diff --git a/_vendor/github.com/docker/buildx/docs/bake-reference.md b/_vendor/github.com/docker/buildx/docs/bake-reference.md index af8cddfc74a7..676fcb99f698 100644 --- a/_vendor/github.com/docker/buildx/docs/bake-reference.md +++ b/_vendor/github.com/docker/buildx/docs/bake-reference.md @@ -1099,6 +1099,7 @@ or interpolate them in attribute values in your Bake file. variable "TAG" { type = string default = "latest" + description: "Tag to use for build" } target "webapp-dev" { @@ -1111,6 +1112,8 @@ You can assign a default value for a variable in the Bake file, or assign a `null` value to it. If you assign a `null` value, Buildx uses the default value from the Dockerfile instead. +You can also add a description of the variable's purpose with the `description` field. This attribute is useful when combined with the `docker buildx bake --list=variables` option, providing a more informative output when listing the available variables in a Bake file. + You can override variable defaults set in the Bake file using environment variables. The following example sets the `TAG` variable to `dev`, overriding the default `latest` value shown in the previous example. diff --git a/_vendor/modules.txt b/_vendor/modules.txt index dcbfe90e17bb..becb4adff7a4 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v28.4.0+incompatible -# github.com/moby/buildkit v0.24.0 -# github.com/docker/buildx v0.28.0 +# github.com/moby/buildkit v0.25.0 +# github.com/docker/buildx v0.29.0 # github.com/docker/cli v28.4.0+incompatible # github.com/docker/compose/v2 v2.39.4 # github.com/docker/model-cli v0.1.41 diff --git a/data/buildx/docker_buildx_bake.yaml b/data/buildx/docker_buildx_bake.yaml index 3aec9c71e871..463ae9d0e532 100644 --- a/data/buildx/docker_buildx_bake.yaml +++ b/data/buildx/docker_buildx_bake.yaml @@ -93,7 +93,8 @@ options: - option: load value_type: bool default_value: "false" - description: Shorthand for `--set=*.output=type=docker` + description: Shorthand for `--set=*.output=type=docker`. Conditional. + details_url: '#load' deprecated: false hidden: false experimental: false @@ -136,7 +137,7 @@ options: value_type: string default_value: auto description: | - Set type of progress output (`auto`, `quiet`, `plain`, `tty`, `rawjson`). Use plain to show container output + Set type of progress output (`auto`, `none`, `plain`, `quiet`, `rawjson`, `tty`). Use plain to show container output details_url: '#progress' deprecated: false hidden: false @@ -168,7 +169,8 @@ options: - option: push value_type: bool default_value: "false" - description: Shorthand for `--set=*.output=type=registry` + description: Shorthand for `--set=*.output=type=registry`. Conditional. + details_url: '#push' deprecated: false hidden: false experimental: false @@ -233,7 +235,7 @@ examples: |- privileges. In addition to BuildKit's `network.host` and `security.insecure` entitlements - (see [`docker buildx build --allow`](/reference/cli/docker/buildx/build/#allow), + (see [`docker buildx build --allow`](/reference/cli/docker/buildx/build/#allow)), Bake supports file system entitlements that grant granular control over file system access. These are particularly useful when working with builds that need access to files outside the default working directory. @@ -388,6 +390,47 @@ examples: |- $ docker buildx bake --list=type=targets,format=json ``` + ### Load images into Docker (--load) {#load} + + The `--load` flag is a convenience shorthand for adding an image export of type + `docker`: + + ```console + --load ≈ --set=*.output=type=docker + ``` + + However, its behavior is conditional: + + - If the build definition has no output defined, `--load` adds + `type=docker`. + - If the build definition’s outputs are `docker`, `image`, `registry`, + `oci`, `--load` will add a `type=docker` export if one is not already present. + - If the build definition contains `local` or `tar` outputs, + `--load` does nothing. It will not override those outputs. + + For example, with the following bake file: + + ```hcl + target "default" { + output = ["type=tar,dest=hi.tar"] + } + ``` + + With `--load`: + + ```console + $ docker buildx bake --load --print + ... + "output": [ + { + "dest": "hi.tar" + "type": "tar", + } + ] + ``` + + The `tar` output remains unchanged. + ### Write build results metadata to a file (--metadata-file) {#metadata-file} Similar to [`buildx build --metadata-file`](/reference/cli/docker/buildx/build/#metadata-file) but @@ -507,6 +550,14 @@ examples: |- Same as `build --pull`. + ### Push images to a registry (--push) {#push} + + The `--push` flag follows the same logic as `--load`: + + - If no outputs are defined, it adds a `type=image,push=true` export. + - For existing `image` outputs, it sets `push=true`. + - If outputs are set to `local` or `tar`, it does not override them. + ### Create SBOM attestations (--sbom) {#sbom} Same as [`build --sbom`](/reference/cli/docker/buildx/build/#sbom). diff --git a/data/buildx/docker_buildx_build.yaml b/data/buildx/docker_buildx_build.yaml index e6f397841013..dd71a1acbc8b 100644 --- a/data/buildx/docker_buildx_build.yaml +++ b/data/buildx/docker_buildx_build.yaml @@ -21,7 +21,7 @@ options: value_type: stringArray default_value: '[]' description: | - Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`) + Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`) details_url: '#allow' deprecated: false hidden: false @@ -345,7 +345,7 @@ options: value_type: string default_value: auto description: | - Set type of progress output (`auto`, `quiet`, `plain`, `tty`, `rawjson`). Use plain to show container output + Set type of progress output (`auto`, `none`, `plain`, `quiet`, `rawjson`, `tty`). Use plain to show container output details_url: '#progress' deprecated: false hidden: false @@ -636,6 +636,10 @@ examples: |- - `network.host` - Allows executions with host networking. - `security.insecure` - Allows executions without sandbox. See [related Dockerfile extensions](/reference/dockerfile/#run---security). + - `device` - Allows access to Container Device Interface (CDI) devices. + - `--allow device` - Grants access to all devices. + - `--allow device=kind|name` - Grants access to a specific device. + - `--allow device=kind|name,alias=kind|name` - Grants access to a specific device, with optional aliasing. For entitlements to be enabled, the BuildKit daemon also needs to allow them with `--allow-insecure-entitlement` (see [`create --buildkitd-flags`](/reference/cli/docker/buildx/create/#buildkitd-flags)). diff --git a/data/buildx/docker_buildx_dap_build.yaml b/data/buildx/docker_buildx_dap_build.yaml index 0dfbeab05de0..e6b451035f08 100644 --- a/data/buildx/docker_buildx_dap_build.yaml +++ b/data/buildx/docker_buildx_dap_build.yaml @@ -27,7 +27,7 @@ options: value_type: stringArray default_value: '[]' description: | - Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`) + Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`) deprecated: false hidden: false experimental: false @@ -334,7 +334,7 @@ options: value_type: string default_value: auto description: | - Set type of progress output (`auto`, `quiet`, `plain`, `tty`, `rawjson`). Use plain to show container output + Set type of progress output (`auto`, `none`, `plain`, `quiet`, `rawjson`, `tty`). Use plain to show container output deprecated: false hidden: false experimental: false diff --git a/data/buildx/docker_buildx_debug_build.yaml b/data/buildx/docker_buildx_debug_build.yaml index 547ae9e122a4..0f53510395cd 100644 --- a/data/buildx/docker_buildx_debug_build.yaml +++ b/data/buildx/docker_buildx_debug_build.yaml @@ -20,7 +20,7 @@ options: value_type: stringArray default_value: '[]' description: | - Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`) + Allow extra privileged entitlement (e.g., `network.host`, `security.insecure`, `device`) deprecated: false hidden: false experimental: false @@ -327,7 +327,7 @@ options: value_type: string default_value: auto description: | - Set type of progress output (`auto`, `quiet`, `plain`, `tty`, `rawjson`). Use plain to show container output + Set type of progress output (`auto`, `none`, `plain`, `quiet`, `rawjson`, `tty`). Use plain to show container output deprecated: false hidden: false experimental: false diff --git a/data/buildx/docker_buildx_dial-stdio.yaml b/data/buildx/docker_buildx_dial-stdio.yaml index 4ba6f40e9af2..c4a8d34e2600 100644 --- a/data/buildx/docker_buildx_dial-stdio.yaml +++ b/data/buildx/docker_buildx_dial-stdio.yaml @@ -20,9 +20,9 @@ options: swarm: false - option: progress value_type: string - default_value: quiet + default_value: none description: | - Set type of progress output (`auto`, `plain`, `tty`, `rawjson`). Use plain to show container output + Set type of progress output (`auto`, `plain`, `rawjson`, `tty`). Use plain to show container output deprecated: false hidden: false experimental: false diff --git a/data/buildx/docker_buildx_imagetools_create.yaml b/data/buildx/docker_buildx_imagetools_create.yaml index 3ade4138ddc9..75bc0fcd7bb9 100644 --- a/data/buildx/docker_buildx_imagetools_create.yaml +++ b/data/buildx/docker_buildx_imagetools_create.yaml @@ -59,6 +59,17 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: platform + shorthand: p + value_type: stringArray + default_value: '[]' + description: Filter specified platforms of target image + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: prefer-index value_type: bool default_value: "true" @@ -74,7 +85,7 @@ options: value_type: string default_value: auto description: | - Set type of progress output (`auto`, `plain`, `tty`, `rawjson`). Use plain to show container output + Set type of progress output (`auto`, `none`, `plain`, `rawjson`, `tty`). Use plain to show container output deprecated: false hidden: false experimental: false diff --git a/go.mod b/go.mod index 6ac34296acc5..1627648ec89e 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/buildx v0.28.0 // indirect + github.com/docker/buildx v0.29.0 // indirect github.com/docker/cli v28.4.0+incompatible // indirect; see "replace" rule at the bottom for actual version github.com/docker/compose/v2 v2.39.4 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect @@ -53,7 +53,7 @@ require ( github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mattn/go-shellwords v1.0.12 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/moby/buildkit v0.24.0 // indirect + github.com/moby/buildkit v0.25.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/moby v28.4.0+incompatible // indirect; see "replace" rule at the bottom for actual version @@ -102,17 +102,17 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/grpc v1.74.2 // indirect - google.golang.org/protobuf v1.36.6 // indirect + google.golang.org/protobuf v1.36.9 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect howett.net/plist v1.0.1 // indirect ) replace ( - github.com/docker/buildx => github.com/docker/buildx v0.28.0 + github.com/docker/buildx => github.com/docker/buildx v0.29.0 github.com/docker/cli => github.com/docker/cli v28.4.0+incompatible - github.com/docker/docker => github.com/docker/docker v28.4.0+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.39.4 + github.com/docker/docker => github.com/docker/docker v28.4.0+incompatible github.com/docker/model-cli => github.com/docker/model-cli v0.1.41 github.com/docker/scout-cli => github.com/docker/scout-cli v1.18.1 github.com/moby/buildkit => github.com/moby/buildkit v0.24.0 diff --git a/go.sum b/go.sum index 16027b8fedb9..89f93b61a67a 100644 --- a/go.sum +++ b/go.sum @@ -42,6 +42,8 @@ github.com/docker/buildx v0.27.0 h1:8QQOqIAMpDItzlmYO5ua/AR2Qttu07hHeOeOxPSbUR8= github.com/docker/buildx v0.27.0/go.mod h1:omZ9N6owYkRoAN79fq+Dfa0RwfR3iblCGuUyThovCpM= github.com/docker/buildx v0.28.0 h1:ZnrVsZ/qQwSOQ4Fx3IgXjiurAwvocaF1YUaPbIXD89E= github.com/docker/buildx v0.28.0/go.mod h1:nLwx58w7xrQbLVSXiWiHpkVhY4ou4ci/hYomc139Vjk= +github.com/docker/buildx v0.29.0 h1:lAo46FeLojGUkFLy8l296CPZPxPVkGWxOfuWP54Xtqw= +github.com/docker/buildx v0.29.0/go.mod h1:J4EFv6oxlPiV1MjO0VyJx2u5tLM7ImDEl9zyB8d4wPI= github.com/docker/cli v28.2.1+incompatible h1:AYyTcuwvhl9dXdyCiXlOGXiIqSNYzTmaDNpxIISPGsM= github.com/docker/cli v28.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v28.3.0+incompatible h1:s+ttruVLhB5ayeuf2BciwDVxYdKi+RoUlxmwNHV3Vfo= @@ -423,6 +425,8 @@ google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw= +google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=