commit 0dfc33ad3607cdc07a2becb4528b718c60810f1e003b69f30d584d7d671c3fa5 Author: Dan Čermák Date: Tue Dec 3 11:46:20 2024 +0000 Update to version 0.18.0 OBS-URL: https://build.opensuse.org/package/show/devel:microos/buildkit?expand=0&rev=21 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..0c5f177 --- /dev/null +++ b/_service @@ -0,0 +1,19 @@ + + + https://github.com/moby/buildkit.git + git + buildkit + v0.18.0 + enable + v(.*) + + + + + *.tar + zst + + + zst + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..6914aab --- /dev/null +++ b/_servicedata @@ -0,0 +1,6 @@ + + + https://github.com/moby/buildkit.git + 38a47dbbc69d4640a052a662611aece3427164c0 + + \ No newline at end of file diff --git a/buildkit-0.13.1.tar.zst b/buildkit-0.13.1.tar.zst new file mode 100644 index 0000000..16d53d4 --- /dev/null +++ b/buildkit-0.13.1.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d4b2fc75f19afca9b8a146e1f05b8fdbfb9832f7253e4087dd0a5c5e8fe1dc92 +size 6220456 diff --git a/buildkit-0.15.2.tar.zst b/buildkit-0.15.2.tar.zst new file mode 100644 index 0000000..e3e6a7d --- /dev/null +++ b/buildkit-0.15.2.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6161b1c6bed81b65103e42b96c5327da8153c775ea89e1aab4c4d736a12fb565 +size 6214374 diff --git a/buildkit-0.16.0.obscpio b/buildkit-0.16.0.obscpio new file mode 100644 index 0000000..c5fdd08 --- /dev/null +++ b/buildkit-0.16.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9aa04e63b3735624b38989b1a7a994fab66d05689f399cbd276f0c2d9ab55aaf +size 49309709 diff --git a/buildkit-0.17.1.obscpio b/buildkit-0.17.1.obscpio new file mode 100644 index 0000000..88ed381 --- /dev/null +++ b/buildkit-0.17.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3890cc79f1e2d8e4b5eeab0dd89f7caf38f992732b4719313c7a06ae1530072d +size 50448909 diff --git a/buildkit-0.17.2.obscpio b/buildkit-0.17.2.obscpio new file mode 100644 index 0000000..9a9bd67 --- /dev/null +++ b/buildkit-0.17.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7efea29b5230284afe86b4030e7221af521bc38ed058fd9b8b1fecfb85fc16d1 +size 50391565 diff --git a/buildkit-0.18.0.obscpio b/buildkit-0.18.0.obscpio new file mode 100644 index 0000000..aca1751 --- /dev/null +++ b/buildkit-0.18.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f42315c0d16965c01352f39dbf84784e354bee16022bb96b22cba045593af3ae +size 50392077 diff --git a/buildkit.changes b/buildkit.changes new file mode 100644 index 0000000..223fa73 --- /dev/null +++ b/buildkit.changes @@ -0,0 +1,1854 @@ +------------------------------------------------------------------- +Tue Dec 03 09:04:16 UTC 2024 - madhankumar.chellamuthu@suse.com + +- Update to version 0.18.0: + * ci: use edge releases of buildx + * docs: add --checksum only supports sha256 + * tests: frontend/dockerfile: update integration tests for windows/wcow - [x] `testCopyThroughSymlinkContext` - [x] `testIgnoreEntrypoint` - [x] `testQuotedMetaArgs` - [x] `testDockerfileCheckHostname` - [x] `testEmptyStages` - [x] `testNamedImageContextScratch` - [x] `testNamedImageContextPlatform` + +------------------------------------------------------------------- +Tue Nov 26 06:14:13 UTC 2024 - madhankumar.chellamuthu@suse.com + +- Update to version 0.17.2: + * Use view transaction for metadata read + * http: fix etag cache scoping + * ci: test sandbox build with multiple platforms + * dockerfile: use lld linker for containerd build + * dockerd: skip content check with containerd snapshotter + * vendor: update containerd to v1.7.24 + * vendor: update github.com/tonistiigi/fsutil to 31cf1f437184 + * Remove pre-Go 1.17 build tags + * solver: release unreferenced cache keys after gc + * improve stacks of cancels from defers + * util/system: remove Atime implementation for containerd/continuity/fs + * vendor: github.com/containerd/continuity v0.4.5 + * vendor: github.com/docker/cli v27.4.0-rc.2 + * vendor: github.com/docker/docker v27.4.0-rc.2 + * dockerfile: update runc binary to 1.2.2 + * vendor: github.com/tonistiigi/go-actions-cache@v0.0.0-20241108014124-394979b8119e + * vendor: update grpc to v1.66.3 + * docs: remove duplicate parser directives bullet list + * tests: add `testDockerfileFromHTTP` for WCOW + * protobuf: fix casing of json attributes with the switch from gogo + * history: handle gracefulstop when history is active + * contenthash: don't delete records when a directory is only modified + * build(deps): bump codecov/codecov-action from 4 to 5 + * gateway: ensure llb digests are deterministic when sent by frontends + * detect: use newer semconv for resource and add unit test + * Dockerfile: update containerd binary to v2.0.0 + * client: improve releasable condition in tests + * testutil: use containerd config version 2 + * fix gc after delete history records + * Bump typeurl to 2.2.3 + * fix leaving unreleased references behind after SBOM generation + * build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 + * dockerfile: fix duplicate keys for same arg in history line + * detect: sever semconv relationship to otel sdk + * dockerfile: add delve to binaries-for-test + +------------------------------------------------------------------- +Tue Nov 12 06:11:35 UTC 2024 - madhankumar.chellamuthu@suse.com + +- Update to version 0.17.1: + * Dockerfile: add a comment about runc v1.2 + * Revert "Dockerfile: update runc binary to 1.2.1" + * ci: enable archutil-arm64 job + * dockerfile: update delve to v1.23.1 + * dockerfile: missing updates of xx to 1.5.0 + * update to go 1.23 + * dockerfile: fix running onbuild rules from inherited stages + * hack: update protolint + * hack: update gopls to 0.26 + * Add test for `IsCommitSHA` function + * vendor: update hcsshim to v0.12.8 + * build(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 + * util/tracing: switch to semconv v0.21.0 + * docs(dockerfile): BuildKit does not discard Volume edits + +------------------------------------------------------------------- +Tue Nov 05 06:13:51 UTC 2024 - madhankumar.chellamuthu@suse.com + +- Update to version 0.17.0: + * Dockerfile: update runc binary to 1.2.1 + * docs: fix double parens in internal link + * chore: regenerate dockerfile rules documentation + * Dockerfile: use folded block for rule description in docs front matter + * tests: client: set up for wcow integration tests + * docs: remove older warning format + * docs: s/parent image/base image/ + * pb: regenerate protobuf + * vendor: revert containerd 1.7.23 because errdefs changes incompatible + * Dockerfile: update xx to v1.5.0 + * vendor: update compress to v1.17.11 + * vendor: update cli to v1.22.16 + * vendor: update azidentity to v1.6.0 + * vendor: update hcsshim to v0.12.5 + * Dockerfile: update runc to v1.1.15 + * vendor: update containerd to v1.7.23 + * Dockerfile: update containerd to v1.7.23 + * vendor: update fsutil to 397af530 + * docs: update undefined var check reference + * docs: add buildkitd.toml docs new gc options + * ociindex: allow readonly access + * docs: add workarounds for JSONArgsRecommended check + * git: fix caching git commit through multiple refs + * Add labs reference for ADD --exclude + * Add/fix references to labs dockerfile version + * git: allow cloning commit shas not referenced by branch/tag + * filesync: reuse data buffer for diffcopy + * git: export gitutil helper for identifying commit shas + * chore: add disk stat error wrapping + * dockerfile: expose TARGETSTAGE as builtin argument + * Update ARG, ENV and LABEL reference definitions to clarify that first KV-pairs are required but additional ones are optional + * authprovider: add OTEL spans for loading credentials + * tracing: enable OTEL on authprovider requests + * docs: add front matter title to attestation docs + * update arg syntax ref + * vendor: golang.org/x/net v0.29.0 + * vendor: golang.org/x/crypto v0.27.0 + * vendor: golang.org/x/sys v0.25.0 + * make sure that is the latest version that is picked + * Dockerfile: update rootlesskit binary to 2.3.1 + * fix: set h2 protocol identifier to comply with TLS-ALPN + * sets the InvalidDefinitionDescription check to be experimental + * fixes for dockerfile checks + * Revert "dockerfile: pin dockerfile frontend image" + * Refactor various rulecheck related code to properly handle env vars. after EnvGetter refactoring + * add an allow list for secret lint check and add public to said list + * Dockerfile: update containerd binary to v1.7.22,v1.6.36 + * grpcclient: return proper nil reference from grpcclient + * fix merge conflict in generated proto + * llb: use buildkit user-agent for HTTP source + * solver: simplify edge-related functions in the solver + * docs: add note about check with errors + * remove the directive from the comments in the AST + * Add rule for arg / stage name comment descriptions + * fix: compute total cache usage on any new cache policy opt + * cache: rename new prune/gc control fields + * add capability to detect if new storage filters are supported + * update default and basic gc control to use free and max storage + * http: avoid possible digest mismatch error + * protobuf: add vtproto as a supplemental marshaler + * worker/containerd: NewWorkerOpt: remove workaround for named pipes + * dockerfile: set error location for ONBUILD errors + * dockerfile: mark commands invoked from ONBUILD with prefix + * dockerfile: fix command count after new commands from ONBUILD + * protobuf: normalize how protobuf files are generated + * dockerfile: add support for non-octal COPY --chmod in labs + * vendor: go.etcd.io/bbolt v1.3.11 + * docs: fix incorrect information about arg scoping + * tests: skip TestContextChangeDirToFile on Windows + * llb: deterministic marshaling for protobuf and store results from multiple constraints + * docs: remove `from` limitation for onbuild + * history: remove records without attached blobs at startup + * fix: lint ci issue + * client: allow non-octal chmod config for fileop.copy + * vendor: github.com/docker/cli v27.3.1 + * vendor: github.com/docker/docker v27.3.1 + * vendor: github.com/moby/sys/sequential v0.6.0 + * vendor: github.com/moby/sys/mount v0.3.4 + * vendor: golang.org/x/net v0.28.0 + * vendor: golang.org/x/crypto v0.26.0, golang.org/x/text v0.17.0 + * vendor: golang.org/x/time v0.6.0 + * vendor: golang.org/x/sys v0.24.0 + * vendor: github.com/containerd/containerd v1.7.22 + * frontend/dockerfile: BFlags.Parse: include flag with "--" prefix in errors + * docs: update "read more" link for dockerfile examples + * chore: return an error when AppArmor is unsupported and profile specifie + * Added way to configure SBOM scanner + * frontend/dockerfile: BFlags.Parse: return earlier on "--" terminator + * util/archutil: re-generate to fix validation for mips64 + * llbsolver: add input validation to policy recompute + * dockerfile: pin dockerfile frontend image + * protobuf: remove gogoproto + * protobuf: add marshaling benchmarks for some protobuf messages + * Fix WCOW COPY --from failure in multistage builds on Windows + * chore: use a better root for computing free disk space + * config: allow configuring free gc policies + * dockerfile: add support for ONBUILD in combination to from + * dockerfile: update args definitions to llb.EnvList + +------------------------------------------------------------------- +Wed Sep 25 09:10:41 UTC 2024 - danish.prakash@suse.com + +- _service: + * rely on version and not `PARENT_TAG` versionformat. + By default, `PARENT_TAG` instructs git to use the first tag found for + the revision. This causes issues when there are multiple tags for the + same revision (ref/*) because git ends up choosing an incorrect tag. + * switch to `obs_scm` +- Update to version 0.16.0: + * ci: switch to ubuntu runner for freebsd job + * debug: add trace flight recorder + * Updated tests in frontend/dockerfile/dockerfile_test.go to run on Windows. + * docs: windows: add a note about ContainerUser limited permissions + * solver: move scheduler debug statements to their own functions + * Sort errors alphabetically by detail if line number is the same when comparing tests + * exec: allow specifying non-zero exit codes for execs + * Add stub implementations to make buildkitd build for Darwin + * dockerfile: mask usage of secret env in command name + * solver: fix possible panic from error handler + * frontend/dockerfile/docs: add $ in mount env example + * docs: fix broken link to dockerfile reference + * solver: pipe implementation utilizes generics for better typing + * ci: Fix govulncheck permissions, it needs at least content read to be able to checkout the repository. + * readme: add r2d4/llb frontend and dacc project + * util/resolver: ignore invalid (empty) scope + * tests: frontend/dockerfile: add dockerfile lint tests for WCOW + * vendor: github.com/docker/docker v27.2.1 + * vendor: github.com/docker/docker v27.2.1 + * tests: add more integration tests for windows/wcow + * fix windows area label when modifications are under the vendor folder + * bklog: always enable trace id if it exists + * hack: update golangci-lint to 1.61 + * vendor: update grpc to v1.62.0 + * exec: fix pruning cache mounts with parent ref on no-cache + * execlude vendor directory from windows label + * hack: do not cache rootless stage on release + * vendor: github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c + * vendor: github.com/containerd/containerd v1.7.21 + * docs: run mount secret env dockerfile example + * Dockerfile: update containerd binary to v1.7.21 + * Dockerfile: update runc binary to 1.1.14 + * chore: update AUTHORS and mailmap + * add SourceInfoMap callback to LintResults.PrintErrorTo params + * docs: use front matter title in buildkitd.toml doc + * vendor: github.com/moby/sys/mountinfo v0.7.2 + * docs: update reference docs for `check` directive + * vendor: github.com/moby/sys/signal v0.7.1 + * docs: add min dockerfile version for flags + * vendor: github.com/containerd/typeurl/v2 v2.2.0 + * vendor: github.com/docker/docker v27.2.0 + * Update rule check print to include path to dockerfile relative to context + * Parallel layer upload for s3 cache + * Cleanup Linux-isms in code + * Updated tests in frontend/dockerfile/dockerfile_provenance_test.go to run on Windows. Partially addressing #4485 + * README.md: Add DevZero as consuming project + * Fix #4885: Use multipart upload instead of CopyObject for touching file > 5GB + * Update docs to clarify in the shell-form section that heredocs apply only to supported commands + * check command casing after parsing the ast + * Implements frontend side of #2122. + * docs: use gh alert syntax for callouts + * executor: detect containers killed by OOMKiller + * docs: fix instruction name (s/ADD/COPY/) + * remotecache: handle not implemented error for Info() + * refactor lint printing functionality + * ci: update golangci-lint to v1.60.1 + * tests: frontend/dockerfile: more windows/wcow tests (pt.2) + * uploadprovider: allow closing used sources + * chore: set pb.Empty on ssh and secret mounts + * errdefs: mark ENOMEM & ENOSPC with ResourceExhausted code + * errdefs: detect certain sycall errors as internal + * exec: fix incorrect deps computation for special mounts + * ci: enable validating all Dockerfiles + * Dockerfile: check .git directory available in build context + * dockerfile: add missing mount completions + * docs: clarify valid from targets for run --mount + * In host networking mode, unconditionally use "/etc/resolv.conf" + * Add note in generated docs indicating experimental rule checks + * docs: list supported algorithms for ADD --checksum + * hack: ensure SARIF output has results field defined for govulncheck + * expand globs for area/project in auto PR labeler + * ci: update scout to 1.13.0 + * ci: print scout result + * dockerfile: update containerd to v1.7.20 + * migrate to github.com/moby/sys/userns + * ci: apply no-cache-filter for master tags + * ci: missing tags to be scanned with scout + * hack: fix no-cache-filter on release + * ci: generate annotations on PR, not just push + * ci: generate annotations on PR, not just push + * docs: dockerfile chmod variable interpolation + * docs: replace `and` with `or` + * implement experimental rule checks + * docs: emphasize the fact that secrets aren't saved in cache + * docs: mention `dst` and `destination` options too + * vendor: github.com/containerd/nydus-snapshotter v0.14.0 + * vendor: github.com/containerd/nydus-snapshotter v0.13.14 + * vendor: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 + * govulncheck to report known vulnerabilities + * chore(labeler): fix area/storage filter + * chore(labeler): update area/hack filter + * chore(labeler): align syntax + * ci: add OCI image annotations to Dockerfile frontend images + * ci: sync labels when files are reverted or no longer changed with labeler + * snapshot/containerd: fix wrong errdefs package import + * test: enabling integration tests on windows + * db: move DB dependencies to transactor interface + * ci: scan images with docker scout + * migrate to github.com/moby/sys/user/userns + * dockerfile: use ADD for fetching sources + * vendor: github.com/moby/sys/user v0.2.0 + * vendor: github.com/docker/docker v27.1.1 + * vendor: github.com/docker/docker v27.1.1 + * Check the validity of the chmod option arguments for COPY and ADD + * Add environment replacement support for chmod option + * ci: add OCI image annotations to docker images + * introduce PR labeler GHA workflow and configuration + * dockerfile: test support for custom sessionID for locals + * otel: add wrapping "resolving" spans for ResolveImageConfig + * vendor: bump github.com/gofrs/flock to v0.12.1 + * llbsolver: avoid nil releaser on error + * stack: compress shared stacks for clearer output + * ops: improve error messages from fileop + * executor: rebase the path of submount error + * executor: ensure deeper stacktraces for system errors + * vendor: github.com/docker/cli v27.1.0 + * vendor: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 + * vendor: google.golang.org/grpc v1.60.1 + * vendor: github.com/docker/docker v27.1.0 + * vendor: github.com/containerd/containerd v1.7.20 + * vendor: google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 + * dockerui: allow passing sessionID for specific local source + * session: remove session name property + * errors: remove usage of errors.Cause + * build(deps): bump softprops/action-gh-release from 2.0.7 to 2.0.8 + * history api: save number of warnings to build record + * build(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.7 + * solver: mark history and graph concistency errors as internal + * lint: finish up testifylint + * Check invalid environment replacement form like ${VAR:%} + * Pass cache imports from solve ptions to solve request + +------------------------------------------------------------------- +Fri Aug 23 10:24:14 UTC 2024 - dcermak@suse.com + +- Update to version 0.15.2: + * remotecache: handle not implemented error for Info() + * chore: set pb.Empty on ssh and secret mounts + * exec: fix incorrect deps computation for special mounts + * snapshot/containerd: fix wrong errdefs package import + * vendor: bump github.com/gofrs/flock to v0.12.1 + * llbsolver: avoid nil releaser on error + * Adds a rule check for copying files which match the .dockerignore patterns + * dockerfile: avoid frontend panic when no stages defined + * vendor: update go-csvvalue to ddb21b71 + * checks: add check for constant in from platform flag + * llbsolver: fix possible early delete of external error + * testutil: fix call order in already-exists check + * testutil: improve initializing mirrors + * docs: add a multi-line ENV example + * docs: rewrite copy/add instruction reference + * llbsolver: make sure stoptrace called on bolt error + * ci(docs-upstream): missing path for frontend rules docs + * docs: fix broken link in lint docs after rule rename + * adds InvalidDefaultArgInFrom lint check + * Generate dockerfile documentation after updating SecretsUsedInArgOrEnv rule description + * update format string for SecretsUsedInArgOrEnv rule check + * Update frontend/dockerfile/linter/ruleset.go + * Update frontend/dockerfile/docs/rules/secrets-used-in-arg-or-env.md + * vendor: patch updates for some direct dependencies + * vendor: bump github.com/hashicorp/golang-lru/v2 to v2.0.7 + * update CNI to v1.5.1 + * vendor: bump github.com/gofrs/flock to v0.12.0 + * git: add file mode verification to tests + * git: ensure exec option is propagated to child git clis + * bboltcachestorage: only delete link after releasing result + * Add documentation for SecretsUsedInArgOrEnv rule + * switch to github.com/containerd/platforms module + * vendor: github.com/containerd/containerd v1.7.19 + * vendor: github.com/microsoft/hcsshim v0.11.7 + * golangci: forbid uses of platforms.DefaultString() + * golangci: sort forbid rules + * update containerd binary to v1.7.19 + * Always return non-nil contexts + * docs: dockerfile-reference: fix links + * solver: include vertex Description in OpError + * Replace manual loop looking for secret related tokens with regex + * Add check rule that looks at keynames in arg and env and checks for common secret names + * solver: allow finalizing history record traces + * llbsolver: move typed error to own blob in history + * fix incorrect usage of json.NewDecoder + * dockerfile: fix invalid usage of json.NewDecoder + * executor: fix cancellation before start signal + * vendor: docker/docker, docker/cli v27.0.3 + * Update integration test for checking empty dockerfile arg behavior and move from linting tests + * Adds a test that checks to ensure that empty arg is passed to env + * linter: add redundant target platform check + * vendor: docker/docker, docker/cli v27.0.2 + * Adds a deprecated flag to linter rules + * ociLayoutResolver.info: remove use of reference.SplitObject + * docs: use json args in multiple instructions example + * fix: dot path normalized correctly for COPY + * Fix typo in FromAsCasing docs + * vendor: docker/docker and docker/cli v27.0.1 + * vendor: github.com/containerd/ttrpc v1.2.5 + * vendor: github.com/docker/docker-credential-helpers v0.8.2 + * vendor: github.com/google/uuid v1.6.0 + * vendor: github.com/opencontainers/runtime-spec v1.2.0 + * Refactor containerd `NewWorkerOpt` & containerdexecutor `New` parameters + * Disallow `ADD --checksum= ` + * build(deps): bump github.com/hashicorp/go-retryablehttp + * chore: fix dockerfile linting issues for rootless image + * Move parseLintOptions into linter package + * git: fix pulling commit SHA only referenced from a tag + * vendor: add go-csvvalue for more efficient CSV parsing + * llb: convert envlist from slice to linked list + * dockerfile: update env replacement efficiency + * instructions: avoid allocating memory and processing location for nil + * parser: optimize memory allocation for command word parsing + * parser: optimize memory usage on env processing + * shell: avoid allocating scanner for each shellword + * parser: avoid excessive memory usage and bogus type conversions + * parser: avoid expensive heredocs evaluations early + * parser: avoid creating temp error string + * parser: remove bogus string byteslice conversion + * parser: remove regexp for comment matching + * parser: avoid reallocating memory per rune on parsing flags + * contenthash: add test using counter metric in scanPath + * contenthash: add tests to check needsScan's correctness + * contenthash: improve the correctness of needsScan + * archutil: update riscv64 to unblock CI + * archutil: fix build for arm64 + * archutil: update riscv64 binary + * dockerfile: deduplicate and cache config resolve requests + * dockerfile: clarify that checksum works with HTTPS + * build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 + * refactor: split runtime options definions by OS + * ci: set gha cache repository and token + * Update Go to 1.22 + * vendor: update klauspost/compress to v1.17.9 + * vendor: update testify to 1.9.0 + * vendor: update simplelru to v2 + * vendor: update immutable-radix to v2 + * shell: handle empty string for var replacements + * build(deps): bump docker/bake-action from 4 to 5 + * build(deps): bump docker/build-push-action from 5 to 6 + * Initialize build args from stage base + * Updates lint output to print detail instead of description + * Consolidate instruction casing lint rules + * In case where build arg exists with nil value, count as unmatched arg + * Fix method Dockefile2Outline to Dockerfile2Outline + * util/resolver: Make httpFallback concurrent safe + * containerd: add option to set parent cgroup + * identity: remove pkg/errors + * update rootlesskit to v2.0.2 + * update runc binary to v1.1.13 + * Adds 'WARNING' prefix to the rule check output and update lint subrequest to return a status of 1 if an error occurred + * Dockerfile: update delve to v1.22.1 + * Dockerfile: update CNI to 1.5.0 + * ensure context.WithoutCancel in defer funcs + * simplify with maps pkg functions + * simplify to use slices.Reverse + * remove deprecated seed calls + * dockerui: use CachedGroup in dockerui context resolve + * llb: rewrite llb.Async with CachedGroup + * flightcontrol: add cached group support + * history: fix empty Exporters attribute + * ci: switch to ubuntu-24.04 runner + * ci: enable disable_file_fixes in codecov action + * lint: more testifylint fixes + * minor lint formatting cleanups + * dockerfile: fix lint rules links in index + * wip: tar and local exporter running with privileges + * flightcontrol: protect contention timeouts + * Fix content not found with `push=true,rewrite-timestamp=true` + * vendor: github.com/distribution/reference v0.6.0 + * vendor: go.etcd.io/bbolt v1.3.10 + * lint: add doc for UndefinedArgInFrom + * lint: update descriptions, test and re-generate docs + * lint: InvalidBaseImagePlatform does not need specific docs + * lint: add alias to doc rule frontmatter + * lint: generate _index.md docs + * lint: add/generate docs for build rules + * dockerfile: generate lint rules documentation + * dockerfile: only report legacy key/value format when stage is reachable + * Update lintTestParams to allow for different numbers of warnings between progress and unmarshal test types + * dockerfile: default linter to run on all stages by default + * contenthash: add tests for non-lexical symlinks + * contenthash: unify "follow" and trailing-symlink handling for Checksum + * contenthash: implement proper Linux symlink semantics for needsScan + * contenthash: implement proper Linux symlink semantics for getFollowLinks + * contenthash: switch recursive rootPath implementation to be iterative + * llbsolver: add more otel spans for export and history + * vendor: docker/docker, docker/cli v26.1.4 + * vendor: golang.org/x/mod v0.17.0 + * dockerfile/linter: check for nil linter in linter functions + * Dockerfile: update containerd binary to v1.7.18, v1.6.33 + * vendor: github.com/containerd/containerd v1.7.18 + * Adds the rulename to the output of the PrintLintViolations function + * dockerfile: make sure stage is reachable before validating base + * docs: add details for setting up CNI for windows + * Update tracing check for whether error has stack + * bboltcachestorage: mitigate corrupt boltdb cache after panic + * Adds controls for checking dockerfile lint rules + * dockerfile: fix build conflict from previous updates + * allow skipping backlinks where walking cache chains for provenance + * dockerfile: detect base image with wrong platform being used + * Fix http fallback + * Add bounds to termHeight when BUILDKIT_TTY_LOG_LINES is set + * vendor: update vt100 with fix for resizing height + * lint: fix some testifylint warnings + * verifier: verify platforms of the build result + * allow controlling detected platforms cache timeout + * Add thompson-shaun to curators + * docs: add a note for opentel/jaeger on windows + * linter: lint rule for using the legacy key/value format with whitespace + * dockerfile: improve detection of reachable stages + * ensure correct grpc max sizes for control API and frontends + * dockerfile: bump alpine to 3.20 + * tests: remove unnecessary declaration and fix typo + * llbsolver: create single temp lease for exports for performance + * fix: 20 sec timeout for write to disc too short + * gitutil: preserve error type when wrapping + * Upgrade: github.com/containerd/containerd v1.7.17 + * Adjusts syscall.Statfs_t for OpenBSD + * github: define disable_file_fixes on codecov upload + * codecov: exclude generated files + * hack: track helper process coverage in integration tests + * dockerfile: avoid evaluating ARG default if unused + * dockerfile: avoid ignoring errors global arg expansion + * hack: add prometheus and grafana to hack/compose + * vendor: update github.com/docker/docker to v26.1.3 + * lint: enable gocritic + * lint: enable noctx linter + * lint: sort used linters + * docs: fix typo and tweak formatting + * hack: add validation for golangci config + * dockerfile: add hint suggestions to UndefinedVar + * dockerfile: add hint suggestions to UndeclaredArgInFrom + * dockerfile: improve error messages and add suggest to platform flag parsing + * linter: add rule to catch multiple conflicting instructions used in the same stage + * removes the extra build-arg copy pasta-ed in + * testutil: make sure context is canceled after test end + * dockerfile: fix test mirror config bullseye-slim + * call validateCommandVars from within the command.Expand call + * move validateCommandVar to happen during dispatch and add additional test cases + * Add undefined arg lint rule + * linter: add rule for relative path used in workdir + * buildkitd: Frontend restriction support + * build(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5 + * detect: refactor the detect package + * stream a layer to s3 if possible, instead of getting it then sending it + * linter: add lint rule for required json arguments + * contenthash: make all paths strings when converting + * progress: fix leak of pipe goroutine from MultiReader + * updated this file docs\windows.md, + * update lint tests to accept a struct instead of an increasing number of parameters + * add linting rules for undeclared args in from + * update lint subrequest to return build error and warnings up to error rather than a failed grpc response + * solver: recursively add merge source jobs to target and ancestors + * Adds alpine:latest to mirrored images in dockerfile integration tests + * solver: use logrus fields for more scheduler debug logs + * solver: prevent edge merge to inactive states + * fix: close files in the toAgentSource func + * linter: add linter rule for reserved stage names and duplicate stage names + * docs: add documetation for --group and SecurityDescriptor config + * frontend: missing compat check for TestCommandSourceMapping + * dockerfile: add lint rule for maintainer instruction + * align prune with disk usage command behavior + * buildkitd: allow --group for windows + * detect: remove extraneous check for detected exporters + * vendor: update fsutil to 91a3fc4 + * docs: dockerfile reference title in front matter + * fix: gc policy for windows to use percentage of disk space + * vendor: update github.com/docker/docker to v26.1.0 + * chore: remove repetitive word + * vendor: github.com/tonistiigi/fsutil @ 497d33b + * build(deps): bump golang.org/x/net from 0.18.0 to 0.23.0 + * chore: fix function names in comment + * build(deps): bump github.com/docker/docker + * Update lint warning sorting to handle mssing ranges and < 1 sourceIndex. + * avoid appending line info in lint detail + * add basic warning validations so we can safely sort and print the warnings we receive from the lint subrequest + * sort lint warning output by file and line number, sourcemap format now consistent + * git: restrict definition of git ref + * Improve grammar in README.md + * dockerfile: add statuscode to lint result + * dockerfile: fix validation errors in linter tests + * fix: use unix path separator since path already normalized + * solver: infer builder id from user input for provenance in build record + * refactored opt.Warn to simplify and updated warning data + * Consolidate tests and update Warning output to include source data + * update print to include lint subcommand + * hack: add gopls analyzers + * lint: unusedparams fixes for freebsd + * lint: unusedparams fixes for windows + * lint: unusedparams fixes + * lint: fixes for overflows + * lint: stdmethods fixes + * vendor: github.com/docker/cli v26.0.0 + * vendor: github.com/docker/docker v26.0.0 + * vendor: golang.org/x/sys v0.18.0 + * vendor: github.com/containerd/containerd v1.7.15 + * hack: linter updates + * lint: unusedwrite fixes + * lint: nilness fixes + * unify ReadAt to ReadCloser conversion + * dockerfile: remove dependency on apitypes/container + * dockerfile: remove strslice dependency + * solver: add more debug logs to track down inconsistent graph state + * add support for AlwaysReplaceExistingDestPaths in llb copy + * chore: fix casing in containerd-alt-16 stage + * chore: remove impossible err check + * oci: fix missing release call + * executor: fix overlay layer limit for non-rootfs mounts + * rewrite-timestamp: fix incompatibility with `COPY --link` + * util/converter: fix diffID computation + * update containerd vendor and add test for OCI media type. + * otel: update usage of otelgrpc interceptors to use stat handlers + * Update file consistent cmd casing to match majority casing, not first instruction casing + * inline stage lint helper functions + * Add lint rule for consistent command casing across the dockerfile and update tests + * update comment where we collect empty continuation line warnings + * client: expose git auth header and token keys + * docs: call out ONBUILD COPY --from as unsupported + * docs: clarify that leading parent dir paths are stripped away + * docs: add COPY --from section + * tracing: refactor the trace recorder + * ci: update workflow artifacts retention + * docs: fix incorrect capitalization for "GitLab" + * docs: fix incorrect syntax for exec form entrypoint + * dockerfile: fix missing source mapping for COPY --link command + * inline: fix uncompressed digest importing from multiple providers + * refactor tests and add FROM/AS lint rule + * gha: add support for batch checking existing keys + * remotecache: replace CheckDescriptor with Info + * explicitly tie linter messages to linter rules + * improve alpine version selection per arch + * oci: make mounting oci socket optional + * add integration test to check for lint warnings + * fix: use default dialer for client + * fix integration tests for new dockerfile empty continuation warning output + * git: ensure file-looking git refs aren't parsed as URLs + * solver: stub out sysSampler close + * remotecache: fix missing CheckDescriptor method + * Remove indent so that every rawjson message is printed in one line. + * vendor: github.com/containerd/containerd v1.7.14 + * refactor linting to allow better, more consistent warnings + * Add additional warnings for lint rules + * hack: configure the otel-collector for hack/compose + * docs: remove mention that buildkit warns about unconsumned build args + * build(deps): bump softprops/action-gh-release from 2.0.2 to 2.0.4 + * detect: fix auto-detection of metric exporters to handle none correctly + * ci: update comment version for softprops/action-gh-release update + * build(deps): bump softprops/action-gh-release from 1 to 2 + * docs: add type=tmpfs to run mounts overview + * testutil: add binary and extraEnv opt for dockerd worker + * docs: replace references to the master branch with v0.13 + * fix(docs): add the containers feature enabling step + * ci: enable multi-platform lint only for upstream repo + * solver: comment some annotations about solver lock + * solver: remove unneccessary solver lock + * Address review feedback and slightly refactor tests + * dockerfile: add docs for --parents + * chore: remove unneccessary parameter in newSharedOp + * move zero-value initialization for oci indexes to separate function + * fix: windows getting started guide for uniformity + * dockerfile: allow pivot point for --parents flag + * util: typo fix + * sets the oci media type if unset in the index + * Remove trailing newline + * vendor: update github.com/tonistiigi/fsutil to 7525a1af2bb5 + * Revert formatting change to state.go + * Remove input ordering logic from Marshal(), enforce ordering in to (*FileOp).Inputs() and (*ExecOp).Inputs() + * vendor: github.com/docker/docker v26.0.0-rc1 + * Change output->input map name and slight formatting change + * Pre-convert outputs to inputs in llb client marshaller in order to traverse input vertices in a consistent order + * ci(validate): temporarily disable archutil-arm64 job + * add loongarch support for buildkit archutil + +------------------------------------------------------------------- +Mon Apr 08 06:02:50 UTC 2024 - danish.prakash@suse.com + +- Update to version 0.13.1: + * oci: make mounting oci socket optional + * git: ensure file-looking git refs aren't parsed as URLs + * remotecache: fix missing CheckDescriptor method + * solver: stub out sysSampler close + * fix(docs): add the containers feature enabling step + * ci: enable multi-platform lint only for upstream repo + * docs: replace references to the master branch with v0.13 + * fix: windows getting started guide for uniformity + * dockerfile: add docs for --parents + * dockerfile: allow pivot point for --parents flag + * util: typo fix + * vendor: update github.com/tonistiigi/fsutil to 7525a1af2bb5 + * ci(validate): temporarily disable archutil-arm64 job + * add loongarch support for buildkit archutil + * dockerfile: don't silently ignore --parents if not labs + * test: switch to golang.org/x/mod to check containerd version constraint + * move network sample to resources types + * vendor: update github.com/Masterminds/semver to v3.2.1 + * gateway: mount metadata with nodev + * file: fix idmap passed to unpack when userns enabled + * file: use best-effort xattr behavior on unpacking + * docs: restructure flags/options for add, copy, run + * docs: typo in windows.md + * docs: add quick guide for macOS + * vendor: update github.com/pkg/profile to v1.7.0 + * docs: add quick guide for windows + * vendor: update github.com/tonistiigi/go-actions-cache to a0b64f338598 + * cache(gha): increase default timeout to 10m + * cache(gha): add timeout attr for cache export/import + * vendor: update go.etcd.io/bbolt to v1.3.9 + * vendor: update github.com/spdx/tools-golang to v0.5.3 + * vendor: update github.com/serialx/hashring to 22c0c7ab6b1b + * vendor: update github.com/containerd/fuse-overlayfs-snapshotter to 1.0.8 + * DescriptorProviderPair: expose methods used by multiprovider + * util/multiprovider: Implement Info + * provenance: move types to a dedicated package + * dockerfile2llb: fix ci merge conflict + * Revert "util/multiprovider: Implement Info" + * Avoid applying `SOURCE_DATE_EPOCH` to base images + * dockerfile2llb: emit base image config + * Fix case where TESTFLAGS may be unset + * dockerfile: add excludepatterns feature to labs + * vendor: update github.com/tonistiigi/fsutil to 7a889f53dbf6 + * vendor: OTEL v0.46.1 / v1.21.0 + * vendor: golang.org/x/net v0.18.0 + * set bridge name and subnet in appdefaults + * ci(test-os): split windows tests + * ci(test-os): merge windows and freebsd build + * dockerfile: cross build freebsd support + * remove accidental debug log + * ci(test-os): build binaries from dockerfile for windows + * dockerfile: binaries-for-test target + * dockerfile: cross build windows support + * ci: inherit secrets from the caller workflow + * secret mount: avoid setting `noexec` when an exec bit it set + * fix: typo + * add buildkitd.exe to windows binaries + * examples/dockerfile2llb: remove unused `-partial-metadata-file` + * ci: set codecov token + * exporter: use docker-spec instead of locally defined types + * dockerfile: bump xx to 1.4.0 + * dockerfile: bump alpine to 3.19 + * Dockerfile update stargz-snapshotter to v0.15.1 + * vendor: github.com/containerd/stargz-snapshotter v0.15.1 + * vendor: github.com/hashicorp/go-retryablehttp v0.7.5 + * vendor: github.com/hanwen/go-fuse/v2 v2.4.0 + * vendor: github.com/prometheus/procfs v0.12.0 + * vendor: github.com/prometheus/client_golang v1.17.0 + * vendor: github.com/urfave/cli v1.22.14 + * vendor: github.com/containerd/continuity v0.4.3 + * client: fix result history media type with dockerd moby + * hack: fix unbound variable + * CNI bridge firewall: avoid using `iptables` backend on rootless mode + * client: fix multiple exporter test for dockerd worker + * Dockerfile frontend: add Integration test for context from git + * Move Dockerfile copy/add --exclude implementation to Labs + * Add llb.WithExcludePatterns + * Integration test for Dockerfile --exclude option + * Dockerfile: Document exclude patterns on COPY and ADD commands + * Dockerfile frontend: expose exclude keyword to ADD and COPY commands + * dockerfile2llb: consistent progress for HTTP and Git ops with ADD + * exporter: make OnBuild omiteempty + * make sure iptables installed in release image + * Revert "temporarily use older frontend to unblock CI" + * util/multiprovider: Implement Info + * temporarily use older frontend to unblock CI + * add missing fallback from new frontend to daemon without sourceresolver + * Dockerfile: update Nydus Image Service to v2.2.4 + * replace resolveimageconfig with generic sourcemetaresolver + * vendor: github.com/containerd/nydus-snapshotter v0.13.7 + * vendor: google.golang.org/genproto/googleapis/rpc 49dd2c1f3d0b + * vendor: google.golang.org/grpc v1.59.0 + * ci: validate archutil on arm64 + * archutil: generate arch bins + * dockerfile(archutil): strip debug info + * dockerfile(archutil): mark the stack as non-executable for amd64 + * dockerfile(archutil): bump to trixie + * archutil: validate + * archutil: move dockerfile to hack and update scripts + * keep local dns in resolv.conf when host network enabled + * Fix source police mutation for named context + * resolver: Limit auth handler isolation to push scopes + * resolver: Isolate auth token cache per session + * go.mod: update containerd to v1.7.13 + * docs/rootless.md: move auxiliary information to the bottom + * vendor: github.com/docker/cli v25.0.3 + * vendor: github.com/docker/docker v25.0.3 + * test: add new content-cache exec mount tests + * exec: allow caller-controlled content-based cache + * exec: allow content-cache for root selected mounts + * exec: refactor content-based cache detection + * vendor: github.com/containerd/console v1.0.4 + * vendor: github.com/docker/cli v25.0.2 + * vendor: github.com/docker/docker v25.0.2 + * Fix regression `/run/buildkit is inaccessible for socket user` + * Update fallback logic to only fallback with previous host + * chore(deps): bump actions/setup-go from 4 to 5 + * chore(deps): bump nick-fields/retry from 2.9.0 to 3.0.0 + * chore(deps): bump actions/cache from 3 to 4 + * chore: refactor IsGitTransport to avoid duplication + * docs: make the warning about build arguments + * ci(docs-upstream): pin reusable workflow + * ci: bump gotest-annotations to fa6141aedf23596fb8bdcceab9cce8dadaa31bd9 + * ci: bump actions/upload-artifact and actions/download-artifact to 4 + * test: warn if testing dockerd worker without disabled features + * ci: bump codecov/codecov-action to v4 + * ci: bump actions/github-script to v7 + * ci(dockerd): bump docker to 25.0.2 + * update runc to v1.1.12 + * exec: add extra validation for submount sources + * executor: recheck mount stub path within root after container run + * llbsolver: make sure interactive container API validates entitlements + * gateway: pass executor with build and not access worker directly + * pb: add extra validation to protobuf types + * sourcepolicy: add validations for nil values + * exporter: add validation for platforms key value + * exporter: add validation for invalid platorm + * exporter: validate null config metadata from gateway + * Fix missing chown/chmod when using parents flag with ADD/COPY command + * Add --parents to commitMessage for ADD/COPY command + * chore: fix remotecache/v1/doc.go + * Add --chown and --chmod to commitMessage for ADD/COPY command + * update runc to v1.1.11 + * Add test to check that `client.SolveOpt.LocalDirs` still works + * Replace usage of LocalDirs with LocalMounts in buildctl and examples + * Integration tests: use LocalMounts instead of deprecated LocalDirs + * chore: close solver resources on shutdown + * s3: fix deprecated EndpointResolver + * s3: rely on aws sdk v2 error types + * vendor: bump github.com/aws/aws-sdk-go-v2 deps + * vendor: github.com/docker/cli v25.0.1 + * vendor: github.com/docker/docker v25.0.1 + * chore: document CacheChains.Marshal + * chore: refactor item.validate for readability + * chore: add some doc-comments in remotecache + * chore: update CacheExporterTarget docs + * chore: remove unused cachechains parent link + * Do not include a cache mount's ID in the ExecOp's cachemap + * docs: tiny improvements + * chore: remove noisy rootlesskit cni log + * solver: use errors.Is when checking context.Cause() + * oci: fix error handling on submount calls + * Dockerfile: update dind script to latest version + * fix: typo + * ci: disable push if not upstream repo + * hack: use git context only for upstream repo + * chore: remove unnecessary locker from http source + * gateway: ensure that all process io is correctly closed + * history: wrap os.ErrNotExist errors + * dockerfile: validate order when linking stages + * vendor: github.com/docker/cli v25.0.0 + * vendor: github.com/docker/docker v25.0.0 + * dockerfile: allow errors with multiple source location + * dockerfile: add source location to circular dependency error + * CI: add oci-rootless-slirp4netns-detachnetns + * cniprovider: support `rootlesskit --detach-netns` (RootlessKit v2) + * vendor: github.com/docker/cli v25.0.0-rc.3 + * vendor: github.com/docker/docker v25.0.0-rc.3 + * vendor: github.com/moby/sys/mountinfo v0.7.1 + * vendor: golang.org/x/sys v0.16.0 + * vendor: github.com/google/uuid v1.5.0 + * vendor: github.com/google/go-cmp v0.6.0 + * test: add a test for cyclic merges + * scheduler: always edge merge in one direction + * progress: add panic for multiwriter cycles + * chore: update merging log message to include index + * chore: fix minor typos in scheduler_test.go + * docs: fix up named context docs + * filesync: append metadata for CopyToCaller + * docs: clarify here-document word quote variable expansion + * vendor: github.com/docker/cli v25.0.0-rc.2 + * vendor: github.com/docker/docker v25.0.0-rc.2 + * vendor: github.com/vbatts/tar-split v0.11.5 + * vendor: github.com/containerd/containerd v1.7.12 + * docs: fix copy/paste typo in Dockerfile reference + * solver: ensure each ref in the result map is evaluated + * rootless: use `~/.config/buildkit/cni.json` + * hack/test: allow ALPINE_VERSION to be set from env + * authors.Dockerfile: update to alpine 3.19 + * cmd/buildkitd: show "bridge" net mode in `--help` + * add CNI bridge network provider + * test: add test case for multi-platform scratch + * docs: fix typo for eksctl + * fix lease management with flightcontrol + * go.mod: fix dependencies being in the wrong group + * vendor: github.com/docker/go-connections v0.5.0 + * hack: add docker-compose file for development + * control: fix typo in exporter slice comment + * solver: avoid discarding nil refs entry + * gateway: avoid calling Definition on nil ref + * vendor: github.com/docker/cli v25.0.0-rc.1 + * vendor: github.com/docker/docker v25.0.0-rc.1 + * vendor: github.com/opencontainers/runc v1.1.11 + * vendor: github.com/klauspost/compress v1.17.4 + * exporter: use implicit ids for exporters + * solver: add cap for multiple exporters + * control: add multiple exporters + * exporter: add new id parameter to exporter instances + * session: add file send multiplexing + * exporter: pass inline cache directly to exporter + * exporter: make ParseKey platform parameter optional + * session: create helper type for exporter file output + * exporter: avoid modifying exporter inputs + * filesync: add doc comments in proto + * chore: remove function indirection for cache exporters + * dockerfile: mitigate flaky smoke test with timeout + * docs: clarify the purpose of the syntax parser directive + * Fix hardlink issue with whiteout deletes in the merge snapshotter. + * detect: refactor the default resource detector for detect + * vendor: github.com/docker/cli v25.0.0-beta.3 + * vendor: github.com/docker/docker v25.0.0-beta.3 + * vendor: github.com/felixge/httpsnoop v1.0.4 + * vendor: golang.org/x/crypto v0.17.0 + * vendor: golang.org/x/crypto v0.16.0 + * vendor: golang.org/x/text v0.14.0 + * vendor: golang.org/x/sys v0.15.0 + * docs: mention trace logging in buildkitd.toml docs + * ci: remove timeout on image job + * tracing: allow the `Resource` to be set externally + * tests: enable previously skipped tests + * lint: set proper cache key for golangci-lint target + * ci(buildkit): set timeout to image job + * ci(test-os): retry logic for freebsd smoke tests step + * tests: enable integration test run on windows + * chore: remove WithFailFast option + * git: ensure that pin matches checked-out commit + * util: expose otel metrics through grpc and prometheus + * Dockerfile: bump up containerd to 1.7.11 + * go.mod: bump up containerd to 1.7.11 + * add gabriel-samfira to maintainers + * Add project processes guide + * fix/pr: fixes from pr review + * replace WithTimeout with WithTimeoutCause + * replace context.WithCancel with WithCancelCause + * make docs + * json-cache-metrics becomes debug-json-cache-metrics + * add an option to show JSON cache metrics + * chore: tidy up removal of digest algorithm + * Dockerfile: Bump up containerd to v1.7.10 + * go.mod: bump up github.com/containerd/containerd to v1.7.10 + * solver: use toSelectors to filter root paths instead of custom logic + * llbsolver: fix possible panic when setting event to nil + * ci(deps): upgrade containerd to v1.7.9 + * ci(deps): upgrade OpenTelemetry libraries to v1.19.0 / v0.45.0 + * Update docs/attestations/sbom-protocol.md + * docs: dockerfile instructions quick reference + * github: add issue reporting guide + * windows integration tests: plumbing work to be able to run on windows + * Update to go 1.21 + * dockerfile: remove duplicate layer chains from provenance attestation + * fix bug that gen layer tar contains duplicated files + * Dockerfile: Bump up runc to 1.1.10 + * docs: refresh dockerfile frontend reference + * String substitution in variable expansion + * docs: update builtctl.md to fix markdown links and typo + * buildctl: Add insecure config for registry-auth-tlscontext flag + * dockerfile2llb: filter unused paths for named contexts + * vendor: github.com/docker/cli v25.0.0-beta.1 + * vendor: github.com/docker/docker v25.0.0-beta.1 + * vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev) + * vendor: github.com/opencontainers/runc v1.1.10 + * vendor: github.com/docker/docker-credential-helpers v0.8.0 + * vendor: github.com/go-logr/logr v1.2.4 + * vendor: github.com/vbatts/tar-split v0.11.3 + * vendor: github.com/opencontainers/runtime-spec v1.1.0 + * vendor: github.com/cenkalti/backoff/v4 v4.2.1 + * llbsolver: unmarshal protobuf objects into the provenance attestation correctly + * docs: fix warning callouts + * cache: set max batch size limit to prune + * ci(test-os): enable SSH keep alive in vagrant vm + * ci(validate): use target property to list all targets + * golangci-lint: increase timeout + * enable golangci-lint for supported platforms + * solver: allow debugging specific builder steps + * Update buildctl.md + * containerd: support custom shim path + * chore: update getTaskOpts to return multiple opts + * git: add missing RedactCredentials call in cache description + * docs: add a note that healthcheck --start-interval requires docker 25.0 + * Whenever copying OCI Platform data, include OSVersion and OSFeatures + * hack: enable linting for freebsd + * hack: enable linting for windows + * chore: move linux-specific oci spec to spec_linux.go + * chore: remove unused functions for windows + * chore: fix windows variable naming issues + * chore: remove fmt.Errorf usage for windows + * docs: retarget dockerfile reference link + * ci: make test job depends on binaries one + * dockerfile: smoke tests for binaries + * frontend/dockerfile/dockerfile2llb: errmsg: quote build target + * vendor: github.com/containerd/containerd v1.7.8 + * vendor: google.golang.org/grpc v1.58.3 + * vendor: google.golang.org/protobuf v1.31.0 + * vendor: golang.org/x/tools v0.10.0 + * vendor: golang.org/x/sync v0.3.0 + * vendor: golang.org/x/mod v0.11.0 + * Add string trimming (#, %, ##, %%) in variable expansion + * test: add force-compression option for nydus case + * solver: fix nydus force compression for provenance + * fix typos + * containerd: normalize platform received from introspection API + * fix usage loss for snapshots with labels in MergeSnapshotter + * vendor: update nydus-snapshotter to v0.13.1 + * ci(test-os): switch to macos-13 runner for freebsd job + * migrate to github.com/moby/sys/user + * vendor: google.golang.org/grpc v1.56.3 + * vendor: google.golang.org/grpc v1.56.2 + * ci: bump up golangci-lint to v1.55.0 + * dockerfile2llb: Add a MainContext option to ConvertOpt + * buildkitd: use default config file location when run as root in rootless + * Dockerfile: bump up registry to v2.8.3 + * Dockerfile: bump up CNI plugins to v1.3.0 + * solver: fix printing progress messages after merged edges + * Fix broken link + * vendor: github.com/klauspost/compress v1.17.2 + * client: refactor to extract prepareMounts + * exporter: refactor to clarify intent behind fs usage + * client: allow exposing fsutil.FS through SolveOpts + * session: modify FSSync provider to take fsutil.FS objects + * vendor: update fsutil to master@f09800878302 + * Send hcsshim's options struct when running with hcsshim + * ci(test-os): increase vm boot time to 15m + * llbsolver: fix possible deadlock in history listen + * buildkitd: fix debug handler listener + * cache: fix cache leak + * Dockerfile: update xx to 1.3.0 + * solver: minor typo in one of the logging messages + * Dockerfile: bump up nerdctl to v1.6.2 + * chore: enable riscv64 build + * solver: fix possible concurrent map access on cache export + * Fix linting issue + * Use snapshot.Mountable as an argument type to readUser + * Move readUser code outside of the file package + * Remove the need for an exported Executor field + * Implement readUser on Windows + * Skip export of caches with no layers to OCI structures + * Correct package name for inline remote-cache source + * Revendor opencontainers/image-spec to v1.1.0-rc5 + * chore: temporarily disable riscv64 build + * ci: fix docs upstream validation workflow + * README: BuildKit is now default in the Engine + * vendor: golang.org/x/net v0.17.0 + * vendor: golang.org/x/crypto v0.14.0 + * vendor: golang.org/x/text v0.13.0 + * vendor: golang.org/x/sys v0.13.0 + * Dockerfile: update containerd binary to v1.7.7 + * Add Unikraft to the list of BuildKit users + * vendor: github.com/containerd/containerd v1.7.7 + * vendor: golang.org/x/net v0.13.0 + * vendor: golang.org/x/crypto v0.11.0, golang.org/x/text v0.11.0 + * vendor: golang.org/x/sys v0.10.0 + * vendor: github.com/stretchr/testify v1.8.4 + * vendor: github.com/containerd/continuity v0.4.2 + * solver: protect against nil rres upon errors + * ResolveImageConfig: Only fetch best matching config + * git: use custom giturl type to preserve original remote + * sshutil: refactor to allow parsing scp-style urls + * gateway: restore original filename in StatFile error message + * dockerfile: add --parents flag for COPY + * CI (containerd v1.6): bump up containerd to 1.6.24 + * docs: mv .dockerignore help to context docs + * uploadprovider: avoid too big grpc messages on tar upload + * session: raise grpc message size limits for session endpoint + * filesync: split stream data into 3MB chunks to avoid message limits + * Bump up golangci-lint to 1.54.2 + * Update go to 1.21 + * docs: fix typo in nydus.md + * Rename cgroupNamespaceSupported, add details + * Don't support cgroupns on cgroups v1 + * util/resolver: fillInsecureOpts don't return slice + * util/resolver: Http fallback in the same host + * util/resolver: Fix insecure mirrors + * Make output window configurable: BUILDKIT_TTY_LOG_LINES + * docs: fix incorrect option name in containerd runtime config + * ci(test): fix unhandled buildkitd tags + * solver: fix issue with double merged edges + * hack: update BUILDKIT_DEBUG handling + * dockerfile: introduce a debug variant for the buildkit docker image + * integration: set otel socket path through buildkit config + * chore: add todo note to remove runj specifics + * Add options to specify containerd runtime + * Ensure layers in the local content store on FileList API + * cache: don't skip unlazy without blob check + * docs/rootless: use Bottlerocket's API configurations + * solver: correctly set the content selector with multiple bind mounts references + * diff: gzip with custom level should be compressed by BuildKit's differ + * docs: note that gckeepstorage can take different types + * Revert "Update buildkitd.toml.md" + * ci(test-os): increase vm boot time to 10m + * hack(test): tidy create command and display invoked docker cmds + * ci(test): dedicated step to build integration-tests image + * create integration-tests bake target + * hack(test): opt to avoid building the integration tests image + * hack(dockerfile-frontend): remove daily release type + * hack: align syntax + * hack: progressFlag set not needed + * hack: cleanup buildx install + * hack(test): use trap to remove cache volume + * buildctl: propagate `SOURCE_DATE_EPOCH` from client env to build arg + * ci: update github actions to latest stable + * buildctl: Add configured TLS certificate to trust store when making calls to registry auth + * go fmt cache/blobs_nolinux.go + * exporter/containerimage: new option: rewrite-timestamp + * Move cache/converter.go to util/converter/converter.go + * dockerfile2llb: set default llb.Local when client is not available + * progressui: modify NewDisplay to accept io.Writer instead of console.File + * authprovider: Fix error return from Credentials when logger is nil + * Add Unikraft's kraft.yaml to list of LLB languages. + * ci(test-os): cross build freebsd binaries using the Dockerfile + * progress: add new quiet display mode + * docs: Add `[dns]` snippet to `buildkitd.toml` example file + * client: manually implement Wait backoffs + * docs(source): mention successful snapshots can be nil + * fix: return err when unable to hash + * migrate to github.com/distribution/reference v0.5.0 + * Revert "buildctl: set max backoff delay to 1 second" + * ci: update github actions to latest stable + * lint: fix linting rules for logrus + * chore: use bklog instead of logrus + * fix: use sha256 for merge/diff op cache maps + * llb: avoid duplicate instances of sourcemaps in provenance + * fix: log context for future debugging + * fix(boltdb): close cache and history dbs on exit + * Cleanup args, rename jobDetails + * fix: check snapshot labels to avoid panic + * fix(metadata): close store on exit + * pull: fix possible negative blob pull time + * docs: fix slsa definition markup issues + * FreeBSD CI: cross-compile binaries + * util/progress: silence go test -race + * progressui: adds a json output that shows raw events for the solver status + * docker: cleanup fields in image definition + * test: git tag test should not sign tags + * git: centralize git cli operations + * deprecate frontend/dockerfile/dockerignore + * replace dockerfile/dockerignore with patternmatcher/ignorefile + * vendor: github.com/moby/patternmatcher v0.6.0 + * git: avoid regexp for checking .git suffix + * git: update parsing to clarify between scp-style urls + * tests: tidy up gitutil testing structs + * git: update llb.Git doc comment + * hack: forward CGO_ENABLED into test container + * solver: fix possible race for provenance ResolveImageConfig + * solver: wrap gRPC codes.NotFound on unknown build ID + * ci: dump context on failure + * chore: fix git freebsd to match file names + * source: make sources pluggable + * Fix typo in README.md + * Implement executor on Windows + * chore: split vagrant provisioning + * buildkitd: add grpc.health.v1.Health service + * Dockerfile: RUNC_VERSION=v1.1.9 + * go.mod: github.com/opencontainers/runc v1.1.9 + * ci: add protolint validation + * lint: add protolint config + * chore: tidy up filesync encode headers handling + * docs: index annotations fail if index is not produced + * docs: update gcpolicy percentage to refer to total space + * docs: improve CacheMap developer documentation + * filesync: write closer err discarded + * Avoid unnecessary map allocation when writing progress + * Improve cache related trace logging. + * test: add HasFeatureCompat helper + * integration: fix rootless tests + * buildkitd: otel config and otel-socket-path flag + * tests: refactor integration test package + * test: use integration.Tmpdir consistently + * docs: removed labs ref for ADD checksum and git + * ci(test-os): bump actions + * tests: refactor Tmpdir as a test helper + * FreeBSD CI Run logs retention + * filesync: remove deprecated override-excludes + * integration: preserve existing environment variables when using sudo + * set tracing socket path to runtime dir + * executor: fix resource sampler goroutine leak + * docs: troubleshoot for `mount proc:/proc (via /proc/self/fd/6), flags: 0xe: operation not permitted` + * FreeBSD port + * examples: bump oci and containerd versions + * examples: remove no_containerd_worker build tag + * hack: add linting for multiple combinations of build tags + * chore: remove unused blobIDs for nydus compression + * chore: remove old no_{oci,containerd}_worker build tags + * nydus: fix missing imports + * frontend/dockerfile/dockerignore: remove hard-coded filename from error + * frontend/dockerfile/dockerignore: touch-up godoc and code + * frontend/dockerfile/dockerignore: cleanup unit test + * chore: clean up file copy logic backend logic + * filesync: append rather than replace grpc md. + * progress: don't modify ResetTime inputs + * vendor: github.com/docker/cli v24.0.5 + * vendor: golang.org/x/net v0.10.0 + * vendor: golang.org/x/text v0.9.0 + * vendor: golang.org/x/sys v0.8.0 + * vendor: github.com/sirupsen/logrus v1.9.3 + * Add support for JSON formatted logs (#3133) + * Dedupe "containerd.io/uncompressed" constants and literals + * integration: missing env var to check feature compat + * vendor: github.com/docker/docker@master (afd4805) + * file: Fix incorrect handling of non-existent files in llbsolver's rmPath + * llb: Add tests for WithUser + * llb: Correct 'contexst' typo in State.Run function's documentation + * test: update pinned busybox image to 1.36 + * executor/resource: stub out NewSysSampler on Windows + * vendor: github.com/docker/cli v24.0.4 + * docs/build-repro.md: fix description about squashing + * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev) + * test: update pinned alpine image to 3.18 + * examples: create certs bake definition + * testutil: move CheckContainerdVersion to a separate package + * chore: update AUTHORS and mailmap + * Clarify the behavior of wildcards in .dockerignore file + +------------------------------------------------------------------- +Thu Feb 01 16:36:18 UTC 2024 - dcermak@suse.com + +- Update to version 0.12.5: + * update runc to v1.1.12 + * exec: add extra validation for submount sources (fixes CVE-2024-23651, bsc#1219267) + * oci: fix error handling on submount calls + * executor: recheck mount stub path within root after container run (fixes CVE-2024-23652, bsc#1219268) + * llbsolver: make sure interactive container API validates entitlements (fixes CVE-2024-23653, bsc#1219438) + * gateway: pass executor with build and not access worker directly + * pb: add extra validation to protobuf types + * sourcepolicy: add validations for nil values + * exporter: add validation for platforms key value + * exporter: add validation for invalid platorm + * exporter: validate null config metadata from gateway + * ci: disable push if not upstream repo + * hack: use git context only for upstream repo + * hack/test: allow ALPINE_VERSION to be set from env + * hack: align syntax + * vendor: github.com/cyphar/filepath-securejoin v0.2.4 + * tracing: allow the `Resource` to be set externally + +------------------------------------------------------------------- +Mon Dec 04 13:14:41 UTC 2023 - fredrik.lonnegren@suse.com + +- Update to version 0.12.4: + * Fix possible concurrent map access on remote cache export + * Fix hang on debug server listener + * Fix possible deadlock in History API under high number of parallel builds + * Fix possible panic on handling deleted records in History API + * Fix possible data corruption in zstd library + +- Update to version 0.12.3: + * Fix possible duplicate source files in provenance attestation for chained builds + * Fix possible negative step time in progressbar for step shared with other build request + * Fix properly closing history and cache DB on shutdown to avoid corruption + * Fix incorrect error handling for invalid HTTP source URLs + * Fix fallback cases for ambiguous insecure configuration provided for registry used as push target. + * Fix possible data race with parallel image config resolves + * Fix regression in v0.12 for clients waiting on buildkitd to become available + * Fix Cgroup NS handling for hosts supporting only CgroupV1 + +- Update to version 0.12.2: + * Fix possible discarded network error when exporting result to client + * Avoid unnecessary memory allocations when writing build progress + +------------------------------------------------------------------- +Wed Aug 02 21:37:05 UTC 2023 - elimat@opensuse.org + +- Update to version 0.12.1: + * executor: fix resource sampler goroutine leak + * [v0.11] make tracing socket forward error non-fatal + * integration: missing env var to check feature compat + * test: update pinned busybox image to 1.36 + * test: update pinned alpine image to 3.18 + * vendor: github.com/docker/docker 8e51b8b59cb8 (master, v25.0.0-dev) + * executor/resource: stub out NewSysSampler on Windows + * vendor: github.com/docker/cli v24.0.4 + * testutil: move CheckContainerdVersion to a separate package + * llbsolver: fix policy rule ordering + * filesync: fix backward compatibility with encoding + and % + * hack: allow to set GO_VERSION during tests + * test: always disable tls for dockerd worker + * buildctl: set max backoff delay to 1 second + * contenthash: data race + * filesync: escape special query characters + * applier: add hack to support docker zstd layers + * Fix various nits + * pullprogress data race + * use sampler lock instead + * Fix ResolveImageConfig to evaluate source policy + * sampler data race fix + * update cgroup parent test to work with cgroupns + * Revert "specify a `ResponseHeaderTimeout` value" + * oci: make sure cgroupns is enabled if supported + * bash lint fix + * rename BUILDFLAGS to GOBUILDFLAGS + * allow ENOTSUP for PSI cgroup files + * containerimage: use platform matcher to detect platform to unpack + * exporter: silently skip unpacking unknown reference + * improve error handling in ReadFile + * dockerfile: arg for controlling go build flags + * dockerfile: arg to enable go race detection + * Add support for health start interval + * Re-vendor moby/moby + * filesync: mark if options have been encoded to detect old versions + * dockerfile: heredoc should use 0644 permissions + * docs: update README to reference OpenTelemetry instead of OpenTracing + * gateway: restore original filename in ReadFile error message + * Dockerfile: update containerd to v1.7.2 + * Use system.ToSlash() instead of filepath.ToSlash() + * Revert most changes to client/llb + * Remove Architecture + * Default to linux in client + * Ensure we use proper path separators + * Set default platform + * Add nil pointer check in dispatchWorkdir + * Remove nil pointer check and extra NormalizePath + * Rename variable, remove superfluous check + * Use current OS as a default + * Handle file paths base on target platform + * exporter: unlazy references in parallel + * exporter: simplify unlazy references to reduce duplication + * exporter: allow unpack on multi-platform images + * tests: add unpack to scratch export test + * overlay: set whiteout timestamps to 1970-01-01 (not to SOURCE_DATE_EPOCH) + * dockerfile: graduate `ADD --checksum=` from labs + * dockerfile: graduate `ADD ` from labs + * dockerfile: mod-outdated target to check modules updates + * dockerfile: use xx in dnsname stage + * dockerfile: install musl-dev to fix compilation issue + * dockerfile: update Alpine to 3.18 + * vendor: update fsutil to 36ef4d8 + * export(local): split opt + * buildctl: Provide --wait option + * containerimage: support SOURCE_DATE_EPOCH for CreatedAt + * move flightcontrol to use generics + * containerimage: keep layer labels for exported images + * shell: start shell from cmd, not entrypoint + * sbom: propogate image-resolve-mode for generator image + * client: add extra debug to tests + * handle missing provenance for non-evaluated result + * tests: add provenance test for duplicate platform + * tests: add provenance test for when context directory does not exist + * forward: make BridgeClient public for lint + * gateway: enable named contexts for gateway frontend + * vendor: update vt100 with resize panic fix + * docs: dockerfile: remove "known issues" related to AuFS + * docs: add running instruction to CONTRIBUTING.md + * tests: add worker close method to interface + * add and check for gateway.exec.secretenv cap + * move Secretenv from Meta to InitMessage + * support passing SecretEnv to gateway containers + * Add comment, update from review + * Fix issue with digest merge (inconsistent graph state) + * docs: add helper commands section to CONTRIBUTING.md + * docs: update CONTRIBUTING.md whitespace formatting + * integration: fix not deleting dockerd workdir + * remove uses of deprecated ResolverOptions.Client + * filesync: fix handling non-ascii in file paths + * tests: add test for unicode filenames + * Adding more docs to client/llb + * Add special case for rw bind mounts + * vendor: github.com/docker/cli v24.0.2 + * vendor: github.com/docker/docker v24.0.2 + * progressui: fix index printing on partial rows + * gateway: wrap ExecProcessServer Send calls with a mutex + * resources: make maxsamples configurable + * llbsolver: add systemusage samples to provenance attestation + * resources: store sys cpu usage per step + * resources: add sampler for periodic stat reads + * resources: CNI network usage sampling support + * resources: add build step resource tracking via cgroups + * solver: lock before using actives + * Emulate "bind" mounts using the bind filter + * Fix mount layers on host + * llbsolver: set temporary lease in Commit context + * Update containerd dependency + * exporter: Add exptypes with Common exporter keys + * exporter/image/exptypes: Make strongly typed + * solver: move AddBuildConfig into llbsolver package + * tests: add test to check url format for image loaded from oci layout + * solver: mark locally loaded images as such + * solver: merge local and remote images into single list + * purl: allow RefToPURL to take a type parameter + * tests: don't use purl code to test itself + * Use linux as a default for inputOS + * Add path handling functions + * response to comments + * containerimage: Export option keys + * vendor: update spdx/tools-golang to v0.5.1 + * exporter: remove non dist options from tar exporter + * exporter: move fs opt parsing to method + * tests: fixup attestation tar to not panic when file not found + * git: set umask without reexec + * add language property for sourcemap + * dockerfile/docs: add set -ex to heredoc #3870 + * authprovider: fix a bug where registry-1.docker.io auth was always a cache miss + * response to comments + * tracing: fix buildx tracing delegation + * Update continuity and fsutil + * cache: add a few more fields to ref trace logs. + * vendor: github.com/containerd/go-runc v1.1.0 + * provenance: fix possible empty digest access + * vendor: fix broken vendoring + * dockerfile: bump up nerdctl to v1.4.0 + * bump nydus-snapshotter dependence to v0.8.2 + * vendor: github.com/docker/cli v24.0.1 + * vendor: github.com/docker/docker v24.0.1 + * vendor: github.com/containerd/containerd v1.7.1 + * vendor: github.com/Microsoft/hcsshim v0.10.0-rc.8 + * vendor: github.com/Microsoft/go-winio v0.6.1 + * vendor: golang.org/x/sys v0.7.0 + * vendor: github.com/containerd/typeurl/v2 v2.1.1 + * chore: bump spdx tools + * Fix typo in attestation-storage.md + * vendor: github.com/docker/cli v24.0.0 + * vendor: github.com/docker/docker v24.0.0 + * vendor: github.com/opencontainers/runc v1.1.7 + * vendor: github.com/opencontainers/runtime-spec v1.1.0-rc.2 + * vendor: github.com/klauspost/compress v1.16.3 + * Dockerfile: CONTAINERD_VERSION=v1.7.1 + * Dockerfile: CONTAINERD_ALT_VERSION_16=v1.6.21 + * Dockerfile: RUNC_VERSION=v1.1.7 + * session: avoid logging healthcheck error on canceled connection + * session: fix run and close synchronization + * testutil: update ReadImages to fallback to reading manifest + * Add trace logs for cache leaks. + * Add some doc strings for LLB functions + * attestations: move containerd media type warnings + * update generated proto files + * attestations: replace intoto media type with vendored const + * nydus: bump nydus versions in Dockerfile and doc + * feedback changes for moby/buildkit #2251 + * testutil: expose underlying docker address for supported workers + * testutil: expose integration workers as public + * remove type aliases for leasemanager/contentstore + * llbsolver: move history blobs to a separate namespace + * build(deps): bump github.com/docker/distribution + * added import/export support for OCI compatible image manifest version of cache manifest (opt-in on export, inferred on import) moby/buildkit #2251 + * llb: carry platform from inputs for merge/diff + * llb: don't include platform in fileop + * control: fix possible deadlock on network error + * exporter/containerimage: remove redundant type for var declaration + * Fix not to set the value on empty vertex + * Fix to import as digest + * cache: always release ref when getting size in usage. + * Drop unneeded variable + * ssh: add fallback to ensure conn is closed in all cases. + * vendor: github.com/opencontainers/image-spec v1.1.0-rc3 + * vendor: github.com/docker/cli v23.0.5 + * vendor: github.com/docker/docker v23.0.5 + * nydus: update nydus-snapshotter dependency to v0.8.0 + * progressui: fix possible zero prefix numbers in logs + * llbsolver: send active event only to current client + * llbsolver: send delete status event + * llbsolver: filter out records marked deleted from list responses + * Add Windows service support + * docs: fixup build repro doc with updated policy format + * test: use appropriate snapshotter service to walk snapshots + * overlay: use function to check for overlay-based mounts + * Update uses of Image platform fields in OCI image-spec + * allow setting user agent products + * Bump up golangci-lint to v1.52.2 + * chore: tidy up duplicated imports + * solver: Release unused refs in LoadWithParents + * Avoid panic on parallel walking on DefinitionOp + * solver: skip sbom post processor if result is nil + * vendor: github.com/docker/docker v23.0.4 + * vendor: github.com/docker/cli v23.0.4 + * vendor: golang.org/x/time v0.3.0 + * vendor: github.com/docker/cli v23.0.2 + * vendor: github.com/docker/docker v23.0.2 + * test: don't hang if a process doesn't run + * ci: put worker name first for better UX in actions + * go.mod: remove github.com/kr/pretty + * Revert "Problem: can't use anonymous S3 credentials" + * go.mod: bump up runc to v1.1.6 + * go.mod: Bump up stargz-snapshotter to v0.14.3 + * dockerfile: bump up stargz-snapshotter to v0.14.3 + * dockerfile: bump up runc to v1.1.6 + * buildkitd: add grpc reflection + * Bump up nerdctl to 1.3.0 + * Bump up containerd 1.6.20 + * Fix gzip decoding of HTTP sources. + * ci: update runner os to ubuntu 22.04 + * Fix bearer token expiration check (fixes #3779) + * docs: update buildkitd.toml with new field info + * buildkitd: allow durations for gc config + * buildkitd: allow multiple units for gc config + * dockerui: expose context detection functions as public + * Prevent overflow of runc exit code. + * Upgrade to latest go-runc. + * runc worker: fix sigkill handling + * Dockerfile: RUNC_VERSION=v1.1.5 + * client: add client opts to enable system certificates + * Make ClientOpts type safe + * build(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 + * fileop: create new fileOpSolver instance per Exec call + * Provide CacheManager to Controller instead of CacheKeyManager. + * http: ensure HEAD and GET requests have same headers + * docs: add auto-generated sections to buildctl.md + * client: allow grpc dial option passthrough + * cni: simplify netns creation + * add Bass to list of LLB languages + * llbsolver: fix sorting of history records + * llbsolver: Fix performance of recomputeDigests + * solve: use comparables instead of reflection in result struct + * vendor: github.com/docker/cli v23.0.1 + * vendor: github.com/docker/docker v23.0.1 + * client: create oci-layout file in StoreIndex + * ci: output annotations for failures + * test: set mod vendor + * test: use gotestsum to generate reports + * fix gateway exec tty cleanup on context.Canceled + * fix process termination handling for runc exec + * Register builds before recording build history + * docs(dockerfile): minimal Dockerfile version support for chmod + * Update builder.md to document newly supported --chmod features in both ADD and COPY statements. + * use bklog.G(ctx) instead of logrus directly + * integration: missing mergeDiff compat check + * chore: `translateLegacySolveRequest` does not need to return error checking. + * integration: split feature compat check for subtests + * integration: missing feature compat check for cache + * dockerfile: fix reproducible digest test for non-amd64 + * integration: add FeatureMergeDiff compat + * integration: add FeatureCacheBackend* compat + * integration: enforce features compat through env vars + * ci: upstream docs conformance validation + * dockerfile(docs): fix liquid syntax + * Problem: can't use anonymous S3 credentials + * hack: remove build_ci_first_pass script + * hack: binaries and cross bake targets + * go.mod: update to go 1.20 + * Dockerfile: CONTAINERD_VERSION=v1.7.0 + * go.mod: github.com/containerd/containerd v1.7.0 + * Add Namespace to list of buildkit users. + * remove buildinfo + * buildinfo: add BUILDKIT_BUILDINFO build arg + * buildinfo: mark as deprecated + * docs: deprecated features page + * rootless: guide for Bottlerocket OS (`sysctl -w user.max_user_namespaces=N`) + * rootless: fix up unprivileged mount opts + * Dockerfile: CONTAINERD_VERSION=v1.7.0-rc.3, CONTAINERD_ALT_VERSION_16=v1.6.19 + * go.mod: github.com/containerd/containerd v1.7.0-rc.3 + * version: add "v" prefix to version for tagging convention consistency + * remove context name validation from kubepod connhelper + * gateway: add hostname option to NewContainer API + * fix error message typo + * provenance: ensure URLs are redacted before written + * test/client: Close buildkit client + * docs: missing security policy markdown file + * diffapply: do chown before xattrs + * Add test for merge of files with capabilities. + * fix a possible panic on cache + * Update cmd/buildkitd/main_windows.go + * ci(validate): use bake + * hack: shfmt bake target + * hack: generated-files bake target + * hack: doctoc bake target + * hack: lint bake target + * hack: authors Dockerfile and bake target + * hack: bake definition with vendor targets + * Fix buildkitd panic when frontend input is nil. + * ci: trigger workflows on push to release branches + * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 + * ci: create GitHub Release for frontend as well + * ci: make release depends on image job + * lint: fix issues with go 1.20 + * remove deprecated golangci-lint linters + * update golangci-lint to v1.51.1 + * update to go 1.20 + * Allow DefinitionOp to track sources + * specify a `ResponseHeaderTimeout` value + * Ensures that the primary GID is also included in the additional GIDs + * ci: fix missing TESTFLAGS env var in test-os workflow + * Dockerfile: update containerd to v1.7.0-beta.4, v1.6.18 + * go.mod: github.com/containerd/containerd v1.7.0-beta.4 + * ci: update softprops/action-gh-release to v0.1.15 + * ci: remove unused vars in dockerd workflow + * ci: split cross job + * Dockerfile: remove binaries-linux-helper stage + * ci: rename unclear env vars + * readme: fix and update badges + * ci: rename build workflow to buildkit + * ci: reusable test workflow + * ci: move test-os to a dedicated workflow + * ci: move frontend integration tests and build to a dedicated workflow + * stargz-snapshotter: graduate from experimental + * Bump up stargz-snapshotter to v0.14.1 + * set osversion in index descriptor from base image + * progress: solve status description + * ci: update buildx to latest + * Dockerfile: update xx to 1.2.1 + * integration: make sure registry directory exists + * gha: avoid range requests with too big offset + * ci: merge test-nydus job in test one + * ci: remove branch restriction on pull request event + * client: add tests for layerID in comment field + * exporter: fix sbom supplement core detection + * exporter: fix supplement sboms on empty scratch layer + * exporter: fix file layer finder whiteout detection + * exporter: canonicalize sbom file paths during search + * Add platform tracing socket paths and mounts + * integration: log dockerd cmd + * integration: set custom flags for dockerd worker + * remotecache: proper exporter naming for gha, s3 and azblob + * remotecache: explicit names for registry and local + * exporter: use compression.ParseAttributes func + * remotecache: mutualize compression parsing attrs + * lex: add support for optional colon in variable expansion + * test: rework TestProcessWithMatches to use a matrix + * dockerfile: update to use dockerui pkg + * dockerui: separate docker frontend params to reusable package + * cache: add fallback for snapshotID + * exporter: remove wrappers for oci data types + * vendor: github.com/docker/cli v23.0.0 + * vendor: github.com/docker/docker v23.0.0 + * hack: do not cache some stages on release + * hack: do not set attest flags when exporting to docker + * git: override the locale to ensure consistent output + * fix support for empty git ref with subdir + * gitutil: use subtests + * source: more tests cases for git identifier + * source: use subtests cases for git identifier + * otel: bump dependencies to v1.11.2/v0.37.0 + * hack: treat unset variables as an error + * frontend: fix typo in release script + * ci: create matrix for building frontend image + * inline cache: fix blob indexes by uncompressed digest + * Skip configuring cache exporter if it is nil. + * docs: update syntax for labs channel in examples + * integration: remove wrong compat condition + * integration: fix compat check for CNI DNS test + * cache: don’t link blobonly based on chainid + * do not mount secrets that are optional and missing from solve opts + * SOURCE_DATE_EPOCH: drop timezone + * sbom: create tmp directory for scanner image + * progress: keep color enabled with NO_COLOR empty + * hack: remove azblob_test + * integration: basic azblob cache test + * test: add proxy build args when existed + * vendor: github.com/docker/cli v23.0.0-rc.3 + * vendor: github.com/docker/docker v23.0.0-rc.3 + * vendor: golang.org/x/net v0.5.0 + * vendor: golang.org/x/text v0.6.0 + * vendor: golang.org/x/sys v0.4.0 + * Dockerfile: CNI plugins v1.2.0 + * Dockerfile: CONTAINERD_VERSION=v1.7.0-beta.3, CONTAINERD_ALT_VERSION_16=v1.6.16 + * Fix tracing listener on Windows + * go.mod: github.com/containerd/containerd v1.7.0-beta.3 + * control: send current timestamp header with event streams + * vendor: update containerd to v1.6.16-0.1709cfe273d9 + * buildctl: add ref-file to get history record for a build + * client: make sure ref is configurable for the history API + * history: save completed steps with cache stats + * history: fix exporter key not being passed + * history: fix logs and traces are saving on canceled builds + * hack: add correct entrypoint to shell script + * ci: use moby/buildkit:latest in build action + * dockerfile: add testReproSourceDateEpoch + * Fix cache cannot reuse lazy layers + * Correct manifests_prefix documentation for S3 cache + * Use golang.org/x/sys/windows instead of syscall + * dockerfile: release frontend for i386 platform + * Add get-user-info utility + * optimize --dry-run flag + * fix(tracing): spelling of OTEL_TRACES_EXPORTER value + * Propagate sshforward send side connection close + * buildctl: add `buildctl debug histories, buildctl prune-histories` + * dockerfile: fix panic on warnings with multi-platform + * vendor: github.com/docker/cli v23.0.0-rc.2 + * vendor: github.com/docker/docker v23.0.0-rc.2 + * vendor: github.com/containerd/containerd v1.6.15 + * cache: add registry.insecure option to registry exporter + * Make local cache non-lazy + * docs/build-repro.md: add the SOURCE_DATE_EPOCH section + * docs: clarified build argument example by changing the variable name + * azblob cache: account_name attribute + * docs: master -> 0.11 + * ci: fix dockerd workflow with latest changes from moby + * integration: set mirrors and entitlements with dockerd worker + * github: update CI to buildkit version + * exporter: ensure spdx order prioritizes primary sbom + * hack: remove s3_test + * integration: basic s3 cache test + * integration: add runCmd and randomString utils + * integration: expose backend logs in sandbox interface + * azblob_test: pin busybox to avoid "Illegal instruction" error + * docs: add nerdctl container buildkitd address docs + * feat: add namespace support for nerdctl container + * ci: add ci to check README toc + * testutil: pin busybox and alpine used in releases + * exporter: allow configuring inline attestations for image exporters + * exporter: force enabling inline attestations for image export + * docs: change semicolons to double ampersands + * llbsolver: fix panic when requesting provenance on nil result + * vendor: update fsutil to fb43384 + * attestation: only supplement file data for the core scan + * docs: add index page for attestations + * docs: move attestation docs to dedicated directory + * docs: rename slsa.md to slsa-provenance.md + * docs: tidy up json examples for slsa definitions + * docs: add cross-linking between slsa pages + * Flakiness in azblob test job + * vendor: update spdx/tools-golang to d6f58551be3f + * feat: add nerdctl-container support for client + * docs: slsa review updates + * docs: moved slsa definitions to a separate page + * docs: slsa editorial fixes + * docs: add filename to provenance attestation + * docs: update hermetic field after it was moved in implementation + * docs: update provenance docs + * docs: add slsa provenance documentation + * progress: fix clean context cancelling + * fix: updated_at -> updated-at + * Solve panic due to concurrent access to ExportSpans + * feat: allow ignoring remote cache-export error if failing + * add cache stats to the build history API + * vendor: github.com/docker/cli v23.0.0-rc.1 + * vendor: github.com/docker/docker v23.0.0-rc.1 + * vendor: github.com/containerd/containerd v1.6.14 + * frontend: fix testMultiStageImplicitFrom to account for busybox changes + * sshforward: skip conn close on stream CloseSend. + * chore: update buildkitd.toml docs with mirror path example + * feat: handle mirror url with path + * provenance: fix the order of the build steps + * provenance: move hermetic field into a correct struct + * add possibility to override filename for provenance + * Fix typo in CapExecMountBindReadWriteNoOutput. + * Use SkipOutput instead of -1 for output indexes to clarify semantics. + * fix indentation for in-toto and traces + * attestation: forbid provenance attestations from frontend + * attestation: validate attestations before unbundling as well + * exporter: make attestation validation public + * result: change reason types to strings + * attestations: ignore spdx parse errors + * attestations: propogate metadata through unbundling + * gateway: add addition check to prevent content func from being forwarded + * ociindex: add utility method for getting a single manifest from the index + * ociindex: refactor to hide implementation internally + * cache: test gha cache exporter + * containerdexecutor: add network namespace callback + * frontend/dockerfile: BFlags.Parse(): use strings.Cut() + * frontend/dockerfile: parseExtraHosts(): use strings.Cut() + * frontend/dockerfile: parseMount() use strings.Cut(), and some minor cleanup + * frontend/dockerfile: move check for cache-sharing + * frontend/dockerfile: provide suggestions for mount share mode + * frontend/dockerfile: define types for enums + * frontend/dockerfile/shell: use strings.Equalfold + * frontend/dockerfile/parser: remove redundant concat + * frontend/dockerfile: parseBuildStageName(): pre-compile regex + * frontend/dockerfile: remove isSSHMountsSupported, isSecretMountsSupported + * docs: Enable rootless for stargz-snapshotter + * executor/oci: GetResolvConf(): simplify handling of resolv.conf +- fix rpmlint errors + * systemd units should not have execute permissions + * add missing %service_add_pre for the systemd units + +------------------------------------------------------------------- +Tue Jan 31 17:50:32 UTC 2023 - Dirk Müller + +- update to 0.11.2: + * Update containerd patches to fix regression in handling push errors + * Multiple fixes for History API #3530 + * Fix issue with parallel build requests using local cache imports #3493 + * Builtin Dockerfile frontend has been updated to 1.5.1, fixing possible + panic in certain warning condition #3505 + * Fix possible hang when closing down the SSH forwarding socket in v0.11.0 + * Fix typo in an environment variable used to configure OpenTelemetry + endpoints #3508 + * Builtin Dockerfile frontend has been updated to v1.5.0 + https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0 + * BuildKit and compatible frontends can now produce SBOM (Software Bill of + Materials) attestations for the build results to show the dependencies + of the build. These attestations can be added to images and locally + exported files. Using Dockerfiles, SBOM information can be configured to + be produced also based on files in intermediate build stages or build + context, or run processes that manually define the SBOM dependencies. + When exporting an image, layer mapping is also produced that allows + tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983 + #3358 #3312 #3407 #3408 #3410 #3414 #3422 + * BuildKit can now produce a Provenance attestation for the build result + in SLSA format. Provenance attestations describe how a build was + produced, and what sources/parameters were used. In addition to fields + part of the SLSA specification, Buildkit's provenance also exports + BuildKit-specific metadata like LLB steps with their source- and layer + mapping. Provenance attestation will capture all the build sources + visible to BuildKit, for example, not only the Git repository where the + project's source is coming from but also the digests of all the + container images used during the build. #3240 #3428 #3428 #3462 + * BuildKit now supports reproducible builds by setting `SOURCE_DATE_EPOCH` + build argument or `source-date-epoch` exporter attribute. This + deterministic date will be used in image metadata instead of the current + time. #2918 #3262 #3152 Read documentation + * OCI annotations can now be set to build results exported as images or + OCI layouts. Annotations can be set on both image manifests and indexes, + as well as descriptors to them. #3283 #3061 #2975 #2879 Read + documentation + * New Build History API allows listening to events about builds starting + and completing, and streaming progress of active builds. New commands + `buildctl debug monitor`, `buildctl debug logs` and `buildctl debug get` + have been added to use this API. Build records also keep OpenTelemetry + traces, provenance attestations, and image manifests if they were + created by the build. #3294 #3339 #3440 + * Build results exported with image, local or tar exporters now support + attestations. In addition to builtin SBOM and Provenance attestations, + frontends can produce custom attestations in in-toto format #3197 #3070 + #3129 #3073 #3063 #2935 #3289 #3389 #3321 #3342 #3461 Read documentation + * New Source type `oci-layout://` allows builds to import images from OCI + directory structure on the client side. This allows using local versions + of the image. #3112 #3300 #3122 #3034 #2971 #2827 #3397 + * Build requests now support sending a Source policy definition. A policy + can be used to deny access to specific sources (e.g. images or URLs) or + only allow access to specific image namespaces. Policies can also be + used to modify sources when they are requested by the build, for + example, pin a tag requested by the build to a specific digest even if + it has already changed in the registry. #3332 + * New remote cache backend: Azure Blob Storage #3010 + * New remote cache backend: S3 #2824 #3065 + * BuildKit now supports Nydus compression type #2581 + * OCI exporter now supports attribute `tar=false` to export OCI layout + into a directory instead of downloading a tarball. #3162 + * Setting multiple cache exporters for a single build is now supported + #3024 #3271 + * Cache exporters can now be configured to ignore exporting errors #3430 + * Remote cache import/export to client-side local files now supports tag + parameter for scoping cache #3111 + * CNI network namespaces are now provisioned from a pool for increased + performance #3107 + * New Info service has been added to control API for asking BuildKit + daemon's version #2725 + * Gateway API now has a new `Evaluate` method to control the lazy solve + behavior #3137 + * Allow mounting secrets with empty contents #3081 + * New RemoveMountStubsRecursive option has been added to LLB ExecOp to + control the cleanup behavior of mounts. By default, empty mount stubs + are now cleaned up recursively in new frontends. #3314 + * LLB Image source now allows pulling partial layer chains from image + * Allow hostname to be set by network provider (K8S_POD_NAME) #3044 + * Improve handling and logging of API health checks #2998 + * RegistryToken auth from Docker config is now allowed as authentication + input #2868 + * Image exporter with containerd worker now allows skipping adding image + to containerd image store with `store=false`. If not set then images + stored images are now guaranteed to be unlazied and unpacked. #2800 + * `buildctl` now loads Github runtime environment when using GHA remote + cache #2707 + * Support for `conflist` when configuring CNI networking #3029 + * Platform info has been added to the build result descriptor metadata + * Allow sourcemaps to link single LLB vertex to multiple source locations + * Support for SSH connection helper #2843 + * Empty stub paths created by mount points when build container runs are + now cleaned up and do not remain in the final image. #3307 #3149 + * Improve performance on BoltDB commits #3261 + * Indentation of some of the image manifests has been fixed to use double + spaces #3259 + * Fix caching checksum error on copying files with custom UID/GID #3295 + * Fix cases where copy operation left behind nondeterministic timestamps + for better support for reproducible builds #3298 + * Fix SSH forwarding incompatibility with OpenSSH >= 8.9 #3274 + * Stargz has been updated to v0.13.0 #3280 + * Embedded QEMU emulators have been updated to v7.1.0 with new patches for + path handling. #3386 + * Fix unpacking images with no layers #3251 + * Fix possible nil pointer exception in LLB bridge #3233 #3169 #3066 + * Fix cleanup of containerd tasks if a start fails #3253 + * Fix handling Windows paths in content checksums #3227 + * Fix possible missing newline in progress output #3072 + * Fix possible early EOF on SSH forwarding #3431 + * Fix possible panic in concurrent OpenTelemetry access #3058 + * Previously deprecated old cache options have been removed #2982 + * Daemonless script has been updated to handle already stopped process + #3005 + * Fix closing session if shared by multiple clients #2995 + * `buildctl du` command now supports JSON formatting #2992 + * Registry push errors now show additional context #2981 + * Improve default description of FileOp vertexes #2932 + * Make sure progress from exporting is properly keyed on parallel requests + * Terminal colors are now configurable #2954 + * Build errors now always print stacktraces to daemon logs in debug mode +- switch packaging to zstd +- include ldflags to set the version number in the binaries correctly + +------------------------------------------------------------------- +Wed Nov 24 09:43:06 UTC 2021 - Richard Brown + +- Initial Packaging diff --git a/buildkit.obsinfo b/buildkit.obsinfo new file mode 100644 index 0000000..d906f7f --- /dev/null +++ b/buildkit.obsinfo @@ -0,0 +1,4 @@ +name: buildkit +version: 0.18.0 +mtime: 1732821394 +commit: 38a47dbbc69d4640a052a662611aece3427164c0 diff --git a/buildkit.service b/buildkit.service new file mode 100644 index 0000000..e68811c --- /dev/null +++ b/buildkit.service @@ -0,0 +1,11 @@ +[Unit] +Description=BuildKit +Requires=buildkit.socket +After=buildkit.socket +Documentation=https://github.com/moby/buildkit + +[Service] +ExecStart=/usr/bin/buildkitd --addr fd:// + +[Install] +WantedBy=multi-user.target diff --git a/buildkit.spec b/buildkit.spec new file mode 100644 index 0000000..aaadcda --- /dev/null +++ b/buildkit.spec @@ -0,0 +1,80 @@ +# +# spec file for package buildkit +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global provider github +%global provider_tld com +%global project moby +%global repo buildkit +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} +Name: buildkit +Version: 0.18.0 +Release: 0 +Summary: Toolkit for converting source code to build artifacts +License: Apache-2.0 +URL: https://github.com/moby/buildkit +Source: %{name}-%{version}.tar.zst +Source1: vendor.tar.zst +Source2: buildkit.service +BuildRequires: containerd +BuildRequires: runc +BuildRequires: systemd-rpm-macros +BuildRequires: zstd +BuildRequires: golang(API) >= 1.13 +Requires: containerd +Requires: runc + +%description +BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. + +%prep +%setup -qa1 + +%build +go build -mod=vendor -buildmode=pie -ldflags '-X %{import_path}/version.Version=%{version}' -o _output/buildkitd %{provider_prefix}/cmd/buildkitd +go build -mod=vendor -buildmode=pie -ldflags '-X %{import_path}/version.Version=%{version}' -o _output/buildctl %{provider_prefix}/cmd/buildctl + +%install +mkdir -p %{buildroot}%{_bindir}/ +mkdir -p %{buildroot}%{_unitdir}/ +install -m 0755 _output/buildkitd %{buildroot}%{_bindir}/buildkitd +install -m 0755 _output/buildctl %{buildroot}%{_bindir}/buildctl +install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/buildkit.service +install -m 0644 examples/systemd/system/buildkit.socket %{buildroot}%{_unitdir}/buildkit.socket + +%pre +%service_add_pre buildkit.socket buildkit.service + +%post +%service_add_post buildkit.socket buildkit.service + +%preun +%service_del_preun buildkit.socket buildkit.service + +%postun +%service_del_postun buildkit.socket buildkit.service + +%files +%license LICENSE +%doc README.md docs/*.md +%{_bindir}/buildkitd +%{_bindir}/buildctl +%{_unitdir}/buildkit.socket +%{_unitdir}/buildkit.service + +%changelog diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..d6f5c2a --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:787549441b2402012b07dd386ccfe89cee5c8fb1c5c3051d2d376477d628f474 +size 4828465