From 3dc492a0d3f04cfa4bea62c6a2b737a993949d77 Mon Sep 17 00:00:00 2001 From: tonistiigi <585223+tonistiigi@users.noreply.github.com> Date: Wed, 22 Jan 2025 23:14:27 +0000 Subject: [PATCH] vendor: github.com/docker/buildx v0.20.1 Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../docker/buildx/docs/bake-reference.md | 28 +++++++ _vendor/modules.txt | 2 +- data/buildx/docker_buildx_bake.yaml | 75 +++++++++++++++++++ go.mod | 4 +- go.sum | 2 + 5 files changed, 108 insertions(+), 3 deletions(-) diff --git a/_vendor/github.com/docker/buildx/docs/bake-reference.md b/_vendor/github.com/docker/buildx/docs/bake-reference.md index 192dded4fe6..d8fd5ecc301 100644 --- a/_vendor/github.com/docker/buildx/docs/bake-reference.md +++ b/_vendor/github.com/docker/buildx/docs/bake-reference.md @@ -221,8 +221,10 @@ The following table shows the complete list of attributes that you can assign to | [`attest`](#targetattest) | List | Build attestations | | [`cache-from`](#targetcache-from) | List | External cache sources | | [`cache-to`](#targetcache-to) | List | External cache destinations | +| [`call`](#targetcall) | String | Specify the frontend method to call for the target. | | [`context`](#targetcontext) | String | Set of files located in the specified path or URL | | [`contexts`](#targetcontexts) | Map | Additional build contexts | +| [`description`](#targetdescription) | String | Description of a target | | [`dockerfile-inline`](#targetdockerfile-inline) | String | Inline Dockerfile string | | [`dockerfile`](#targetdockerfile) | String | Dockerfile location | | [`inherits`](#targetinherits) | List | Inherit attributes from other targets | @@ -371,6 +373,13 @@ target "app" { } ``` +Supported values are: + +- `build` builds the target (default) +- `check`: evaluates [build checks](https://docs.docker.com/build/checks/) for the target +- `outline`: displays the target's build arguments and their default values if available +- `targets`: lists all Bake targets in the loaded definition, along with its [description](#targetdescription). + For more information about frontend methods, refer to the CLI reference for [`docker buildx build --call`](https://docs.docker.com/reference/cli/docker/buildx/build/#call). @@ -481,6 +490,25 @@ FROM baseapp RUN echo "Hello world" ``` +### `target.description` + +Defines a human-readable description for the target, clarifying its purpose or +functionality. + +```hcl +target "lint" { + description = "Runs golangci-lint to detect style errors" + args = { + GOLANGCI_LINT_VERSION = null + } + dockerfile = "lint.Dockerfile" +} +``` + +This attribute is useful when combined with the `docker buildx bake --list=targets` +option, providing a more informative output when listing the available build +targets in a Bake file. + ### `target.dockerfile-inline` Uses the string value as an inline Dockerfile for the build target. diff --git a/_vendor/modules.txt b/_vendor/modules.txt index 3a19633bb39..1a83022753c 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v27.5.0+incompatible # github.com/moby/buildkit v0.19.0 -# github.com/docker/buildx v0.20.0 +# github.com/docker/buildx v0.20.1 # github.com/docker/cli v27.5.0+incompatible # github.com/docker/compose/v2 v2.32.4 # github.com/docker/scout-cli v1.15.0 diff --git a/data/buildx/docker_buildx_bake.yaml b/data/buildx/docker_buildx_bake.yaml index 203d066a00a..14666cf341a 100644 --- a/data/buildx/docker_buildx_bake.yaml +++ b/data/buildx/docker_buildx_bake.yaml @@ -20,6 +20,7 @@ options: value_type: stringArray default_value: '[]' description: Allow build to access specified resources + details_url: '#allow' deprecated: false hidden: false experimental: false @@ -218,6 +219,80 @@ inherited_options: kubernetes: false swarm: false examples: |- + ### Allow extra privileged entitlement (--allow) {#allow} + + ```text + --allow=ENTITLEMENT[=VALUE] + ``` + + Entitlements are designed to provide controlled access to privileged + operations. By default, Buildx and BuildKit operates with restricted + permissions to protect users and their systems from unintended side effects or + security risks. The `--allow` flag explicitly grants access to additional + entitlements, making it clear when a build or bake operation requires elevated + privileges. + + In addition to BuildKit's `network.host` and `security.insecure` entitlements + (see [`docker buildx build --allow`](/reference/cli/docker/buildx/build/#allow), + Bake supports file system entitlements that grant granular control over file + system access. These are particularly useful when working with builds that need + access to files outside the default working directory. + + Bake supports the following filesystem entitlements: + + - `--allow fs=` - Grant read and write access to files outside of the + working directory. + - `--allow fs.read=` - Grant read access to files outside of the + working directory. + - `--allow fs.write=` - Grant write access to files outside of the + working directory. + + The `fs` entitlements take a path value (relative or absolute) to a directory + on the filesystem. Alternatively, you can pass a wildcard (`*`) to allow Bake + to access the entire filesystem. + + ### Example: fs.read + + Given the following Bake configuration, Bake would need to access the parent + directory, relative to the Bake file. + + ```hcl + target "app" { + context = "../src" + } + ``` + + Assuming `docker buildx bake app` is executed in the same directory as the + `docker-bake.hcl` file, you would need to explicitly allow Bake to read from + the `../src` directory. In this case, the following invocations all work: + + ```console + $ docker buildx bake --allow fs.read=* app + $ docker buildx bake --allow fs.read=../src app + $ docker buildx bake --allow fs=* app + ``` + + ### Example: fs.write + + The following `docker-bake.hcl` file requires write access to the `/tmp` + directory. + + ```hcl + target "app" { + output = "/tmp" + } + ``` + + Assuming `docker buildx bake app` is executed outside of the `/tmp` directory, + you would need to allow the `fs.write` entitlement, either by specifying the + path or using a wildcard: + + ```console + $ docker buildx bake --allow fs=/tmp app + $ docker buildx bake --allow fs.write=/tmp app + $ docker buildx bake --allow fs.write=* app + ``` + ### Override the configured builder instance (--builder) {#builder} Same as [`buildx --builder`](/reference/cli/docker/buildx/#builder). diff --git a/go.mod b/go.mod index 500a6b9e9f2..595dcbb688b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/docker/docs go 1.23.1 require ( - github.com/docker/buildx v0.20.0 // indirect + github.com/docker/buildx v0.20.1 // indirect github.com/docker/cli v27.5.0+incompatible // indirect github.com/docker/compose/v2 v2.32.4 // indirect github.com/docker/scout-cli v1.15.0 // indirect @@ -12,7 +12,7 @@ require ( ) replace ( - github.com/docker/buildx => github.com/docker/buildx v0.20.0 + github.com/docker/buildx => github.com/docker/buildx v0.20.1 github.com/docker/cli => github.com/docker/cli v27.5.0+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.32.4 github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0 diff --git a/go.sum b/go.sum index ba47eca2db1..76a15346c1e 100644 --- a/go.sum +++ b/go.sum @@ -90,6 +90,8 @@ github.com/docker/buildx v0.19.2 h1:2zXzgP2liQKgQ5BiOqMc+wz7hfWgAIMWw5MR6QDG++I= github.com/docker/buildx v0.19.2/go.mod h1:k4WP+XmGRYL0a7l4RZAI2TqpwhuAuSQ5U/rosRgFmAA= github.com/docker/buildx v0.20.0 h1:XM2EvwEfohbxLPAheVm03biNHpspB/dA6U9F0c6yJsI= github.com/docker/buildx v0.20.0/go.mod h1:VVi4Nvo4jd/IkRvwyExbIyW7u82fivK61MRx5I0oKic= +github.com/docker/buildx v0.20.1 h1:q88EfoYwrWEKVqNb9stOFq8fUlFp/OPlDcFE+QUYZBM= +github.com/docker/buildx v0.20.1/go.mod h1:VVi4Nvo4jd/IkRvwyExbIyW7u82fivK61MRx5I0oKic= github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM= github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw=