.com/moby/moby/pull/49577) +- Fix a bug causing `docker ps` to inconsistently report dual-stack port mappings. [moby/moby#49657](https://github.com/moby/moby/pull/49657) +- Fix a bug that could cause `docker-proxy` to stop forwarding UDP datagrams to containers. [moby/moby#49649](https://github.com/moby/moby/pull/49649) +- Fix a bug that was causing `docker-proxy` to close UDP connections to containers eagerly and resulting in the source address to change needlessly. [moby/moby#49649](https://github.com/moby/moby/pull/49649) + +### Go SDK + +- Move various types and consts from `cli-plugins/manager` to a separate package. [docker/cli#5902](https://github.com/docker/cli/pull/5902) +- Update minimum required Go version to go1.23. [moby/moby#49541](https://github.com/moby/moby/pull/49541) +- `cli/command`: Move `PrettyPrint` utility to `cli/command/formatter`. [docker/cli#5916](https://github.com/docker/cli/pull/5916) +- runconfig/errors: split `ErrConflictHostNetwork` into `ErrConflictConnectToHostNetwork` and `ErrConflictDisconnectFromHostNetwork`. [moby/moby#49605](https://github.com/moby/moby/pull/49605) + +### Deprecations + +- Go-SDK: Deprecate `cli-plugins/manager.ResourceAttributesEnvvar` constant. It was used internally, but holds the `OTEL_RESOURCE_ATTRIBUTES` name, which is part of the OpenTelemetry specification. Users of this constant should define their own. It will be removed in the next release. [docker/cli#5881](https://github.com/docker/cli/pull/5881) +- Go-SDK: Deprecate `opts.PortOpt`, `opts.ConfigOpt` and `opts.SecretOpt`. These types were moved to the `opts/swarmopts` package. [docker/cli#5907](https://github.com/docker/cli/pull/5907) +- Go-SDK: Remove `service/logs` package. [docker/cli#5910](https://github.com/docker/cli/pull/5910) +- Go-SDK: `cli/command/image`: Deprecate `PushTrustedReference` and move to `cli/trust`. [docker/cli#5894](https://github.com/docker/cli/pull/5894) +- Go-SDK: `cli/command/image`: Deprecate and internalize `TrustedPush`. [docker/cli#5894](https://github.com/docker/cli/pull/5894) +- Go-SDK: `cli/command`: deprecate `Cli.NotaryClient`: use [`trust.GetNotaryRepository`](https://pkg.go.dev/github.com/docker/cli@v28.0.1+incompatible/cli/trust#GetNotaryRepository) instead. This method is no longer used and will be removed in the next release. [docker/cli#5885](https://github.com/docker/cli/pull/5885) +- Go-SDK: `cli/command`: deprecate `Cli.RegistryClient`. This method was only used internally and will be removed in the next release. Use [`client.NewRegistryClient`](https://pkg.go.dev/github.com/docker/cli@v28.0.1+incompatible/cli/registry/client#NewRegistryClient) instead. [docker/cli#5889](https://github.com/docker/cli/pull/5889), [docker/cli#5889](https://github.com/docker/cli/pull/5889) +- Go-SDK: `registry`: Deprecate `RepositoryInfo.Official` field. [moby/moby#49567](https://github.com/moby/moby/pull/49567) +- Go-SDK: `registry`: deprecate `HostCertsDir`: this function was only used internally and will be removed in the next release. [moby/moby#49612](https://github.com/moby/moby/pull/49612) +- Go-SDK: `registry`: deprecate `SetCertsDir`: the cert-directory is now automatically selected when running with RootlessKit, and should no longer be set manually. [moby/moby#49612](https://github.com/moby/moby/pull/49612) + ## 28.0.1 {{< release-date date="2025-02-26" >}}