dockerfile/1.5.1-labs

Usage

# syntax=docker.io/docker/dockerfile:1.5.1-labs

dockerfile/1.5.1

Usage

# syntax=docker.io/docker/dockerfile:1.5.1

Notable changes

• Fix possible panic when warning conditions appear in multi-platform builds #3505

v0.11.0

Welcome to the 0.11.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.5.0 https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0

• BuildKit and compatible frontends can now produce SBOM (Software Bill of Materials) attestations for the build results to show the dependencies of the build. These attestations can be added to images and locally exported files. Using Dockerfiles, SBOM information can be configured to be produced also based on files in intermediate build stages or build context, or run processes that manually define the SBOM dependencies. When exporting an image, layer mapping is also produced that allows tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983 #3358 #3312 #3407 #3408 #3410 #3414 #3422 Read documentation

• BuildKit can now produce a Provenance attestation for the build result in SLSA format. Provenance attestations describe how a build was produced, and what sources/parameters were used. In addition to fields part of the SLSA specification, Buildkit's provenance also exports BuildKit-specific metadata like LLB steps with their source- and layer mapping. Provenance attestation will capture all the build sources visible to BuildKit, for example, not only the Git repository where the project's source is coming from but also the digests of all the container images used during the build. #3240 #3428 #3428 #3462 Read documentation

• BuildKit now supports reproducible builds by setting SOURCE_DATE_EPOCH build argument or source-date-epoch exporter attribute. This deterministic date will be used in image metadata instead of the current time. #2918 #3262 #3152 Read documentation

• OCI annotations can now be set to build results exported as images or OCI layouts. Annotations can be set on both image manifests and indexes, as well as descriptors to them. #3283 #3061 #2975 #2879 Read documentation

• New Build History API allows listening to events about builds starting and completing, and streaming progress of active builds. New commands buildctl debug monitor, buildctl debug logs and buildctl debug get have been added to use this API. Build records also keep OpenTelemetry traces, provenance attestations, and image manifests if they were created by the build. #3294 #3339 #3440

• Build results exported with image, local or tar exporters now support attestations. In addition to builtin SBOM and Provenance attestations, frontends can produce custom attestations in in-toto format #3197 #3070 #3129 #3073 #3063 #2935 #3289 #3389 #3321 #3342 #3461 Read documentation

• New Source type oci-layout:// allows builds to import images from OCI directory structure on the client side. This allows using local versions of the image. #3112 #3300 #3122 #3034 #2971 #2827 #3397

• Build requests now support sending a Source policy definition. A policy can be used to deny access to specific sources (e.g. images or URLs) or only allow access to specific image namespaces. Policies can also be used to modify sources when they are requested by the build, for example, pin a tag requested by the build to a specific digest even if it has already changed in the registry. #3332

• New remote cache backend: Azure Blob Storage #3010

• New remote cache backend: S3 #2824 #3065

• BuildKit now supports Nydus compression type #2581

• OCI exporter now supports attribute tar=false to export OCI layout into a directory instead of downloading a tarball. #3162

• Setting multiple cache exporters for a single build is now supported #3024 #3271

• Cache exporters can now be configured to ignore exporting errors #3430

• Remote cache import/export to client-side local files now supports tag parameter for scoping cache #3111

• CNI network namespaces are now provisioned from a pool for increased performance #3107

• New Info service has been added to control API for asking BuildKit daemon's version #2725

• Gateway API now has a new Evaluate method to control the lazy solve behavior #3137

• Allow mounting secrets with empty contents #3081

• New RemoveMountStubsRecursive option has been added to LLB ExecOp to control the cleanup behavior of mounts. By default, empty mount stubs are now cleaned up recursively in new frontends. #3314

• LLB Image source now allows pulling partial layer chains from image #2795

• Allow hostname to be set by network provider (K8S_POD_NAME) #3044

• Improve handling and logging of API health checks #2998

• RegistryToken auth from Docker config is now allowed as authentication input #2868

• Image exporter with containerd worker now allows skipping adding image to containerd image store with store=false. If not set then images stored images are now guaranteed to be unlazied and unpacked. #2800

• buildctl now loads Github runtime environment when using GHA remote cache #2707

• Support for conflist when configuring CNI networking #3029

• Platform info has been added to the build result descriptor metadata #2993

• Allow sourcemaps to link single LLB vertex to multiple source locations #2859

• Support for SSH connection helper #2843

• Empty stub paths created by mount points when build container runs are now cleaned up and do not remain in the final image. #3307 #3149

• Improve performance on BoltDB commits #3261

• Indentation of some of the image manifests has been fixed to use double spaces #3259

• Fix caching checksum error on copying files with custom UID/GID #3295

• Fix cases where copy operation left behind nondeterministic timestamps for better support for reproducible builds #3298

• Fix SSH forwarding incompatibility with OpenSSH >= 8.9 #3274

• Stargz has been updated to v0.13.0 #3280

• Embedded QEMU emulators have been updated to v7.1.0 with new patches for path handling. #3386

• Fix unpacking images with no layers #3251

• Fix possible nil pointer exception in LLB bridge #3233 #3169 #3066

• Fix cleanup of containerd tasks if a start fails #3253

• Fix handling Windows paths in content checksums #3227

• Fix possible missing newline in progress output #3072

• Fix possible early EOF on SSH forwarding #3431

• Fix possible panic in concurrent OpenTelemetry access #3058

• Previously deprecated old cache options have been removed #2982

• Daemonless script has been updated to handle already stopped process #3005

• Fix closing session if shared by multiple clients #2995

• buildctl du command now supports JSON formatting #2992

• Registry push errors now show additional context #2981

• Improve default description of FileOp vertexes #2932

• Make sure progress from exporting is properly keyed on parallel requests #2953

• Terminal colors are now configurable #2954

• Build errors now always print stacktraces to daemon logs in debug mode #2903

Contributors

• Tõnis Tiigi
• Justin Chadwell
• CrazyMax
• Akihiro Suda
• Erik Sipsma
• Sebastiaan van Stijn
• Yan Song
• Kohei Tokunaga
• Alex Suraci
• Jonny Stoten
• Aaron Lehmann
• Avi Deitcher
• Bertrand Paquet
• Brian Goff
• Corey Larson
• Cory Bennett
• Cory Snider
• David Gageot
• Eng Zer Jun
• Fiona Klute
• Gabriel Adrian Samfira
• Petr Fedchenkov
• Pierre Fenoll
• Pranav Pandit
• Sascha Schwarze
• Sean P. Kane
• Steve Lohr
• Tianon Gravi
• Alex Couture-Beil
• Ce Gao
• Daniel Duvall
• Fred Cox
• Frank Yang
• Gahl Saraf
• Guilhem C
• Jacob Gillespie
• Jitender Kumar
• Jordan Goasdoue
• Julian Goede
• Luca Visentin
• Manu Gupta
• Marcus Comstedt
• Morlay
• Nick Santos
• Omer Duchovne
• Tom C
• a-palchikov

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.0 new
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 new
• github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 new
• github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 new
• github.com/AzureAD/microsoft-authentication-library-for-go v0.6.0 new
• github.com/Microsoft/go-winio v0.5.1 -> v0.5.2
• github.com/Microsoft/hcsshim v0.9.2 -> v0.9.6
• github.com/aws/aws-sdk-go-v2 v1.16.3 new
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1 new
• github.com/aws/aws-sdk-go-v2/config v1.15.5 new
• github.com/aws/aws-sdk-go-v2/credentials v1.12.0 new
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4 new
• github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.10 new
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 new
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.4 new
• github.com/aws/aws-sdk-go-v2/internal/ini v1.3.11 new
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.1 new
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.1 new
• github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.5 new
• **github.com/aws/aws-sdk-go-v2/service/in...

dockerfile/1.5.0-labs

Usage

# syntax=docker.io/docker/dockerfile:1.5.0-labs

Notable changes

• ADD command can now import files directly from Git URLs #2799 docs

• ADD command now supports --checksum flag to validate the contents of the remote URL contents. #3093 #3287 docs

dockerfile/1.5.0

Usage

# syntax=docker.io/docker/dockerfile:1.5.0

Notable changes

• Named contexts now support oci-layout:// protocol for including images from local OCI layout structure.

• Dockerfile now supports secondary requests for listing all build targets or printing outline of accepted parameters for a specific build target #3030 #2841

• Dockerfile #syntax directive that redirects to an external frontend image now allows the directive to be also set with // comments or JSON. The file may also contain a shebang header. #2937

• Named context can now be initialized with an empty scratch image #3130

• Named contexts can now be initialized with an SSH Git URL #2865

• Fix handling of ONBUILD when importing Schema1 images #3053

v0.11.0-rc4

Welcome to the 0.11.0-rc4 release of buildkit!
This is a pre-release of buildkit

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable changes

• Fix indentation in in-toto and traces #3423
• Possibility to control attestation filenames #3428
• Fix order of build steps in provenance #3428
• Update hermetic extension field in SLSA provenance #3428
• Fix possible early EOF on SSH forwarding #3431
• Allow ignoring cache-export errors #3430
• History API allows access to cache stats #3440
• Fix possible panic in concurrent OpenTelemetry access #3058
• Fix layer info generation for SBOMs #3422
• Fix possible error on attestations bigger than 4MB #3461
• Fix panic on generating provenance attestation for nil results #3462

Dependency Changes

• github.com/containerd/containerd v1.6.13 -> v1.6.14
• github.com/docker/cli v23.0.0-beta.1 -> v23.0.0-rc.1
• github.com/docker/docker v23.0.0-beta.1 -> v23.0.0-rc.1
• github.com/spdx/tools-golang 6fe9d226281a -> d6f58551be3f
• github.com/tonistiigi/fsutil 0127568185cf -> fb433841cbfa

v0.11.0-rc3

Welcome to the 0.11.0-rc3 release of buildkit!
This is a pre-release of buildkit

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable changes since RC2

• Filenames for local exporter SBOMs have been improved #3407

• Improve Dockerfile intermediate stage detection for SBOMs #3408

• Clean up some bogus fields in SBOMs #3410

• Allow --no-cache to be used for SBOM generation #3414

• Various fixes for provenance attestations #3413

• BuildKit release pipeline now creates SBOM and Provenance artifacts

v0.11.0-rc2

Welcome to the 0.11.0-rc2 release of buildkit!
This is a pre-release of buildkit

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable changes since RC1

• Build requests now support sending a Source policy definition. A policy can be used to deny access to specific sources (e.g. images or URLs) or only allow access to specific image namespaces. Policies can also be used to modify sources when they are requested by the build, for example, pin a tag requested by the build to a specific digest even if it has already changed in the registry. #3332

• Build History API has been updated with capabilities to access logs of already completed builds. Build records also keep OpenTelemetry traces, provenance attestations, and image manifests if they were created by the build. #3339

• Attestations are now available in Tar exporters #3289

• New RemoveMountStubsRecursive option has been added to LLB ExecOp to control the cleanup behavior of mounts. By default, empty mount stubs are now cleaned up recursively in new frontends. #3314

• Embedded QEMU emulators have been updated to v7.1.0 with new patches for path handling. #3386

• Fix platform constraint not passed with oci-layout:// #3397

• Fix cache export issue discovered in RC1 #3394

• Fix possible errors on SPDX parsing when adding layer information #3358 #3312

• The LLB protocol for requesting oci-layout:// sources has been changed since RC1 #3371

• The attestation protocol between Frontends and BuildKit daemon has been changed since RC1. The fronends from RC1 are not compatible with the latest BuildKit anymore. #3389 #3321 #3342

• Fix cache exporting progress record #3387

Dependency Changes

• github.com/containerd/cgroups v1.0.3 -> v1.0.4
• github.com/containerd/containerd v1.6.10 -> v1.6.11
• github.com/docker/cli v20.10.21 -> v23.0.0-beta.1
• github.com/docker/docker 99aa9bb766b5 -> v23.0.0-beta.1
• github.com/docker/docker-credential-helpers v0.6.4 -> v0.7.0
• github.com/gofrs/flock v0.7.3 -> v0.8.1
• github.com/spdx/tools-golang v0.3.0 -> 8a01147e6342
• golang.org/x/time 90d013bbcef8 -> v0.1.0
• google.golang.org/genproto c8bf987b8c21 -> 7780775163c4

Previous release can be found at v0.11.0-rc1

dockerfile/1.5.0-rc2-labs

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.5.0-rc2-labs

dockerfile/1.5.0-rc2

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.5.0-rc2