1de332530f
Merge pull request #2729 from thaJeztah/touchup_security
...
touch-up security policy
2024-10-10 09:57:55 -07:00
65c4756473
Merge pull request #2728 from thaJeztah/gha_permissions
...
gha: set default permissions to "contents: read"
2024-10-09 09:43:33 +02:00
d3ff70ace0
Merge pull request #2724 from jsternberg/vtproto
...
hack: generate vtproto files for buildx
2024-10-08 17:04:19 -07:00
14de641bec
vendor: update buildkit to v0.17.0-rc1
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-10-08 16:54:03 -07:00
1ce3e6a221
touch-up security policy
...
Touch-up the security policy to make the OpenSSF scorecard
slightly happier;
https://securityscorecards.dev/viewer/?uri=github.com/docker/buildx
Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-09 01:22:26 +02:00
b1a13bb740
gha: set default permissions to "contents: read"
...
make the OpenSSF scorecard slightly happier;
https://securityscorecards.dev/viewer/?uri=github.com/docker/buildx
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yml:13
Warn: no topLevel permission defined: .github/workflows/docs-release.yml:1
Warn: no topLevel permission defined: .github/workflows/docs-upstream.yml:1
Warn: no topLevel permission defined: .github/workflows/e2e.yml:1
Warn: no topLevel permission defined: .github/workflows/labeler.yml:1
Warn: no topLevel permission defined: .github/workflows/validate.yml:1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-09 01:07:18 +02:00
64c5139ab6
hack: generate vtproto files for buildx
...
Integrates vtproto into buildx. The generated files dockerfile has been
modified to copy the buildkit equivalent file to ensure files are laid
out in the appropriate way for imports.
An import has also been included to change the grpc codec to the version
in buildkit that supports vtproto. This will allow buildx to utilize the
speed and memory improvements from that.
Also updates the gc control options for prune.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-10-08 13:35:06 -05:00
d353f5f6ba
Merge pull request #2717 from crazy-max/fix-ls-notrunc
...
ls: ensure deterministic output for truncated platforms
2024-10-04 12:52:45 -07:00
4507a492da
Merge pull request #2719 from jsternberg/bake-remote-size
...
bake: raise maximum size limit and fix size check
2024-10-04 12:51:28 -07:00
9fc6f39d71
bake: raise maximum size limit and fix size check
...
Similar to https://github.com/docker/buildx/pull/2716 .
Use the file size rather than the proto size, raise the allowed limit to
the same value for consistency, and improve the error message to include
the limit in human units.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-10-04 09:11:07 -05:00
f6a27a664b
ls: ensure deterministic output for truncated platforms
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-10-04 09:27:03 +02:00
48153169d8
Merge pull request #2716 from jsternberg/dockerfile-size-limit
...
build: raise maximum size limit for dockerfile and fix size check
2024-10-03 14:25:31 -07:00
d7de22c61f
build: raise maximum size limit for dockerfile and fix size check
...
Raise the maximum size limit for the dockerfile and correct the size
check. The size check was intended to use the size attribute from the
file stat, but the original gogo version confused the `Size()`
method (which returned the size of the proto message) with the `Size`
attribute (which was named `Size_`).
During the conversion, we noticed the mistake but kept the incorrect
behavior for the sake of keeping the conversion simple.
This also raises the maximum limit because 512 kB is likely a bit too
conservative. The limit has been raised to 2 MB and the limit has been
included in the error message.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-10-03 12:12:40 -05:00
7c91f3d0dd
Merge pull request #2138 from crazy-max/ls-notrunc
...
ls: no-trunc opt
2024-10-03 08:21:09 -07:00
820f5e77ed
ls: no-trunc opt
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-10-03 11:15:46 +02:00
1db8f6789f
Merge pull request #2713 from jsternberg/gogoproto-remove
...
protobuf: remove gogoproto
2024-10-02 15:39:47 -07:00
b35a0f4718
protobuf: remove gogoproto
...
Removes gogo/protobuf from buildx and updates to a version of
moby/buildkit where gogo is removed.
This also changes how the proto files are generated. This is because
newer versions of protobuf are more strict about name conflicts. If two
files have the same name (even if they are relative paths) and are used
in different protoc commands, they'll conflict in the registry.
Since protobuf file generation doesn't work very well with
`paths=source_relative`, this removes the `go:generate` expression and
just relies on the dockerfile to perform the generation.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-10-02 15:51:59 -05:00
8e47387d02
Merge pull request #2701 from tonistiigi/fix-link-entitlements
...
bake: fix linking to targets with entitlements
2024-09-25 10:43:21 +02:00
fdda92f304
Merge pull request #2703 from docker/dependabot/github_actions/peter-evans/create-pull-request-7.0.5
...
build(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5
2024-09-25 10:42:46 +02:00
d078a3047d
Merge pull request #2705 from tonistiigi/call-fallback
...
build: use better references for --call fallback images
2024-09-25 10:42:24 +02:00
f102ad73a8
Merge pull request #2672 from daghack/dockerfile-path-on-warnings
...
build: display Dockerfile path on check warnings
2024-09-19 08:30:48 -07:00
671bd1b54d
Update to pass DockerMappingSrc and Dst in with Inputs, and return Inputs through Build
...
Signed-off-by: Talon Bowler <talon.bowler@docker.com>
2024-09-18 20:56:31 -07:00
f8657e8798
build: use better references for --call fallback images
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-09-18 18:43:40 -07:00
61d9f1d981
build(deps): bump peter-evans/create-pull-request from 7.0.3 to 7.0.5
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](6cd32fd936...5e914681df
2024-09-18 18:49:37 +00:00
9eb0318ee6
Merge pull request #2696 from crazy-max/test-fix-cleanup
...
test: fix missing envs when cleaning up some workers
2024-09-17 20:27:29 -07:00
4528269102
Merge pull request #2699 from docker/dependabot/github_actions/peter-evans/create-pull-request-7.0.3
...
build(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3
2024-09-17 09:27:20 +02:00
8d3d32e376
Merge pull request #2700 from tonistiigi/fix-link-itself
...
bake: fix validation for linking to itself
2024-09-17 09:25:26 +02:00
c60afbb25b
bake: fix linking to targets with entitlements
...
When linked target requires entitlement, same entitlement
is also needed by the caller. Otherwise, the request will
fail when the build is processed.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-09-16 16:31:22 -07:00
9bfa8603f6
bake: fix validation for linking to itself
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2024-09-16 16:29:32 -07:00
30e60628bf
build(deps): bump peter-evans/create-pull-request from 7.0.2 to 7.0.3
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.2 to 7.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](d121e62763...6cd32fd936
2024-09-16 18:36:21 +00:00
df0270d0cc
test: fix missing envs when cleaning up some workers
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-13 14:19:46 +02:00
056cf8a7ca
Merge pull request #2693 from docker/dependabot/github_actions/peter-evans/create-pull-request-7.0.2
...
build(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2
2024-09-12 22:48:06 +02:00
15c596a091
build(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...d121e62763
2024-09-12 18:30:42 +00:00
e950b2e478
Merge pull request #2692 from glours/bump-compose-go-v2.2.0
...
bump compose-go to v2.2.0
2024-09-12 19:04:35 +02:00
4da753da79
bump compose-go to v2.2.0
...
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2024-09-12 18:14:18 +02:00
3f81293fd4
Merge pull request #2691 from crazy-max/ci-fix-perms
...
ci: fix golvulncheck job permissions
2024-09-12 16:36:29 +02:00
120578091f
ci: fix golvulncheck job permissions
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-12 15:23:33 +02:00
604b723007
Merge pull request #2684 from crazy-max/inspect-buildkitd-conf
...
inspect: display buildkit daemon configuration file
2024-09-11 17:32:25 -07:00
528181c759
inspect: display buildkit daemon configuration file
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-12 00:16:24 +02:00
cd5381900c
Merge pull request #2688 from crazy-max/bump-xx
...
dockerfile: update xx to 1.5.0
2024-09-11 10:50:58 -07:00
bba2bb4b89
Merge pull request #2686 from crazy-max/bump-buildkit
...
dockerfile, ci: update buildkit to latest stable
2024-09-11 10:50:40 -07:00
8fd27b8c23
Merge pull request #2685 from crazy-max/skip-networkhost-conf
...
builder: do not set network.host entitlement flag if already set in buildkitd conf
2024-09-11 10:39:29 -07:00
6dcc8d8b84
Merge pull request #2689 from crazy-max/bake-fix-network-field
...
bake: fix missing omitempty and optional tags for network field
2024-09-11 10:35:33 -07:00
9fb8b04b64
bake: fix missing omitempty and optional tags for network field
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-11 14:47:01 +02:00
6ba5802958
Merge pull request #2687 from crazy-max/bump-docker
...
dockerfile: update docker to 27.2.1
2024-09-11 13:57:09 +02:00
f039670961
dockerfile: update xx to 1.5.0
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-11 12:59:36 +02:00
4ec12e7e68
dockerfile: update docker to 27.2.1
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-11 12:58:33 +02:00
66ed7d6162
dockerfile, ci: update buildkit to latest stable
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-11 12:51:20 +02:00
617d59d70b
builder: do not set network.host entitlement flag if already set in buildkitd conf
...
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-09-11 12:27:29 +02:00
40f444f4b8
Merge pull request #2680 from crazy-max/update-buildkit
...
vendor: update buildkit to v0.16.0
2024-09-10 18:35:06 +02:00
Tõnis Tiigi