Docker CLI plugin for extended build capabilities with BuildKit
Go to file
Justin Chadwell 1e72e32ec3
Merge pull request #1412 from jedevc/attestations-cli
Attestations from buildx
2022-12-08 17:30:31 +00:00
.github Merge pull request #1268 from crazy-max/hack-output 2022-11-29 12:16:38 +01:00
bake bake: add attests field 2022-12-07 18:44:21 +00:00
build build: add attestations to build options 2022-12-07 18:43:36 +00:00
builder builder: fix default docker context behavior 2022-12-07 08:52:12 +01:00
cmd/buildx kubernetes: enable azure auth 2022-08-01 16:51:48 -07:00
commands bake: add attests field 2022-12-07 18:44:21 +00:00
docs bake: add attests field 2022-12-07 18:44:21 +00:00
driver kubernetes: fix context load test 2022-12-05 17:13:03 +01:00
hack Merge pull request #1433 from crazy-max/makefile-build-opts 2022-12-07 05:04:44 +01:00
monitor build: fix issues with leaving invoke containers running 2022-08-08 23:16:59 -07:00
store store: skip DockerContext field from being saved 2022-12-07 13:15:18 +01:00
util build: add attests flag and sbom/provenance shorthands 2022-12-07 18:44:11 +00:00
vendor vendor: update buildkit to master@9624ab4 2022-12-05 17:03:47 +01:00
version rename to docker/buildx 2019-04-24 20:02:20 -07:00
.dockerignore hack: use single output dir 2022-10-24 08:30:35 +02:00
.gitignore hack: use single output dir 2022-10-24 08:30:35 +02:00
.golangci.yml lint: add nolintlint and fix violations 2022-10-20 09:49:51 +01:00
.mailmap Bake workflow 2021-09-03 22:50:05 +02:00
AUTHORS Bake workflow 2021-09-03 22:50:05 +02:00
codecov.yml GitHub Actions for test 2020-12-05 04:18:28 +01:00
docker-bake.hcl hack: use single output dir 2022-10-24 08:30:35 +02:00
Dockerfile hack: mutualize build opts in Makefile and Dockerfile 2022-11-29 17:05:25 +01:00
go.mod vendor: update buildkit to master@9624ab4 2022-12-05 17:03:47 +01:00
go.sum vendor: update buildkit to master@9624ab4 2022-12-05 17:03:47 +01:00
LICENSE Add LICENSE file 2019-05-24 17:35:34 -07:00
MAINTAINERS add jedevc to maintainers 2022-08-01 22:22:47 -07:00
Makefile hack: mutualize build opts in Makefile and Dockerfile 2022-11-29 17:05:25 +01:00
README.md docs: refactored file and directory structure 2022-11-04 19:57:50 +01:00

buildx

GitHub release PkgGoDev Build Status Go Report Card codecov

buildx is a Docker CLI plugin for extended build capabilities with BuildKit.

Key features:

  • Familiar UI from docker build
  • Full BuildKit capabilities with container driver
  • Multiple builder instance support
  • Multi-node builds for cross-platform images
  • Compose build support
  • High-level build constructs (bake)
  • In-container driver support (both Docker and Kubernetes)

Table of Contents

Installing

Using buildx as a docker CLI plugin requires using Docker 19.03 or newer. A limited set of functionality works with older versions of Docker when invoking the binary directly.

Windows and macOS

Docker Buildx is included in Docker Desktop for Windows and macOS.

Linux packages

Docker Linux packages also include Docker Buildx when installed using the DEB or RPM packages.

Manual download

Important

This section is for unattended installation of the buildx component. These instructions are mostly suitable for testing purposes. We do not recommend installing buildx using manual download in production environments as they will not be updated automatically with security updates.

On Windows and macOS, we recommend that you install Docker Desktop instead. For Linux, we recommend that you follow the instructions specific for your distribution.

You can also download the latest binary from the GitHub releases page.

Rename the relevant binary and copy it to the destination matching your OS:

OS Binary name Destination folder
Linux docker-buildx $HOME/.docker/cli-plugins
macOS docker-buildx $HOME/.docker/cli-plugins
Windows docker-buildx.exe %USERPROFILE%\.docker\cli-plugins

Or copy it into one of these folders for installing it system-wide.

On Unix environments:

  • /usr/local/lib/docker/cli-plugins OR /usr/local/libexec/docker/cli-plugins
  • /usr/lib/docker/cli-plugins OR /usr/libexec/docker/cli-plugins

On Windows:

  • C:\ProgramData\Docker\cli-plugins
  • C:\Program Files\Docker\cli-plugins

Note

On Unix environments, it may also be necessary to make it executable with chmod +x:

$ chmod +x ~/.docker/cli-plugins/docker-buildx

Dockerfile

Here is how to install and use Buildx inside a Dockerfile through the docker/buildx-bin image:

# syntax=docker/dockerfile:1
FROM docker
COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx
RUN docker buildx version

Set buildx as the default builder

Running the command docker buildx install sets up docker builder command as an alias to docker buildx build. This results in the ability to have docker build use the current buildx builder.

To remove this alias, run docker buildx uninstall.

Building

# Buildx 0.6+
$ docker buildx bake "https://github.com/docker/buildx.git"
$ mkdir -p ~/.docker/cli-plugins
$ mv ./bin/buildx ~/.docker/cli-plugins/docker-buildx

# Docker 19.03+
$ DOCKER_BUILDKIT=1 docker build --platform=local -o . "https://github.com/docker/buildx.git"
$ mkdir -p ~/.docker/cli-plugins
$ mv buildx ~/.docker/cli-plugins/docker-buildx

# Local 
$ git clone https://github.com/docker/buildx.git && cd buildx
$ make install

Getting started

Building with buildx

Buildx is a Docker CLI plugin that extends the docker build command with the full support of the features provided by Moby BuildKit builder toolkit. It provides the same user experience as docker build with many new features like creating scoped builder instances and building against multiple nodes concurrently.

After installation, buildx can be accessed through the docker buildx command with Docker 19.03. docker buildx build is the command for starting a new build. With Docker versions older than 19.03 buildx binary can be called directly to access the docker buildx subcommands.

$ docker buildx build .
[+] Building 8.4s (23/32)
 => ...

Buildx will always build using the BuildKit engine and does not require DOCKER_BUILDKIT=1 environment variable for starting builds.

The docker buildx build command supports features available for docker build, including features such as outputs configuration, inline build caching, and specifying target platform. In addition, Buildx also supports new features that are not yet available for regular docker build like building manifest lists, distributed caching, and exporting build results to OCI image tarballs.

Buildx is flexible and can be run in different configurations that are exposed through various "drivers". Each driver defines how and where a build should run, and have different feature sets.

We currently support the following drivers:

For more information on drivers, see the drivers guide.

Working with builder instances

By default, buildx will initially use the docker driver if it is supported, providing a very similar user experience to the native docker build. Note that you must use a local shared daemon to build your applications.

Buildx allows you to create new instances of isolated builders. This can be used for getting a scoped environment for your CI builds that does not change the state of the shared daemon or for isolating the builds for different projects. You can create a new instance for a set of remote nodes, forming a build farm, and quickly switch between them.

You can create new instances using the docker buildx create command. This creates a new builder instance with a single node based on your current configuration.

To use a remote node you can specify the DOCKER_HOST or the remote context name while creating the new builder. After creating a new instance, you can manage its lifecycle using the docker buildx inspect, docker buildx stop, and docker buildx rm commands. To list all available builders, use buildx ls. After creating a new builder you can also append new nodes to it.

To switch between different builders, use docker buildx use <name>. After running this command, the build commands will automatically use this builder.

Docker also features a docker context command that can be used for giving names for remote Docker API endpoints. Buildx integrates with docker context so that all of your contexts automatically get a default builder instance. While creating a new builder instance or when adding a node to it you can also set the context name as the target.

Building multi-platform images

BuildKit is designed to work well for building for multiple platforms and not only for the architecture and operating system that the user invoking the build happens to run.

When you invoke a build, you can set the --platform flag to specify the target platform for the build output, (for example, linux/amd64, linux/arm64, or darwin/amd64).

When the current builder instance is backed by the docker-container or kubernetes driver, you can specify multiple platforms together. In this case, it builds a manifest list which contains images for all specified architectures. When you use this image in docker run or docker service, Docker picks the correct image based on the node's platform.

You can build multi-platform images using three different strategies that are supported by Buildx and Dockerfiles:

  1. Using the QEMU emulation support in the kernel
  2. Building on multiple native nodes using the same builder instance
  3. Using a stage in Dockerfile to cross-compile to different architectures

QEMU is the easiest way to get started if your node already supports it (for example. if you are using Docker Desktop). It requires no changes to your Dockerfile and BuildKit automatically detects the secondary architectures that are available. When BuildKit needs to run a binary for a different architecture, it automatically loads it through a binary registered in the binfmt_misc handler.

For QEMU binaries registered with binfmt_misc on the host OS to work transparently inside containers they must be registered with the fix_binary flag. This requires a kernel >= 4.8 and binfmt-support >= 2.1.7. You can check for proper registration by checking if F is among the flags in /proc/sys/fs/binfmt_misc/qemu-*. While Docker Desktop comes preconfigured with binfmt_misc support for additional platforms, for other installations it likely needs to be installed using tonistiigi/binfmt image.

$ docker run --privileged --rm tonistiigi/binfmt --install all

Using multiple native nodes provide better support for more complicated cases that are not handled by QEMU and generally have better performance. You can add additional nodes to the builder instance using the --append flag.

Assuming contexts node-amd64 and node-arm64 exist in docker context ls;

$ docker buildx create --use --name mybuild node-amd64
mybuild
$ docker buildx create --append --name mybuild node-arm64
$ docker buildx build --platform linux/amd64,linux/arm64 .

Finally, depending on your project, the language that you use may have good support for cross-compilation. In that case, multi-stage builds in Dockerfiles can be effectively used to build binaries for the platform specified with --platform using the native architecture of the build node. A list of build arguments like BUILDPLATFORM and TARGETPLATFORM is available automatically inside your Dockerfile and can be leveraged by the processes running as part of your build.

# syntax=docker/dockerfile:1
FROM --platform=$BUILDPLATFORM golang:alpine AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM" > /log
FROM alpine
COPY --from=build /log /log

You can also use tonistiigi/xx Dockerfile cross-compilation helpers for more advanced use-cases.

High-level build options

See docs/manuals/bake/index.md for more details.

Contributing

Want to contribute to Buildx? Awesome! You can find information about contributing to this project in the CONTRIBUTING.md