diff --git a/_vendor/github.com/docker/buildx/docs/bake-reference.md b/_vendor/github.com/docker/buildx/docs/bake-reference.md index 2043f6f1b923..a4f236fa5299 100644 --- a/_vendor/github.com/docker/buildx/docs/bake-reference.md +++ b/_vendor/github.com/docker/buildx/docs/bake-reference.md @@ -1350,11 +1350,17 @@ to define them. ### Use environment variable as default -You can set a Bake variable to use the value of an environment variable as a default value: +If an environment variable exists with the same name as a declared Bake +variable, Bake uses that environment variable value instead of the declared +default. + +To disable this environment-based variable lookup, set +`BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP=1`. + ```hcl variable "HOME" { - default = "$HOME" + default = "/root" } ``` diff --git a/_vendor/github.com/docker/buildx/docs/bake-stdlib.md b/_vendor/github.com/docker/buildx/docs/bake-stdlib.md index a5503966e583..569b072bd305 100644 --- a/_vendor/github.com/docker/buildx/docs/bake-stdlib.md +++ b/_vendor/github.com/docker/buildx/docs/bake-stdlib.md @@ -4,112 +4,114 @@ title: Bake standard library functions -| Name | Description | -|:----------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [`absolute`](#absolute) | If the given number is negative then returns its positive equivalent, or otherwise returns the given number unchanged. | -| [`add`](#add) | Returns the sum of the two given numbers. | -| [`and`](#and) | Applies the logical AND operation to the given boolean values. | -| [`base64decode`](#base64decode) | Decodes a string containing a base64 sequence. | -| [`base64encode`](#base64encode) | Encodes a string to a base64 sequence. | -| [`basename`](#basename) | Returns the last element of a path. | -| [`bcrypt`](#bcrypt) | Computes a hash of the given string using the Blowfish cipher. | -| [`byteslen`](#byteslen) | Returns the total number of bytes in the given buffer. | -| [`bytesslice`](#bytesslice) | Extracts a subslice from the given buffer. | -| [`can`](#can) | Tries to evaluate the expression given in its first argument. | -| [`ceil`](#ceil) | Returns the smallest whole number that is greater than or equal to the given value. | -| [`chomp`](#chomp) | Removes one or more newline characters from the end of the given string. | -| [`chunklist`](#chunklist) | Splits a single list into multiple lists where each has at most the given number of elements. | -| [`cidrhost`](#cidrhost) | Calculates a full host IP address within a given IP network address prefix. | -| [`cidrnetmask`](#cidrnetmask) | Converts an IPv4 address prefix given in CIDR notation into a subnet mask address. | -| [`cidrsubnet`](#cidrsubnet) | Calculates a subnet address within a given IP network address prefix. | -| [`cidrsubnets`](#cidrsubnets) | Calculates many consecutive subnet addresses at once, rather than just a single subnet extension. | -| [`coalesce`](#coalesce) | Returns the first of the given arguments that isn't null, or raises an error if there are no non-null arguments. | -| [`coalescelist`](#coalescelist) | Returns the first of the given sequences that has a length greater than zero. | -| [`compact`](#compact) | Removes all empty string elements from the given list of strings. | -| [`concat`](#concat) | Concatenates together all of the given lists or tuples into a single sequence, preserving the input order. | -| [`contains`](#contains) | Returns true if the given value is a value in the given list, tuple, or set, or false otherwise. | -| [`convert`](#convert) | Converts a value to a specified type constraint, using HCL's customdecode extension for type expression support. | -| [`csvdecode`](#csvdecode) | Parses the given string as Comma Separated Values (as defined by RFC 4180) and returns a map of objects representing the table of data, using the first row as a header row to define the object attributes. | -| [`dirname`](#dirname) | Returns the directory of a path. | -| [`distinct`](#distinct) | Removes any duplicate values from the given list, preserving the order of remaining elements. | -| [`divide`](#divide) | Divides the first given number by the second. | -| [`element`](#element) | Returns the element with the given index from the given list or tuple, applying the modulo operation to the given index if it's greater than the number of elements. | -| [`equal`](#equal) | Returns true if the two given values are equal, or false otherwise. | -| [`flatten`](#flatten) | Transforms a list, set, or tuple value into a tuple by replacing any given elements that are themselves sequences with a flattened tuple of all of the nested elements concatenated together. | -| [`floor`](#floor) | Returns the greatest whole number that is less than or equal to the given value. | -| [`format`](#format) | Constructs a string by applying formatting verbs to a series of arguments, using a similar syntax to the C function \"printf\". | -| [`formatdate`](#formatdate) | Formats a timestamp given in RFC 3339 syntax into another timestamp in some other machine-oriented time syntax, as described in the format string. | -| [`formatlist`](#formatlist) | Constructs a list of strings by applying formatting verbs to a series of arguments, using a similar syntax to the C function \"printf\". | -| [`greaterthan`](#greaterthan) | Returns true if and only if the second number is greater than the first. | -| [`greaterthanorequalto`](#greaterthanorequalto) | Returns true if and only if the second number is greater than or equal to the first. | -| [`hasindex`](#hasindex) | Returns true if if the given collection can be indexed with the given key without producing an error, or false otherwise. | -| [`homedir`](#homedir) | Returns the current user's home directory. | -| [`indent`](#indent) | Adds a given number of spaces after each newline character in the given string. | -| [`index`](#index) | Returns the element with the given key from the given collection, or raises an error if there is no such element. | -| [`indexof`](#indexof) | Finds the element index for a given value in a list. | -| [`int`](#int) | Discards any fractional portion of the given number. | -| [`join`](#join) | Concatenates together the elements of all given lists with a delimiter, producing a single string. | -| [`jsondecode`](#jsondecode) | Parses the given string as JSON and returns a value corresponding to what the JSON document describes. | -| [`jsonencode`](#jsonencode) | Returns a string containing a JSON representation of the given value. | -| [`keys`](#keys) | Returns a list of the keys of the given map in lexicographical order. | -| [`length`](#length) | Returns the number of elements in the given collection. | -| [`lessthan`](#lessthan) | Returns true if and only if the second number is less than the first. | -| [`lessthanorequalto`](#lessthanorequalto) | Returns true if and only if the second number is less than or equal to the first. | -| [`log`](#log) | Returns the logarithm of the given number in the given base. | -| [`lookup`](#lookup) | Returns the value of the element with the given key from the given map, or returns the default value if there is no such element. | -| [`lower`](#lower) | Returns the given string with all Unicode letters translated to their lowercase equivalents. | -| [`max`](#max) | Returns the numerically greatest of all of the given numbers. | -| [`md5`](#md5) | Computes the MD5 hash of a given string and encodes it with hexadecimal digits. | -| [`merge`](#merge) | Merges all of the elements from the given maps into a single map, or the attributes from given objects into a single object. | -| [`min`](#min) | Returns the numerically smallest of all of the given numbers. | -| [`modulo`](#modulo) | Divides the first given number by the second and then returns the remainder. | -| [`multiply`](#multiply) | Returns the product of the two given numbers. | -| [`negate`](#negate) | Multiplies the given number by -1. | -| [`not`](#not) | Applies the logical NOT operation to the given boolean value. | -| [`notequal`](#notequal) | Returns false if the two given values are equal, or true otherwise. | -| [`or`](#or) | Applies the logical OR operation to the given boolean values. | -| [`parseint`](#parseint) | Parses the given string as a number of the given base, or raises an error if the string contains invalid characters. | -| [`pow`](#pow) | Returns the given number raised to the given power (exponentiation). | -| [`range`](#range) | Returns a list of numbers spread evenly over a particular range. | -| [`regex`](#regex) | Applies the given regular expression pattern to the given string and returns information about a single match, or raises an error if there is no match. | -| [`regex_replace`](#regex_replace) | Applies the given regular expression pattern to the given string and replaces all matches with the given replacement string. | -| [`regexall`](#regexall) | Applies the given regular expression pattern to the given string and returns a list of information about all non-overlapping matches, or an empty list if there are no matches. | -| [`replace`](#replace) | Replaces all instances of the given substring in the given string with the given replacement string. | -| [`reverse`](#reverse) | Returns the given string with all of its Unicode characters in reverse order. | -| [`reverselist`](#reverselist) | Returns the given list with its elements in reverse order. | -| [`rsadecrypt`](#rsadecrypt) | Decrypts an RSA-encrypted ciphertext. | -| [`sanitize`](#sanitize) | Replaces all non-alphanumeric characters with a underscore, leaving only characters that are valid for a Bake target name. | -| [`semvercmp`](#semvercmp) | Returns true if version satisfies a constraint. | -| [`sethaselement`](#sethaselement) | Returns true if the given set contains the given element, or false otherwise. | -| [`setintersection`](#setintersection) | Returns the intersection of all given sets. | -| [`setproduct`](#setproduct) | Calculates the cartesian product of two or more sets. | -| [`setsubtract`](#setsubtract) | Returns the relative complement of the two given sets. | -| [`setsymmetricdifference`](#setsymmetricdifference) | Returns the symmetric difference of the two given sets. | -| [`setunion`](#setunion) | Returns the union of all given sets. | -| [`sha1`](#sha1) | Computes the SHA1 hash of a given string and encodes it with hexadecimal digits. | -| [`sha256`](#sha256) | Computes the SHA256 hash of a given string and encodes it with hexadecimal digits. | -| [`sha512`](#sha512) | Computes the SHA512 hash of a given string and encodes it with hexadecimal digits. | -| [`signum`](#signum) | Returns 0 if the given number is zero, 1 if the given number is positive, or -1 if the given number is negative. | -| [`slice`](#slice) | Extracts a subslice of the given list or tuple value. | -| [`sort`](#sort) | Applies a lexicographic sort to the elements of the given list. | -| [`split`](#split) | Produces a list of one or more strings by splitting the given string at all instances of a given separator substring. | -| [`strlen`](#strlen) | Returns the number of Unicode characters (technically: grapheme clusters) in the given string. | -| [`substr`](#substr) | Extracts a substring from the given string. | -| [`subtract`](#subtract) | Returns the difference between the two given numbers. | -| [`timeadd`](#timeadd) | Adds the duration represented by the given duration string to the given RFC 3339 timestamp string, returning another RFC 3339 timestamp. | -| [`timestamp`](#timestamp) | Returns a string representation of the current date and time. | -| [`title`](#title) | Replaces one letter after each non-letter and non-digit character with its uppercase equivalent. | -| [`trim`](#trim) | Removes consecutive sequences of characters in "cutset" from the start and end of the given string. | -| [`trimprefix`](#trimprefix) | Removes the given prefix from the start of the given string, if present. | -| [`trimspace`](#trimspace) | Removes any consecutive space characters (as defined by Unicode) from the start and end of the given string. | -| [`trimsuffix`](#trimsuffix) | Removes the given suffix from the start of the given string, if present. | -| [`try`](#try) | Variadic function that tries to evaluate all of is arguments in sequence until one succeeds, in which case it returns that result, or returns an error if none of them succeed. | -| [`upper`](#upper) | Returns the given string with all Unicode letters translated to their uppercase equivalents. | -| [`urlencode`](#urlencode) | Applies URL encoding to a given string. | -| [`uuidv4`](#uuidv4) | Generates and returns a Type-4 UUID in the standard hexadecimal string format. | -| [`uuidv5`](#uuidv5) | Generates and returns a Type-5 UUID in the standard hexadecimal string format. | -| [`values`](#values) | Returns the values of elements of a given map, or the values of attributes of a given object, in lexicographic order by key or attribute name. | -| [`zipmap`](#zipmap) | Constructs a map from a list of keys and a corresponding list of values, which must both be of the same length. | +| Name | Description | +|:----------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [`absolute`](#absolute) | If the given number is negative then returns its positive equivalent, or otherwise returns the given number unchanged. | +| [`add`](#add) | Returns the sum of the two given numbers. | +| [`and`](#and) | Applies the logical AND operation to the given boolean values. | +| [`base64decode`](#base64decode) | Decodes a string containing a base64 sequence. | +| [`base64encode`](#base64encode) | Encodes a string to a base64 sequence. | +| [`basename`](#basename) | Returns the last element of a path. | +| [`bcrypt`](#bcrypt) | Computes a hash of the given string using the Blowfish cipher. | +| [`byteslen`](#byteslen) | Returns the total number of bytes in the given buffer. | +| [`bytesslice`](#bytesslice) | Extracts a subslice from the given buffer. | +| [`can`](#can) | Tries to evaluate the expression given in its first argument. | +| [`ceil`](#ceil) | Returns the smallest whole number that is greater than or equal to the given value. | +| [`chomp`](#chomp) | Removes one or more newline characters from the end of the given string. | +| [`chunklist`](#chunklist) | Splits a single list into multiple lists where each has at most the given number of elements. | +| [`cidrhost`](#cidrhost) | Calculates a full host IP address within a given IP network address prefix. | +| [`cidrnetmask`](#cidrnetmask) | Converts an IPv4 address prefix given in CIDR notation into a subnet mask address. | +| [`cidrsubnet`](#cidrsubnet) | Calculates a subnet address within a given IP network address prefix. | +| [`cidrsubnets`](#cidrsubnets) | Calculates many consecutive subnet addresses at once, rather than just a single subnet extension. | +| [`coalesce`](#coalesce) | Returns the first of the given arguments that isn't null, or raises an error if there are no non-null arguments. | +| [`coalescelist`](#coalescelist) | Returns the first of the given sequences that has a length greater than zero. | +| [`compact`](#compact) | Removes all empty string elements from the given list of strings. | +| [`concat`](#concat) | Concatenates together all of the given lists or tuples into a single sequence, preserving the input order. | +| [`contains`](#contains) | Returns true if the given value is a value in the given list, tuple, or set, or false otherwise. | +| [`convert`](#convert) | Converts a value to a specified type constraint, using HCL's customdecode extension for type expression support. | +| [`csvdecode`](#csvdecode) | Parses the given string as Comma Separated Values (as defined by RFC 4180) and returns a map of objects representing the table of data, using the first row as a header row to define the object attributes. | +| [`dirname`](#dirname) | Returns the directory of a path. | +| [`distinct`](#distinct) | Removes any duplicate values from the given list, preserving the order of remaining elements. | +| [`divide`](#divide) | Divides the first given number by the second. | +| [`element`](#element) | Returns the element with the given index from the given list or tuple, applying the modulo operation to the given index if it's greater than the number of elements. | +| [`equal`](#equal) | Returns true if the two given values are equal, or false otherwise. | +| [`flatten`](#flatten) | Transforms a list, set, or tuple value into a tuple by replacing any given elements that are themselves sequences with a flattened tuple of all of the nested elements concatenated together. | +| [`floor`](#floor) | Returns the greatest whole number that is less than or equal to the given value. | +| [`format`](#format) | Constructs a string by applying formatting verbs to a series of arguments, using a similar syntax to the C function \"printf\". | +| [`formatdate`](#formatdate) | Deprecated: use formattimestamp instead. Formats a timestamp given in RFC 3339 syntax into another timestamp in some other machine-oriented time syntax, as described in the format string. | +| [`formatlist`](#formatlist) | Constructs a list of strings by applying formatting verbs to a series of arguments, using a similar syntax to the C function \"printf\". | +| [`formattimestamp`](#formattimestamp) | Formats a timestamp string in RFC 3339 syntax or a unix timestamp integer into another timestamp in some other machine-oriented time syntax, as described in the format string. The special format string "X" returns the unix timestamp in seconds. | +| [`greaterthan`](#greaterthan) | Returns true if and only if the second number is greater than the first. | +| [`greaterthanorequalto`](#greaterthanorequalto) | Returns true if and only if the second number is greater than or equal to the first. | +| [`hasindex`](#hasindex) | Returns true if if the given collection can be indexed with the given key without producing an error, or false otherwise. | +| [`homedir`](#homedir) | Returns the current user's home directory. | +| [`indent`](#indent) | Adds a given number of spaces after each newline character in the given string. | +| [`index`](#index) | Returns the element with the given key from the given collection, or raises an error if there is no such element. | +| [`indexof`](#indexof) | Finds the element index for a given value in a list. | +| [`int`](#int) | Discards any fractional portion of the given number. | +| [`join`](#join) | Concatenates together the elements of all given lists with a delimiter, producing a single string. | +| [`jsondecode`](#jsondecode) | Parses the given string as JSON and returns a value corresponding to what the JSON document describes. | +| [`jsonencode`](#jsonencode) | Returns a string containing a JSON representation of the given value. | +| [`keys`](#keys) | Returns a list of the keys of the given map in lexicographical order. | +| [`length`](#length) | Returns the number of elements in the given collection. | +| [`lessthan`](#lessthan) | Returns true if and only if the second number is less than the first. | +| [`lessthanorequalto`](#lessthanorequalto) | Returns true if and only if the second number is less than or equal to the first. | +| [`log`](#log) | Returns the logarithm of the given number in the given base. | +| [`lookup`](#lookup) | Returns the value of the element with the given key from the given map, or returns the default value if there is no such element. | +| [`lower`](#lower) | Returns the given string with all Unicode letters translated to their lowercase equivalents. | +| [`max`](#max) | Returns the numerically greatest of all of the given numbers. | +| [`md5`](#md5) | Computes the MD5 hash of a given string and encodes it with hexadecimal digits. | +| [`merge`](#merge) | Merges all of the elements from the given maps into a single map, or the attributes from given objects into a single object. | +| [`min`](#min) | Returns the numerically smallest of all of the given numbers. | +| [`modulo`](#modulo) | Divides the first given number by the second and then returns the remainder. | +| [`multiply`](#multiply) | Returns the product of the two given numbers. | +| [`negate`](#negate) | Multiplies the given number by -1. | +| [`not`](#not) | Applies the logical NOT operation to the given boolean value. | +| [`notequal`](#notequal) | Returns false if the two given values are equal, or true otherwise. | +| [`or`](#or) | Applies the logical OR operation to the given boolean values. | +| [`parseint`](#parseint) | Parses the given string as a number of the given base, or raises an error if the string contains invalid characters. | +| [`pow`](#pow) | Returns the given number raised to the given power (exponentiation). | +| [`range`](#range) | Returns a list of numbers spread evenly over a particular range. | +| [`regex`](#regex) | Applies the given regular expression pattern to the given string and returns information about a single match, or raises an error if there is no match. | +| [`regex_replace`](#regex_replace) | Applies the given regular expression pattern to the given string and replaces all matches with the given replacement string. | +| [`regexall`](#regexall) | Applies the given regular expression pattern to the given string and returns a list of information about all non-overlapping matches, or an empty list if there are no matches. | +| [`replace`](#replace) | Replaces all instances of the given substring in the given string with the given replacement string. | +| [`reverse`](#reverse) | Returns the given string with all of its Unicode characters in reverse order. | +| [`reverselist`](#reverselist) | Returns the given list with its elements in reverse order. | +| [`rsadecrypt`](#rsadecrypt) | Decrypts an RSA-encrypted ciphertext. | +| [`sanitize`](#sanitize) | Replaces all non-alphanumeric characters with a underscore, leaving only characters that are valid for a Bake target name. | +| [`semvercmp`](#semvercmp) | Returns true if version satisfies a constraint. | +| [`sethaselement`](#sethaselement) | Returns true if the given set contains the given element, or false otherwise. | +| [`setintersection`](#setintersection) | Returns the intersection of all given sets. | +| [`setproduct`](#setproduct) | Calculates the cartesian product of two or more sets. | +| [`setsubtract`](#setsubtract) | Returns the relative complement of the two given sets. | +| [`setsymmetricdifference`](#setsymmetricdifference) | Returns the symmetric difference of the two given sets. | +| [`setunion`](#setunion) | Returns the union of all given sets. | +| [`sha1`](#sha1) | Computes the SHA1 hash of a given string and encodes it with hexadecimal digits. | +| [`sha256`](#sha256) | Computes the SHA256 hash of a given string and encodes it with hexadecimal digits. | +| [`sha512`](#sha512) | Computes the SHA512 hash of a given string and encodes it with hexadecimal digits. | +| [`signum`](#signum) | Returns 0 if the given number is zero, 1 if the given number is positive, or -1 if the given number is negative. | +| [`slice`](#slice) | Extracts a subslice of the given list or tuple value. | +| [`sort`](#sort) | Applies a lexicographic sort to the elements of the given list. | +| [`split`](#split) | Produces a list of one or more strings by splitting the given string at all instances of a given separator substring. | +| [`strlen`](#strlen) | Returns the number of Unicode characters (technically: grapheme clusters) in the given string. | +| [`substr`](#substr) | Extracts a substring from the given string. | +| [`subtract`](#subtract) | Returns the difference between the two given numbers. | +| [`timeadd`](#timeadd) | Adds the duration represented by the given duration string to the given RFC 3339 timestamp string, returning another RFC 3339 timestamp. | +| [`timestamp`](#timestamp) | Returns a string representation of the current date and time. | +| [`title`](#title) | Replaces one letter after each non-letter and non-digit character with its uppercase equivalent. | +| [`trim`](#trim) | Removes consecutive sequences of characters in "cutset" from the start and end of the given string. | +| [`trimprefix`](#trimprefix) | Removes the given prefix from the start of the given string, if present. | +| [`trimspace`](#trimspace) | Removes any consecutive space characters (as defined by Unicode) from the start and end of the given string. | +| [`trimsuffix`](#trimsuffix) | Removes the given suffix from the start of the given string, if present. | +| [`try`](#try) | Variadic function that tries to evaluate all of is arguments in sequence until one succeeds, in which case it returns that result, or returns an error if none of them succeed. | +| [`unixtimestampparse`](#unixtimestampparse) | Given a unix timestamp integer, will parse and return an object representation of that date and time. A unix timestamp is the number of seconds elapsed since January 1, 1970 UTC. | +| [`upper`](#upper) | Returns the given string with all Unicode letters translated to their uppercase equivalents. | +| [`urlencode`](#urlencode) | Applies URL encoding to a given string. | +| [`uuidv4`](#uuidv4) | Generates and returns a Type-4 UUID in the standard hexadecimal string format. | +| [`uuidv5`](#uuidv5) | Generates and returns a Type-5 UUID in the standard hexadecimal string format. | +| [`values`](#values) | Returns the values of elements of a given map, or the values of attributes of a given object, in lexicographic order by key or attribute name. | +| [`zipmap`](#zipmap) | Constructs a map from a list of keys and a corresponding list of values, which must both be of the same length. | @@ -532,6 +534,10 @@ target "webapp-dev" { ## `formatdate` +> [!WARNING] +> Deprecated: use `formattimestamp` instead. `formatdate` only accepts RFC3339 +> timestamp strings. + ```hcl # docker-bake.hcl target "webapp-dev" { @@ -543,6 +549,29 @@ target "webapp-dev" { } ``` +## `formattimestamp` + +Formats either an RFC3339 timestamp string or a unix timestamp integer. +The special format `X` returns the unix timestamp in seconds. + +```hcl +# docker-bake.hcl +variable "SOURCE_DATE_EPOCH" { + type = number + default = formattimestamp("X", "2015-10-21T00:00:00Z") # => 1445385600 +} + +target "default" { + dockerfile = "Dockerfile" + labels = { + "org.opencontainers.image.created" = formattimestamp("YYYY-MM-DD'T'hh:mm:ssZ", SOURCE_DATE_EPOCH) # => "2015-10-21T00:00:00Z" + } + args = { + build_date = formattimestamp("YYYY-MM-DD", "2025-09-16T12:00:00Z") # => "2025-09-16" + } +} +``` + ## `formatlist` ```hcl @@ -1409,6 +1438,40 @@ target "webapp-dev" { } ``` +## `unixtimestampparse` + +The returned object has the following attributes: +* `year` (Number) The year for the unix timestamp. +* `year_day` (Number) The day of the year for the unix timestamp, in the range 1-365 for non-leap years, and 1-366 in leap years. +* `day` (Number) The day of the month for the unix timestamp. +* `month` (Number) The month of the year for the unix timestamp. +* `month_name` (String) The name of the month for the unix timestamp (ex. "January"). +* `weekday` (Number) The day of the week for the unix timestamp. +* `weekday_name` (String) The name of the day for the unix timestamp (ex. "Sunday"). +* `hour` (Number) The hour within the day for the unix timestamp, in the range 0-23. +* `minute` (Number) The minute offset within the hour for the unix timestamp, in the range 0-59. +* `second` (Number) The second offset within the minute for the unix timestamp, in the range 0-59. +* `rfc3339` (String) The RFC3339 format string. +* `iso_year` (Number) The ISO 8601 year number. +* `iso_week` (Number) The ISO 8601 week number. + +```hcl +# docker-bake.hcl +variable "SOURCE_DATE_EPOCH" { + type = number + default = 1690328596 +} + +target "default" { + args = { + SOURCE_DATE_EPOCH = SOURCE_DATE_EPOCH + } + labels = { + "org.opencontainers.image.created" = unixtimestampparse(SOURCE_DATE_EPOCH).rfc3339 + } +} +``` + ## `upper` ```hcl diff --git a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md index cef419cac1bb..997e8a6abf72 100644 --- a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md +++ b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md @@ -373,10 +373,16 @@ whitespace, like `${foo}_bar`. The `${variable_name}` syntax also supports a few of the standard `bash` modifiers as specified below: -- `${variable:-word}` indicates that if `variable` is set then the result - will be that value. If `variable` is not set then `word` will be the result. -- `${variable:+word}` indicates that if `variable` is set then `word` will be - the result, otherwise the result is the empty string. +- `${variable:-word}` indicates that if `variable` is set and non-empty then + the result will be that value. If `variable` is unset or empty then `word` + will be the result. +- `${variable-word}` indicates that if `variable` is set (even if empty) then + the result will be that value. If `variable` is unset then `word` will be + the result. +- `${variable:+word}` indicates that if `variable` is set and non-empty then + `word` will be the result, otherwise the result is the empty string. +- `${variable+word}` indicates that if `variable` is set (even if empty) then + `word` will be the result, otherwise the result is the empty string. The following variable replacements are supported in a pre-release version of Dockerfile syntax, when using the `# syntax=docker/dockerfile-upstream:master` syntax @@ -621,6 +627,20 @@ The image can be any valid image. [`COPY --from=`](#copy---from), and [`RUN --mount=type=bind,from=`](#run---mounttypebind) instructions to refer to the image built in this stage. + + Using a previous build stage as the base for a subsequent stage is a common + pattern for sharing a common base environment: + + ```dockerfile + FROM ubuntu AS base + RUN apt-get update && apt-get install -y shared-tooling + + FROM base AS dev + RUN apt-get install -y dev-tooling + + FROM base AS prod + COPY --from=build /app /app + ``` - The `tag` or `digest` values are optional. If you omit either of them, the builder assumes a `latest` tag by default. The builder returns an error if it can't find the `tag` value. @@ -833,12 +853,13 @@ The supported mount types are: This mount type allows binding files or directories to the build container. A bind mount is read-only by default. -| Option | Description | -| ---------------------------------- | ---------------------------------------------------------------------------------------------- | -| `target`, `dst`, `destination`[^1] | Mount path. | -| `source` | Source path in the `from`. Defaults to the root of the `from`. | -| `from` | Build stage, context, or image name for the root of the source. Defaults to the build context. | -| `rw`,`readwrite` | Allow writes on the mount. Written data will be discarded. | +| Option | Description | +| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | +| `target`, `dst`, `destination`[^1] | Mount path. | +| `source` | Source path in the `from`. Defaults to the root of the `from`. | +| `from` | Build stage, context, or image name for the root of the source. Defaults to the build context. | +| `rw`,`readwrite` | Allow writes on the mount. Written data will be discarded after the `RUN` instruction completes and will not be committed to the image layer. | + ### RUN --mount=type=cache @@ -1144,6 +1165,13 @@ Labels included in base images (images in the `FROM` line) are inherited by your image. If a label already exists but with a different value, the most-recently-applied value overrides any previously-set value. +In a multi-stage build, labels from intermediate stages are only present in +the final image if the final stage is directly or indirectly based on them +(via `FROM`). Labels from a stage that you only reference with +`COPY --from` or `RUN --mount=from=` are not included in the output image. +Labels from the base image specified in the final `FROM` instruction are +always inherited. + To view an image's labels, use the `docker image inspect` command. You can use the `--format` option to show just the labels; @@ -1982,6 +2010,26 @@ COPY --parents ./x/./y/*.txt /parents/ # /parents/y/b.txt ``` +The `**` wildcard matches any number of path components, including none, and +can be used to recursively match files across directory levels: + +```dockerfile +# syntax=docker/dockerfile:1 +FROM scratch + +COPY --parents ./src/**/*.txt /parents/ + +# Build context: +# ./src/a.txt +# ./src/x/b.txt +# ./src/x/y/c.txt +# +# Output: +# /parents/src/a.txt +# /parents/src/x/b.txt +# /parents/src/x/y/c.txt +``` + Note that, without the `--parents` flag specified, any filename collision will fail the Linux `cp` operation with an explicit error message (`cp: will not overwrite just-created './x/a.txt' with './y/a.txt'`), where the @@ -2060,8 +2108,8 @@ This allows arguments to be passed to the entry point, i.e., `docker run -d` will pass the `-d` argument to the entry point. You can override the `ENTRYPOINT` instruction using the `docker run --entrypoint` flag. -The shell form of `ENTRYPOINT` prevents any `CMD` command line arguments from -being used. It also starts your `ENTRYPOINT` as a subcommand of `/bin/sh -c`, +The shell form of `ENTRYPOINT` ignores any `CMD` or `docker run` command line +arguments. It also starts your `ENTRYPOINT` as a subcommand of `/bin/sh -c`, which does not pass signals. This means that the executable will not be the container's `PID 1`, and will not receive Unix signals. In this case, your executable doesn't receive a `SIGTERM` from `docker stop `. @@ -2071,8 +2119,14 @@ Only the last `ENTRYPOINT` instruction in the Dockerfile will have an effect. ### Exec form ENTRYPOINT example You can use the exec form of `ENTRYPOINT` to set fairly stable default commands -and arguments and then use either form of `CMD` to set additional defaults that -are more likely to be changed. +and arguments and then use `CMD` to set additional defaults that are more +likely to be changed. + +When combining exec form `ENTRYPOINT` with `CMD`, use the exec form of `CMD` +as well. Using the shell form of `CMD` causes it to be wrapped in +`/bin/sh -c`, which means the `ENTRYPOINT` receives a shell invocation as its +argument rather than the bare command and parameters. See +[Understand how CMD and ENTRYPOINT interact](#understand-how-cmd-and-entrypoint-interact). ```dockerfile FROM ubuntu @@ -2836,6 +2890,11 @@ for instance `SIGKILL`, or an unsigned number that matches a position in the kernel's syscall table, for instance `9`. The default is `SIGTERM` if not defined. +`STOPSIGNAL` applies to the signal sent by `docker stop` (and by the Docker +daemon when stopping a container). It does not affect signals sent by keyboard +shortcuts such as Ctrl+C, which sends `SIGINT` directly to the process +regardless of the `STOPSIGNAL` setting. + The image's default stopsignal can be overridden per container, using the `--stop-signal` flag on `docker run` and `docker create`. @@ -2866,6 +2925,8 @@ The options that can appear before `CMD` are: The health check will first run **interval** seconds after the container is started, and then again **interval** seconds after each previous check completes. +During the **start period**, health checks run at **start interval** frequency +instead. If a single run of the check takes longer than **timeout** seconds then the check is considered to have failed. The process performing the check is abruptly stopped diff --git a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/legacy-key-value-format.md b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/legacy-key-value-format.md index dc43b53cb736..471b0d6ea4b5 100644 --- a/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/legacy-key-value-format.md +++ b/_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/legacy-key-value-format.md @@ -55,3 +55,18 @@ ENV DEPS="\ make" ``` +> [!NOTE] +> Be aware of leading whitespace when converting multi-line legacy syntax to +> the modern `key=value` format. In the legacy format, leading whitespace on +> continuation lines is included in the value. In the modern format with +> quoted values, leading whitespace inside the quotes is also preserved. If +> you don't want leading whitespace in the value, make sure to remove it when +> rewriting to the new format: +> +> ```dockerfile +> ENV DEPS="\ +> curl \ +> git \ +> make" +> ``` + diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 3b042955b7b2..942661d1f1ff 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby/api v1.54.0 -# github.com/moby/buildkit v0.28.0 -# github.com/docker/buildx v0.32.1 -# github.com/docker/cli v29.3.0+incompatible +# github.com/moby/buildkit v0.29.0 +# github.com/docker/buildx v0.33.0 +# github.com/docker/cli v29.3.1+incompatible # github.com/docker/compose/v5 v5.0.2 # github.com/docker/model-runner v1.1.28 diff --git a/data/cli/buildx/docker_buildx_bake.yaml b/data/cli/buildx/docker_buildx_bake.yaml index 68fe69e008cf..4d94d016744e 100644 --- a/data/cli/buildx/docker_buildx_bake.yaml +++ b/data/cli/buildx/docker_buildx_bake.yaml @@ -392,6 +392,24 @@ examples: |- Variable types will be shown when set using the `type` property in the Bake file. + The `--list=variables` option displays variables defined in the Bake file, including their descriptions and default values. + + ### Example: listing variables with descriptions + + ```hcl + variable "GO_VERSION" { + default = "1.22" + description = "Go version used for building the application" + } + ``` + + ```console + $ docker buildx bake --list=variables + + NAME DESCRIPTION DEFAULT + GO_VERSION Go version used for building the application 1.22 + ``` + By default, the output of `docker buildx bake --list` is presented in a table format. Alternatively, you can use a long-form CSV syntax and specify a `format` attribute to output the list in JSON. diff --git a/data/cli/buildx/docker_buildx_dap.yaml b/data/cli/buildx/docker_buildx_dap.yaml index 489fd1e2cb0a..f9c25d12cc69 100644 --- a/data/cli/buildx/docker_buildx_dap.yaml +++ b/data/cli/buildx/docker_buildx_dap.yaml @@ -31,7 +31,7 @@ inherited_options: deprecated: false hidden: false experimental: false -experimentalcli: true +experimentalcli: false kubernetes: false swarm: false diff --git a/data/cli/buildx/docker_buildx_dap_attach.yaml b/data/cli/buildx/docker_buildx_dap_attach.yaml index 8a0409653cbc..d80dbbb746c9 100644 --- a/data/cli/buildx/docker_buildx_dap_attach.yaml +++ b/data/cli/buildx/docker_buildx_dap_attach.yaml @@ -28,7 +28,7 @@ inherited_options: deprecated: false hidden: true experimental: false -experimentalcli: true +experimentalcli: false kubernetes: false swarm: false diff --git a/data/cli/buildx/docker_buildx_dap_build.yaml b/data/cli/buildx/docker_buildx_dap_build.yaml index 43cc6a99a711..44596ceb366c 100644 --- a/data/cli/buildx/docker_buildx_dap_build.yaml +++ b/data/cli/buildx/docker_buildx_dap_build.yaml @@ -546,7 +546,7 @@ examples: |- deprecated: false hidden: false experimental: false -experimentalcli: true +experimentalcli: false kubernetes: false swarm: false diff --git a/data/cli/buildx/docker_buildx_policy_eval.yaml b/data/cli/buildx/docker_buildx_policy_eval.yaml index ba43380f6c87..8887abef9d4b 100644 --- a/data/cli/buildx/docker_buildx_policy_eval.yaml +++ b/data/cli/buildx/docker_buildx_policy_eval.yaml @@ -15,11 +15,31 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: file + shorthand: f + value_type: string + default_value: Dockerfile + description: Policy filename to evaluate + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: filename value_type: string default_value: Dockerfile description: Policy filename to evaluate deprecated: false + hidden: true + experimental: false + experimentalcli: false + kubernetes: false + swarm: false + - option: platform + value_type: string + description: Target platform for policy evaluation + deprecated: false hidden: false experimental: false experimentalcli: false diff --git a/go.mod b/go.mod index f4d24494a667..dd669be95899 100644 --- a/go.mod +++ b/go.mod @@ -8,11 +8,11 @@ go 1.26.0 // // Make sure to add an entry in the "tools" section when adding a new repository. require ( - github.com/docker/buildx v0.32.1 - github.com/docker/cli v29.3.0+incompatible + github.com/docker/buildx v0.33.0 + github.com/docker/cli v29.3.1+incompatible github.com/docker/compose/v5 v5.0.2 github.com/docker/model-runner v1.1.28 - github.com/moby/buildkit v0.28.0 + github.com/moby/buildkit v0.29.0 github.com/moby/moby/api v1.54.0 ) diff --git a/go.sum b/go.sum index 0a74b4e3e486..b15ddc0febf0 100644 --- a/go.sum +++ b/go.sum @@ -70,6 +70,8 @@ github.com/docker/buildx v0.32.0 h1:BjSqjSkQDnwgcsIC8NV3D4i6OKIXqu6xUWrg+G9mq5s= github.com/docker/buildx v0.32.0/go.mod h1:46Le9J2gV41DJ3zuGBc+Lf+ASYA4saGd0y/dGly8Wmg= github.com/docker/buildx v0.32.1 h1:ecen0VNo7UINEv+Wx7xDPlTH5nQ1EaxzFOoslYIISuk= github.com/docker/buildx v0.32.1/go.mod h1:46Le9J2gV41DJ3zuGBc+Lf+ASYA4saGd0y/dGly8Wmg= +github.com/docker/buildx v0.33.0 h1:xuZeuQe/C/2tvLDgiIA6+Ynq3FFWSfsGNWIHM3q1hD8= +github.com/docker/buildx v0.33.0/go.mod h1:7JVma62htERKE5iy5YD1q64PKiAHUzXuhSBd4oq3I74= github.com/docker/cli v29.1.2+incompatible h1:s4QI7drXpIo78OM+CwuthPsO5kCf8cpNsck5PsLVTH8= github.com/docker/cli v29.1.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v29.1.5+incompatible h1:GckbANUt3j+lsnQ6eCcQd70mNSOismSHWt8vk2AX8ao= @@ -80,6 +82,8 @@ github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v29.3.0+incompatible h1:z3iWveU7h19Pqx7alZES8j+IeFQZ1lhTwb2F+V9SVvk= github.com/docker/cli v29.3.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.3.1+incompatible h1:M04FDj2TRehDacrosh7Vlkgc7AuQoWloQkf1PA5hmoI= +github.com/docker/cli v29.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/compose/v5 v5.0.0 h1:J2uMCzJ/5xLcoIVVXvMmPe6HBzVQpmJThKa7Qk7Xldc= github.com/docker/compose/v5 v5.0.0/go.mod h1:BurapGv8zmYnsbSmlpCz5EU2Pi3YFV/PjeUnoFpcw64= github.com/docker/compose/v5 v5.0.1 h1:5yCjDJbwUqcuI+6WNFHNWz2/3vyBDsNnfe8LlFjyxEc= @@ -178,6 +182,7 @@ github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uq github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= github.com/kolesnikovae/go-winjob v1.0.0 h1:OKEtCHB3sYNAiqNwGDhf08Y6luM7C8mP+42rp1N6SeE= github.com/kolesnikovae/go-winjob v1.0.0/go.mod h1:k0joOLP3/NBrRmDQjPV2+oN1TPmEWt6arTNtFjVeQuM= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= @@ -204,6 +209,8 @@ github.com/moby/buildkit v0.27.0 h1:1gtNaMcVE0XXCZrybC32L79A7Ga1JeB7V3PfpCt1bDc= github.com/moby/buildkit v0.27.0/go.mod h1:4STUkNc5t1nf03HS+01UmI2X6FdfOI3XaKt9QNoTsms= github.com/moby/buildkit v0.28.0 h1:rKulfRRSduHJPNpLTk481fHElqN9tps0VUx8YV/5zsA= github.com/moby/buildkit v0.28.0/go.mod h1:RCuOcj/bVsCriBG8NeFzRxjiCFQKnKP7KOVlNTS18t4= +github.com/moby/buildkit v0.29.0 h1:wxLEFbCOJntEDjSNNN2YWd8zxltZxT5muDQ0LzpbtpU= +github.com/moby/buildkit v0.29.0/go.mod h1:Dmv2FeDe34t75QuzeU87rBoZpAAkcpT5zeu4hXzmASc= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= @@ -312,8 +319,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0/go.mod go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.40.0 h1:NOyNnS19BF2SUDApbOKbDtWZ0IK7b8FJ2uAGdIWOGb0= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 h1:QKdN8ly8zEMrByybbQgv8cWBcdAarwmIPZ6FThrWXJs= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 h1:DvJDOPmSWQHWywQS6lKL+pb8s3gBLOZUtw4N+mavW1I= go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=