Merge pull request #1443 from crazy-max/update-dev-deps

update dev dependencies

.eslintignore

@@ -1,3 +0,0 @@
-/dist/**
-/coverage/**
-/node_modules/**

.eslintrc.json

@@ -1,24 +0,0 @@
-{
-  "env": {
-    "node": true,
-    "es6": true,
-    "jest": true
-  },
-  "extends": [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/eslint-recommended",
-    "plugin:@typescript-eslint/recommended",
-    "plugin:jest/recommended",
-    "plugin:prettier/recommended"
-  ],
-  "parser": "@typescript-eslint/parser",
-  "parserOptions": {
-    "ecmaVersion": 2023,
-    "sourceType": "module"
-  },
-  "plugins": [
-    "@typescript-eslint",
-    "jest",
-    "prettier"
-  ]
-}

.github/e2e/nexus/install.sh

@@ -76,6 +76,7 @@ until $(curl --output /dev/null --silent --head --fail "http://$NEXUS_HOST:$NEXU
   printf '.'
   sleep 5
 done
+echo "ready!"
 echo "::endgroup::"
 
 echo "::group::Change user's password"

.github/workflows/.e2e-run.yml

@@ -27,9 +27,9 @@ on:
         type: string
 
 env:
-  HARBOR_VERSION: v2.7.0
+  HARBOR_VERSION: v2.13.2
   NEXUS_VERSION: 3.47.1
-  DISTRIBUTION_VERSION: 2.8.1
+  DISTRIBUTION_VERSION: 3.0.0
 
 jobs:
   run:
@@ -38,6 +38,9 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          -
+            buildx_version: edge
+            buildkit_image: moby/buildkit:latest
           -
             buildx_version: latest
             buildkit_image: moby/buildkit:buildx-stable-1
@@ -47,7 +50,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up env
         if: inputs.type == 'local'
@@ -65,10 +68,11 @@ jobs:
         if: inputs.type == 'local'
         run: |
           if [ ! -e /etc/docker/daemon.json ]; then
-            echo '{}' | tee /etc/docker/daemon.json >/dev/null
+            echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
           fi
           DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
           sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
+          cat /etc/docker/daemon.json
           sudo service docker restart
       -
         name: Install ${{ inputs.name }}

.github/workflows/ci.yml

@@ -24,8 +24,8 @@ on:
   pull_request:
 
 env:
-  BUILDX_VERSION: latest
+  BUILDX_VERSION: edge
-  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
+  BUILDKIT_IMAGE: moby/buildkit:latest
 
 jobs:
   minimal:
@@ -33,7 +33,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -59,7 +59,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -108,7 +108,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -167,7 +167,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -216,7 +216,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Docker meta
         id: meta
@@ -272,7 +272,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Stop docker
         run: |
@@ -288,7 +288,6 @@ jobs:
       -
         name: Check
         run: |
-          echo "${{ toJson(steps.docker_build) }}"
           if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
             echo "::error::Should have failed"
             exit 1
@@ -299,7 +298,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -324,7 +323,6 @@ jobs:
       -
         name: Check
         run: |
-          echo "${{ toJson(steps.docker_build) }}"
           if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
             echo "::error::Should have failed"
             exit 1
@@ -340,7 +338,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Build
         id: docker_build
@@ -356,7 +354,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Build
         uses: ./
@@ -375,7 +373,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -398,7 +396,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker buildx
         uses: docker/setup-buildx-action@v3
@@ -423,7 +421,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -447,7 +445,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -469,7 +467,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -494,7 +492,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -517,7 +515,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -542,7 +540,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -567,6 +565,8 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - buildx: edge
+            buildkit: moby/buildkit:latest
           - buildx: latest
             buildkit: moby/buildkit:buildx-stable-1
           - buildx: latest
@@ -576,7 +576,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -619,7 +619,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -671,7 +671,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -723,7 +723,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -792,7 +792,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -862,7 +862,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -911,7 +911,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -952,7 +952,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -967,7 +967,7 @@ jobs:
           buildkitd-flags: --debug
       -
         name: Cache Build
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-local-test-${{ github.sha }}
@@ -1004,7 +1004,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Uninstall docker cli
         run: |
@@ -1033,7 +1033,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -1055,7 +1055,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -1089,7 +1089,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -1120,7 +1120,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set malformed docker config
         run: |
@@ -1147,7 +1147,7 @@ jobs:
           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set proxy config
         run: |
@@ -1184,7 +1184,7 @@ jobs:
           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -1215,7 +1215,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Docker meta
         id: meta
@@ -1265,7 +1265,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -1314,7 +1314,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -1350,7 +1350,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -1373,7 +1373,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -1396,7 +1396,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -1417,7 +1417,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -1446,7 +1446,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           path: action
       -
@@ -1464,18 +1464,48 @@ jobs:
         env:
           DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}
 
+  export-legacy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        legacy:
+          - false
+          - true
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v6
+        with:
+          path: action
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./action
+        with:
+          file: ./test/Dockerfile
+        env:
+          DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }}
+
   checks:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         buildx-version:
+          - edge
           - latest
           - v0.14.1
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -1495,7 +1525,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -1511,3 +1541,56 @@ jobs:
           file: ./test/lint.Dockerfile
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
+
+  call-check:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v6
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        id: docker_build
+        continue-on-error: true
+        uses: ./
+        with:
+          context: ./test
+          file: ./test/lint.Dockerfile
+          call: check
+      -
+        name: Check
+        run: |
+          if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
+            echo "::error::Should have failed"
+            exit 1
+          fi
+
+  no-default-attestations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v6
+        with:
+          path: action
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./action
+        with:
+          file: ./test/Dockerfile
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: 1

.github/workflows/e2e.yml

@@ -67,13 +67,6 @@ jobs:
             username_secret: GAR_USERNAME
             password_secret: GAR_JSON_KEY
             type: remote
-          -
-            name: Google Container Registry
-            registry: gcr.io
-            slug: gcr.io/sandbox-298914/test-docker-action
-            username_secret: GCR_USERNAME
-            password_secret: GCR_JSON_KEY
-            type: remote
           -
             name: Azure Container Registry
             registry: officialgithubactions.azurecr.io

.github/workflows/pr-assign-author.yml

@@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: publish
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v6
+      -
+        name: Publish
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -17,15 +17,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
         name: Test
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
+          source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
-          file: ./coverage/clover.xml
+          files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/validate.yml

@@ -15,16 +15,17 @@ jobs:
   prepare:
     runs-on: ubuntu-latest
     outputs:
-      targets: ${{ steps.targets.outputs.matrix }}
+      targets: ${{ steps.generate.outputs.targets }}
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       -
-        name: Targets matrix
+        name: List targets
-        id: targets
+        id: generate
-        run: |
+        uses: docker/bake-action/subaction/list-targets@v6
-          echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
+        with:
+          target: validate
 
   validate:
     runs-on: ubuntu-latest
@@ -35,11 +36,8 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
       -
         name: Validate
-        uses: docker/bake-action@v5
+        uses: docker/bake-action@v6
         with:
           targets: ${{ matrix.target }}

README.md

@@ -60,18 +60,18 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      -
-        name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
         uses: docker/build-push-action@v6
@@ -131,19 +131,19 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Set up QEMU
         uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      -
-        name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
         uses: docker/build-push-action@v6
@@ -162,6 +162,7 @@ jobs:
 * [Cache management](https://docs.docker.com/build/ci/github-actions/cache/)
 * [Export to Docker](https://docs.docker.com/build/ci/github-actions/export-docker/)
 * [Test before push](https://docs.docker.com/build/ci/github-actions/test-before-push/)
+* [Validating build configuration](https://docs.docker.com/build/ci/github-actions/checks/)
 * [Local registry](https://docs.docker.com/build/ci/github-actions/local-registry/)
 * [Share built image between jobs](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)
 * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
@@ -185,6 +186,19 @@ additional details about the build, including build stats, logs, outputs, and
 more. The build record can be imported to Docker Desktop for inspecting the
 build in greater detail.
 
+> [!WARNING]
+>
+> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
+> action in your workflow, you need to ignore the build record artifacts
+> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
+> otherwise the action will fail:
+> ```yaml
+> - uses: actions/download-artifact@v4
+>   with:
+>     pattern: "!*.dockerbuild"
+> ```
+> More info: https://github.com/actions/toolkit/pull/1874
+
 Summaries are enabled by default, but can be disabled with the
 `DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
 
@@ -220,6 +234,7 @@ The following inputs can be used as `step.with` keys:
 | `build-contexts`   | List        | List of additional [build contexts](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-context) (e.g., `name=path`)                                         |
 | `cache-from`       | List        | List of [external cache sources](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from) (e.g., `type=local,src=path/to/dir`)                              |
 | `cache-to`         | List        | List of [cache export destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-to) (e.g., `type=local,dest=path/to/dir`)                            |
+| `call`             | String      | Set [method for evaluating build](https://docs.docker.com/reference/cli/docker/buildx/build/#call) (e.g., `check`)                                                                |
 | `cgroup-parent`    | String      | Optional [parent cgroup](https://docs.docker.com/engine/reference/commandline/build/#use-a-custom-parent-cgroup---cgroup-parent) for the container used in the build              |
 | `context`          | String      | Build's context is the set of files located in the specified [`PATH` or `URL`](https://docs.docker.com/engine/reference/commandline/build/) (default [Git context](#git-context)) |
 | `file`             | String      | Path to the Dockerfile. (default `{context}/Dockerfile`)                                                                                                                          |
@@ -262,6 +277,7 @@ The following outputs are available:
 | `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
 | `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
 | `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
+| `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |
 
 ## Troubleshooting
 

TROUBLESHOOTING.md

@@ -4,7 +4,6 @@
   * [BuildKit container logs](#buildkit-container-logs)
   * [With containerd](#with-containerd)
 * [`repository name must be lowercase`](#repository-name-must-be-lowercase)
-* [Image not loaded](#image-not-loaded)
 
 ## Cannot push to a registry
 
@@ -136,29 +135,3 @@ Or a dedicated step to sanitize the slug:
     push: true
     tags: ${{ steps.repo_slug.outputs.result }}:latest
 ```
-
-## Image not loaded
-
-Sometimes when your workflows are heavy consumers of disk storage, it can happen that build-push-action declares that the built image is loaded, but then not found in the following workflow steps.
-
-- You can use the following solution as workaround, to free space on disk before building docker image using the following workflow step
-
-```yaml
-      # Free disk space
-      - name: Free Disk space
-        shell: bash
-        run: |
-          sudo rm -rf /usr/local/lib/android  # will release about 10 GB if you don't need Android
-          sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
-```
-
-- Another workaround can be to call `docker/setup-buildx-action` with docker driver
-
-```yaml
-name: Set up Docker Buildx
-uses: docker/setup-buildx-action@v3
-with:
-  driver: docker
-```
-
-More details in the [related issue](https://github.com/docker/build-push-action/issues/321)

__tests__/context.test.ts

@@ -1,4 +1,4 @@
-import {beforeEach, describe, expect, jest, test} from '@jest/globals';
+import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
 
@@ -68,6 +68,7 @@ jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<Bu
 });
 
 describe('getArgs', () => {
+  const originalEnv = process.env;
   beforeEach(() => {
     process.env = Object.keys(process.env).reduce((object, key) => {
       if (!key.startsWith('INPUT_')) {
@@ -76,6 +77,9 @@ describe('getArgs', () => {
       return object;
     }, {});
   });
+  afterEach(() => {
+    process.env = originalEnv;
+  });
 
   // prettier-ignore
   test.each([
@@ -93,7 +97,8 @@ describe('getArgs', () => {
         'build',
         '--iidfile', imageIDFilePath,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       1,
@@ -116,7 +121,8 @@ ccc"`],
         '--build-arg', `MULTILINE=aaaa\nbbbb\nccc`,
         '--iidfile', imageIDFilePath,
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       2,
@@ -134,7 +140,8 @@ ccc"`],
         '--tag', 'name/app:7.4',
         '--tag', 'name/app:latest',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       3,
@@ -154,7 +161,8 @@ ccc"`],
         '--label', 'org.opencontainers.image.description=concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit',
         '--output', 'type=local,dest=./release-out',
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       4,
@@ -171,7 +179,8 @@ ccc"`],
         'build',
         '--platform', 'linux/amd64,linux/arm64',
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       5,
@@ -187,7 +196,8 @@ ccc"`],
         'build',
         '--iidfile', imageIDFilePath,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       6,
@@ -205,7 +215,8 @@ ccc"`],
         '--iidfile', imageIDFilePath,
         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       7,
@@ -223,7 +234,8 @@ ccc"`],
         '--output', '.',
         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       8,
@@ -249,7 +261,8 @@ ccc"`],
         '--builder', 'builder-git-context-2',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       9,
@@ -286,7 +299,8 @@ ccc"`],
         '--builder', 'builder-git-context-2',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       10,
@@ -323,7 +337,8 @@ ccc`],
         '--builder', 'builder-git-context-2',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       11,
@@ -349,7 +364,8 @@ ccc`],
         '--network', 'host',
         '--push',
         'https://github.com/docker/build-push-action.git#refs/heads/master'
-      ]
+      ],
+      undefined
     ],
     [
       12,
@@ -369,7 +385,8 @@ ccc`],
         '--label', 'org.opencontainers.image.description=Reference implementation of operation "filter results (top-n)"',
         '--output', 'type=local,dest=./release-out',
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       13,
@@ -395,7 +412,8 @@ ccc`],
         '--network', 'host',
         '--push',
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       14,
@@ -425,7 +443,8 @@ nproc=3`],
         '--ulimit', 'nproc=3',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       15,
@@ -442,7 +461,8 @@ nproc=3`],
         '--iidfile', imageIDFilePath,
         '--metadata-file', metadataJson,
         'https://github.com/docker/build-push-action.git#refs/heads/master:docker'
-      ]
+      ],
+      undefined
     ],
     [
       16,
@@ -461,7 +481,8 @@ nproc=3`],
         '--secret', `id=GIT_AUTH_TOKEN,src=${tmpName}`,
         '--metadata-file', metadataJson,
         'https://github.com/docker/build-push-action.git#refs/heads/master:subdir'
-      ]
+      ],
+      undefined
     ],
     [
       17,
@@ -479,7 +500,8 @@ nproc=3`],
         '--iidfile', imageIDFilePath,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       18,
@@ -497,7 +519,8 @@ nproc=3`],
         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       19,
@@ -516,7 +539,8 @@ nproc=3`],
         '--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       20,
@@ -535,7 +559,8 @@ nproc=3`],
         '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       21,
@@ -554,7 +579,8 @@ nproc=3`],
         '--attest', 'type=provenance,disabled=true',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       22,
@@ -573,7 +599,8 @@ nproc=3`],
         '--attest', 'type=provenance,builder-id=foo',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       23,
@@ -592,7 +619,8 @@ nproc=3`],
         "--output", 'type=docker',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       24,
@@ -610,7 +638,8 @@ nproc=3`],
         '--load',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       25,
@@ -630,7 +659,8 @@ nproc=3`],
         '--load',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       26,
@@ -652,7 +682,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--load',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       27,
@@ -673,7 +704,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--load',
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       28,
@@ -693,7 +725,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       29,
@@ -717,7 +750,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       30,
@@ -737,7 +771,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       31,
@@ -758,7 +793,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--attest', `type=sbom,disabled=false`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       32,
@@ -778,7 +814,8 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
     ],
     [
       33,
@@ -797,11 +834,37 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
         '--metadata-file', metadataJson,
         '.'
-      ]
+      ],
+      undefined
+    ],
+    [
+      34,
+      '0.13.1',
+      new Map<string, string>([
+        ['context', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'build',
+        '--iidfile', imageIDFilePath,
+        '--metadata-file', metadataJson,
+        '.'
+      ],
+      new Map<string, string>([
+        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
+      ])
     ],
   ])(
     '[%d] given %p with %p as inputs, returns %p',
-    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+      if (envs) {
+        envs.forEach((value: string, name: string) => {
+          process.env[name] = value;
+        });
+      }
       inputs.forEach((value: string, name: string) => {
         setInput(name, value);
       });

action.yml

@@ -34,6 +34,9 @@ inputs:
   cache-to:
     description: "List of cache export destinations for buildx (e.g., user/app:cache, type=local,dest=path/to/dir)"
     required: false
+  call:
+    description: "Set method for evaluating build (e.g., check)"
+    required: false
   cgroup-parent:
     description: "Optional parent cgroup for the container used in the build"
     required: false

dist/licenses.txt

@@ -2358,9 +2358,6 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 
-dot-object
-MIT
-
 encoding
 MIT
 Copyright (c) 2012-2014 Andris Reinman
@@ -3691,9 +3688,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
-twirp-ts
-MIT
-
 undici
 MIT
 MIT License

docker-bake.hcl

@@ -1,3 +1,9 @@
+target "_common" {
+  args = {
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
 group "default" {
   targets = ["build"]
 }
@@ -11,42 +17,49 @@ group "validate" {
 }
 
 target "build" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-update"
   output = ["."]
 }
 
 target "build-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-validate"
   output = ["type=cacheonly"]
 }
 
 target "format" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "format-update"
   output = ["."]
 }
 
 target "lint" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "lint"
   output = ["type=cacheonly"]
 }
 
 target "vendor" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-validate"
   output = ["type=cacheonly"]
 }
 
 target "test" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]

eslint.config.js

@@ -0,0 +1,58 @@
+/* eslint-disable @typescript-eslint/no-require-imports */
+const {defineConfig, globalIgnores} = require('eslint/config');
+const {fixupConfigRules, fixupPluginRules} = require('@eslint/compat');
+const typescriptEslint = require('@typescript-eslint/eslint-plugin');
+const jestPlugin = require('eslint-plugin-jest');
+const prettier = require('eslint-plugin-prettier');
+const globals = require('globals');
+const tsParser = require('@typescript-eslint/parser');
+const js = require('@eslint/js');
+const {FlatCompat} = require('@eslint/eslintrc');
+
+// __dirname and __filename exist natively in CommonJS
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all
+});
+
+module.exports = defineConfig([
+  globalIgnores(['dist/**/*', 'coverage/**/*', 'node_modules/**/*']),
+  {
+    // prettier-ignore
+    extends: fixupConfigRules(
+      compat.extends(
+        'eslint:recommended',
+        'plugin:@typescript-eslint/eslint-recommended',
+        'plugin:@typescript-eslint/recommended',
+        'plugin:jest/recommended',
+        'plugin:prettier/recommended'
+      )
+    ),
+
+    plugins: {
+      '@typescript-eslint': fixupPluginRules(typescriptEslint),
+      jest: fixupPluginRules(jestPlugin),
+      prettier: fixupPluginRules(prettier)
+    },
+
+    languageOptions: {
+      globals: {
+        ...globals.node,
+        ...globals.jest
+      },
+      parser: tsParser,
+      ecmaVersion: 'latest',
+      sourceType: 'module'
+    },
+
+    rules: {
+      '@typescript-eslint/no-require-imports': [
+        'error',
+        {
+          allowAsImport: true
+        }
+      ]
+    }
+  }
+]);

jest.config.js

@@ -1,6 +1,7 @@
-import fs from 'fs';
+/* eslint-disable @typescript-eslint/no-require-imports */
-import os from 'os';
+const fs = require('fs');
-import path from 'path';
+const os = require('os');
+const path = require('path');
 
 const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-build-push-action-'));
 
@@ -9,9 +10,7 @@ process.env = Object.assign({}, process.env, {
   GITHUB_REPOSITORY: 'docker/build-push-action',
   RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
   RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
-}) as {
+});
-  [key: string]: string;
-};
 
 module.exports = {
   clearMocks: false,

package.json

@@ -26,23 +26,26 @@
   "license": "Apache-2.0",
   "packageManager": "yarn@3.6.3",
   "dependencies": {
-    "@actions/core": "^1.10.1",
+    "@actions/core": "^1.11.1",
-    "@docker/actions-toolkit": "0.39.0",
+    "@docker/actions-toolkit": "0.62.1",
     "handlebars": "^4.7.7"
   },
   "devDependencies": {
-    "@types/node": "^20.12.12",
+    "@eslint/compat": "^2.0.0",
-    "@typescript-eslint/eslint-plugin": "^7.9.0",
+    "@eslint/eslintrc": "^3.3.3",
-    "@typescript-eslint/parser": "^7.9.0",
+    "@eslint/js": "^9.39.2",
-    "@vercel/ncc": "^0.38.1",
+    "@types/node": "^20.19.27",
-    "eslint": "^8.57.0",
+    "@typescript-eslint/eslint-plugin": "^8.50.0",
-    "eslint-config-prettier": "^9.1.0",
+    "@typescript-eslint/parser": "^8.50.0",
-    "eslint-plugin-jest": "^28.5.0",
+    "@vercel/ncc": "^0.38.4",
-    "eslint-plugin-prettier": "^5.1.3",
+    "eslint": "^9.39.2",
-    "jest": "^29.7.0",
+    "eslint-config-prettier": "^10.1.8",
-    "prettier": "^3.2.5",
+    "eslint-plugin-jest": "^29.5.0",
-    "ts-jest": "^29.1.2",
+    "eslint-plugin-prettier": "^5.5.4",
+    "jest": "^30.2.0",
+    "prettier": "^3.7.4",
+    "ts-jest": "^29.4.6",
     "ts-node": "^10.9.2",
-    "typescript": "^5.4.5"
+    "typescript": "^5.9.3"
   }
 }

src/context.ts

@@ -17,6 +17,7 @@ export interface Inputs {
   builder: string;
   'cache-from': string[];
   'cache-to': string[];
+  call: string;
   'cgroup-parent': string;
   context: string;
   file: string;
@@ -53,6 +54,7 @@ export async function getInputs(): Promise<Inputs> {
     builder: core.getInput('builder'),
     'cache-from': Util.getInputList('cache-from', {ignoreComma: true}),
     'cache-to': Util.getInputList('cache-to', {ignoreComma: true}),
+    call: core.getInput('call'),
     'cgroup-parent': core.getInput('cgroup-parent'),
     context: core.getInput('context') || Context.gitContext(),
     file: core.getInput('file'),
@@ -79,25 +81,6 @@ export async function getInputs(): Promise<Inputs> {
   };
 }
 
-export function sanitizeInputs(inputs: Inputs) {
-  const res = {};
-  for (const key of Object.keys(inputs)) {
-    if (key === 'github-token') {
-      continue;
-    }
-    const value: string | string[] | boolean = inputs[key];
-    if (typeof value === 'boolean' && value === false) {
-      continue;
-    } else if (Array.isArray(value) && value.length === 0) {
-      continue;
-    } else if (!value) {
-      continue;
-    }
-    res[key] = value;
-  }
-  return res;
-}
-
 export async function getArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
   const context = handlebars.compile(inputs.context)({
     defaultContext: Context.gitContext()
@@ -115,9 +98,9 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
   await Util.asyncForEach(inputs['add-hosts'], async addHost => {
     args.push('--add-host', addHost);
   });
-  if (inputs.allow.length > 0) {
+  await Util.asyncForEach(inputs.allow, async allow => {
-    args.push('--allow', inputs.allow.join(','));
+    args.push('--allow', allow);
-  }
+  });
   if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
     await Util.asyncForEach(inputs.annotations, async annotation => {
       args.push('--annotation', annotation);
@@ -130,7 +113,12 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
   });
   if (await toolkit.buildx.versionSatisfies('>=0.8.0')) {
     await Util.asyncForEach(inputs['build-contexts'], async buildContext => {
-      args.push('--build-context', buildContext);
+      args.push(
+        '--build-context',
+        handlebars.compile(buildContext)({
+          defaultContext: Context.gitContext()
+        })
+      );
     });
   } else if (inputs['build-contexts'].length > 0) {
     core.warning("Build contexts are only supported by buildx >= 0.8.0; the input 'build-contexts' is ignored.");
@@ -141,6 +129,12 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
   await Util.asyncForEach(inputs['cache-to'], async cacheTo => {
     args.push('--cache-to', cacheTo);
   });
+  if (inputs.call) {
+    if (!(await toolkit.buildx.versionSatisfies('>=0.15.0'))) {
+      throw new Error(`Buildx >= 0.15.0 is required to use the call flag.`);
+    }
+    args.push('--call', inputs.call);
+  }
   if (inputs['cgroup-parent']) {
     args.push('--cgroup-parent', inputs['cgroup-parent']);
   }
@@ -251,7 +245,7 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
   if (inputs.provenance) {
     args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
     provenanceSet = true;
-  } else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
+  } else if (!hasAttestProvenance && !noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
     // if provenance not specified in provenance or attests inputs and BuildKit
     // version compatible for attestation, set default provenance. Also needs
     // to make sure user doesn't want to explicitly load the image to docker.
@@ -283,3 +277,10 @@ async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
 
   return args;
 }
+
+function noDefaultAttestations(): boolean {
+  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
+    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
+  }
+  return false;
+}

src/main.ts

@@ -24,8 +24,8 @@ actionsToolkit.run(
   async () => {
     const startedTime = new Date();
     const inputs: context.Inputs = await context.getInputs();
+    stateHelper.setSummaryInputs(inputs);
     core.debug(`inputs: ${JSON.stringify(inputs)}`);
-    stateHelper.setInputs(inputs);
 
     const toolkit = new Toolkit();
 
@@ -85,6 +85,8 @@ actionsToolkit.run(
     let builder: BuilderInfo;
     await core.group(`Builder info`, async () => {
       builder = await toolkit.builder.inspect(inputs.builder);
+      stateHelper.setBuilderDriver(builder.driver ?? '');
+      stateHelper.setBuilderEndpoint(builder.nodes?.[0]?.endpoint ?? '');
       core.info(JSON.stringify(builder, null, 2));
     });
 
@@ -104,8 +106,14 @@ actionsToolkit.run(
         [key: string]: string;
       }
     }).then(res => {
-      if (res.stderr.length > 0 && res.exitCode != 0) {
+      if (res.exitCode != 0) {
-        err = Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
+        if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
+          // checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
+          // take the first line with the message summaryzing the warnings
+          err = new Error(res.stdout.split('\n')[0]?.trim());
+        } else if (res.stderr.length > 0) {
+          err = new Error(`buildx failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
+        }
       }
     });
 
@@ -161,12 +169,12 @@ actionsToolkit.run(
     await core.group(`Check build summary support`, async () => {
       if (!buildSummaryEnabled()) {
         core.info('Build summary disabled');
+      } else if (inputs.call && inputs.call !== 'build') {
+        core.info(`Build summary skipped for ${inputs.call} subrequest`);
       } else if (GitHub.isGHES) {
         core.info('Build summary is not yet supported on GHES');
       } else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
         core.info('Build summary requires Buildx >= 0.13.0');
-      } else if (builder && builder.driver === 'cloud') {
-        core.info('Build summary is not yet supported with Docker Build Cloud');
       } else if (!ref) {
         core.info('Build summary requires a build reference');
       } else {
@@ -192,7 +200,8 @@ actionsToolkit.run(
 
           const buildxHistory = new BuildxHistory();
           const exportRes = await buildxHistory.export({
-            refs: stateHelper.buildRef ? [stateHelper.buildRef] : []
+            refs: stateHelper.buildRef ? [stateHelper.buildRef] : [],
+            useContainer: buildExportLegacy()
           });
           core.info(`Build record written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
 
@@ -208,7 +217,9 @@ actionsToolkit.run(
           await GitHub.writeBuildSummary({
             exportRes: exportRes,
             uploadRes: uploadRes,
-            inputs: stateHelper.inputs
+            inputs: stateHelper.summaryInputs,
+            driver: stateHelper.builderDriver,
+            endpoint: stateHelper.builderEndpoint
           });
         } catch (e) {
           core.warning(e.message);
@@ -217,7 +228,11 @@ actionsToolkit.run(
     }
     if (stateHelper.tmpDir.length > 0) {
       await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
+        try {
           fs.rmSync(stateHelper.tmpDir, {recursive: true});
+        } catch {
+          core.warning(`Failed to remove temp folder ${stateHelper.tmpDir}`);
+        }
       });
     }
   }
@@ -277,8 +292,15 @@ function buildRecordRetentionDays(): number | undefined {
   if (val) {
     const res = parseInt(val);
     if (isNaN(res)) {
-      throw Error(`Invalid build record retention days: ${val}`);
+      throw new Error(`Invalid build record retention days: ${val}`);
     }
     return res;
   }
 }
+
+function buildExportLegacy(): boolean {
+  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
+    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
+  }
+  return false;
+}

src/state-helper.ts

@@ -1,9 +1,15 @@
 import * as core from '@actions/core';
 
-import {Inputs, sanitizeInputs} from './context';
+import {Build} from '@docker/actions-toolkit/lib/buildx/build';
+
+import {Inputs} from './context';
 
 export const tmpDir = process.env['STATE_tmpDir'] || '';
-export const inputs = process.env['STATE_inputs'] ? JSON.parse(process.env['STATE_inputs']) : undefined;
+
+export const builderDriver = process.env['STATE_builderDriver'] || '';
+export const builderEndpoint = process.env['STATE_builderEndpoint'] || '';
+export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
+
 export const buildRef = process.env['STATE_buildRef'] || '';
 export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
 
@@ -11,8 +17,12 @@ export function setTmpDir(tmpDir: string) {
   core.saveState('tmpDir', tmpDir);
 }
 
-export function setInputs(inputs: Inputs) {
+export function setBuilderDriver(builderDriver: string) {
-  core.saveState('inputs', JSON.stringify(sanitizeInputs(inputs)));
+  core.saveState('builderDriver', builderDriver);
+}
+
+export function setBuilderEndpoint(builderEndpoint: string) {
+  core.saveState('builderEndpoint', builderEndpoint);
 }
 
 export function setBuildRef(buildRef: string) {
@@ -22,3 +32,39 @@ export function setBuildRef(buildRef: string) {
 export function setSummarySupported() {
   core.saveState('isSummarySupported', 'true');
 }
+
+export function setSummaryInputs(inputs: Inputs) {
+  const res = {};
+  for (const key of Object.keys(inputs)) {
+    if (key === 'github-token') {
+      continue;
+    }
+    const value: string | string[] | boolean = inputs[key];
+    if (typeof value === 'boolean' && !value) {
+      continue;
+    } else if (Array.isArray(value)) {
+      if (value.length === 0) {
+        continue;
+      } else if (key === 'secrets' && value.length > 0) {
+        const secretKeys: string[] = [];
+        for (const secret of value) {
+          try {
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+            const [skey, _] = Build.parseSecretKvp(secret, true);
+            secretKeys.push(skey);
+          } catch {
+            // ignore invalid secret
+          }
+        }
+        if (secretKeys.length > 0) {
+          res[key] = secretKeys;
+        }
+        continue;
+      }
+    } else if (!value) {
+      continue;
+    }
+    res[key] = value;
+  }
+  core.saveState('summaryInputs', JSON.stringify(res));
+}

test/multi-sudo.Dockerfile

@@ -1,5 +1,6 @@
 # syntax=docker/dockerfile:1
-FROM --platform=$BUILDPLATFORM golang:alpine AS build
+
+FROM --platform=$BUILDPLATFORM alpine AS build
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
@@ -12,7 +13,7 @@ RUN apk --update --no-cache add \
   && rm -rf /tmp/* /var/cache/apk/*
 
 USER buildx
-RUN sudo chown buildx. /log
+RUN sudo chown buildx: /log
 USER root
 
 FROM alpine