docker · crazy-max · Aug 1, 2025 · Jun 24, 2025 · thaJeztah · Jul 4, 2025
@@ -37,6 +37,10 @@ area/pkg/docker-engine:
   - changed-files:
     - any-glob-to-any-file: 'pkg/docker-engine/**'
 
+area/pkg/model:
+  - changed-files:
+    - any-glob-to-any-file: 'pkg/model/**'
+
 area/pkg/sbom:
   - changed-files:
     - any-glob-to-any-file: 'pkg/sbom/**'

@@ -0,0 +1,34 @@
+name: build-model
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - 'main'
+      - 'model/[0-9]+.[0-9]+'
+    paths:
+      - '.github/workflows/.build.yml'
+      - '.github/workflows/build-model.yml'
+      - 'hack/scripts/**'
+      - 'pkg/model/**'
+      - 'docker-bake.hcl'
+  pull_request:
+    branches:
+      - 'main'
+      - 'model/[0-9]+.[0-9]+'
+    paths:
+      - '.github/workflows/.build.yml'
+      - '.github/workflows/build-model.yml'
+      - 'hack/scripts/**'
+      - 'pkg/model/**'
+      - 'docker-bake.hcl'
+
+jobs:
+  run:
+    uses: ./.github/workflows/.build.yml
+    with:
+      name: model
+    secrets: inherit
@@ -0,0 +1,33 @@
+name: release-model
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: 'Ref (e.g. v0.1.30)'
+        required: true
+        type: string
+      repo:
+        description: 'Override default repo'
+        required: false
+        type: string
+      release:
+        description: 'Push image and create release'
+        required: false
+        type: boolean
+
+jobs:
+  release:
+    uses: ./.github/workflows/.build.yml
+    with:
+      name: model
+      release: ${{ inputs.release }}
+      push: ${{ inputs.release }}
+      envs: |
+        PKG_REPO=${{ inputs.repo }}
+        PKG_REF=${{ inputs.ref }}
+    secrets: inherit
@@ -48,6 +48,7 @@ variable "PKGS" {
     "credential-helpers",
     "docker-cli",
     "docker-engine",
+    "model",
     "sbom",
     "scan"
   ]
@@ -489,6 +490,17 @@ target "_pkg-docker-engine" {
   }
 }
 
+target "_pkg-model" {
+  args = {
+    PKG_NAME = PKG_NAME != null && PKG_NAME != "" ? PKG_NAME : "docker-model-plugin"
+    PKG_REPO = PKG_REPO != null && PKG_REPO != "" ? PKG_REPO : "https://github.com/docker/model-cli.git"
+    PKG_REF = PKG_REF != null && PKG_REF != "" ? PKG_REF : "main"
+    GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.24.4" # https://github.com/docker/model-cli/blob/301126afc8ef4b8330de56db5d2889ddbc978022/Dockerfile#L3
+    GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
+    PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+  }
+}
+
 target "_pkg-sbom" {
   args = {
     PKG_NAME = PKG_NAME != null && PKG_NAME != "" ? PKG_NAME : "docker-sbom-plugin"
@@ -528,6 +540,8 @@ function "pkgPlatforms" {
     docker-cli = ["darwin/amd64", "darwin/arm64", "linux/386", "linux/amd64", "linux/arm/v6", "linux/arm/v7", "linux/arm64", "linux/ppc64le", "linux/riscv64", "linux/s390x", "windows/amd64", "windows/arm64"]
     # https://github.com/moby/moby/blob/83264918d3e1c61341511e360a7277150b914b3f/docker-bake.hcl#L82-L91
     docker-engine = ["linux/amd64", "linux/arm/v6", "linux/arm/v7", "linux/arm64", "linux/ppc64le", "linux/s390x", "windows/amd64", "windows/arm64"]
+    # https://github.com/docker/model-cli/blob/301126afc8ef4b8330de56db5d2889ddbc978022/Makefile#L36-L40
+    model = ["darwin/amd64", "darwin/arm64", "linux/amd64", "linux/arm64", "windows/amd64", "windows/arm64"]
     # https://github.com/docker/sbom-cli-plugin/blob/b17d47dc0b20061e7924e835716caef3c6cc6a46/.goreleaser.yaml#L7-L13
     sbom = ["darwin/amd64", "darwin/arm64", "linux/amd64", "linux/arm64", "windows/amd64", "windows/arm64"]
     # https://github.com/docker/scan-cli-plugin/blob/cd76c00e79763dcb411d976971ea5b03180a4943/builder.Makefile#L25-L29

@@ -18,6 +18,7 @@ Architecture: linux-any
 Depends: ${shlibs:Depends}
 Recommends: docker-buildx-plugin,
             docker-compose-plugin
+Suggests: docker-model-plugin
 Conflicts: docker (<< 1.5~),
            docker-engine,
            docker.io

@@ -18,6 +18,8 @@ Requires: /usr/sbin/groupadd
 Recommends: docker-buildx-plugin
 Recommends: docker-compose-plugin
 
+Suggests: docker-model-plugin
+
 BuildRequires: gcc
 BuildRequires: make
 

@@ -0,0 +1,181 @@
+# syntax=docker/dockerfile:1
+
+# Copyright 2025 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG XX_VERSION="1.6.1"
+ARG DEBIAN_FRONTEND="noninteractive"
+
+ARG DISTRO_NAME="debian12"
+ARG DISTRO_TYPE="deb"
+ARG DISTRO_RELEASE="debian"
+ARG DISTRO_SUITE="bookworm"
+ARG DISTRO_ID="12"
+ARG DISTRO_IMAGE="debian:bookworm"
+
+ARG PKG_NAME="docker-model-plugin"
+ARG PKG_REPO="https://github.com/docker/model-cli.git"
+ARG PKG_REF="main"
+
+ARG GO_IMAGE="golang"
+ARG GO_VERSION="1.24.4"
+ARG GO_IMAGE_VARIANT="bookworm"
+
+# stage used as named context that mounts hack/scripts
+# see pkg target in docker-bake.hcl
+FROM scratch AS scripts
+
+# cross compilation helper
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+# go base image to retrieve /usr/local/go
+FROM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS go
+FROM --platform=$BUILDPLATFORM ${GO_IMAGE}:${GO_VERSION}-${GO_IMAGE_VARIANT} AS gocross
+
+# src
+FROM --platform=$BUILDPLATFORM alpine AS src-base
+RUN apk add --no-cache bash curl file git zip tar
+
+FROM src-base AS src
+WORKDIR /src
+ARG PKG_REPO
+RUN git init . && git remote add origin "${PKG_REPO}"
+ARG PKG_REF
+RUN git fetch origin "${PKG_REF}" +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
+
+FROM src-base AS src-tgz
+RUN --mount=from=src,source=/src,target=/model \
+    mkdir /out && tar -C / -zcf /out/model.tgz --exclude .git model
+
+# metadata
+FROM src-base AS metadata-builder
+ARG PKG_REPO
+ARG PKG_REF
+ARG NIGHTLY_BUILD
+RUN --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
+    --mount=type=bind,from=src,source=/src,target=/src <<EOT
+  set -e
+  mkdir -p /out
+  for l in $(gen-ver "/src"); do
+    export "${l?}"
+  done
+  cat > "/out/metadata.env" <<-EOF
+REPO=${PKG_REPO%.*}
+REF=${PKG_REF}
+VERSION=${GENVER_VERSION}
+COMMIT=${GENVER_COMMIT}
+EOF
+EOT
+
+FROM scratch AS metadata
+COPY --from=metadata-builder /out /
+
+# deb
+FROM ${DISTRO_IMAGE} AS builder-deb
+COPY --from=xx / /
+ARG DEBIAN_FRONTEND
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GOPATH="/go"
+ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ENV GOTOOLCHAIN="local"
+ENV GO111MODULE="on"
+ENV CGO_ENABLED="0"
+ARG DISTRO_NAME
+RUN apt-get update && apt-get install -y --no-install-recommends apt-utils bash ca-certificates curl devscripts equivs git
+COPY deb /root/package/debian
+ARG TARGETPLATFORM
+RUN mk-build-deps -t "xx-apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/package/debian/control
+WORKDIR /root/package
+ARG NIGHTLY_BUILD
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG PKG_NAME
+ARG PKG_REF
+ARG PKG_PACKAGER
+ARG PKG_DEB_BUILDFLAGS
+ARG PKG_DEB_REVISION
+ARG PKG_DEB_EPOCH
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,source=scripts/pkg-deb-build.sh,target=/usr/local/bin/pkg-deb-build \
+    --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
+    --mount=type=bind,from=scripts,source=gen-deb-changelog.sh,target=/usr/local/bin/gen-deb-changelog \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=src,source=/src,target=/root/package/model,rw \
+    --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \
+    OUTDIR=/out SRCDIR=./model pkg-deb-build
+
+# rpm
+FROM ${DISTRO_IMAGE} AS builder-rpm
+COPY --from=xx / /
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GOPATH="/go"
+ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ENV GOTOOLCHAIN="local"
+ENV GO111MODULE="on"
+ENV CGO_ENABLED="0"
+ARG DISTRO_NAME
+RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
+  rpm-init $DISTRO_NAME
+COPY rpm /root/rpmbuild/SPECS
+ARG TARGETPLATFORM
+RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
+WORKDIR /root/rpmbuild
+ARG NIGHTLY_BUILD
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG PKG_NAME
+ARG PKG_REF
+ARG PKG_PACKAGER
+ARG PKG_RPM_BUILDFLAGS
+ARG PKG_RPM_RELEASE
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,source=scripts/pkg-rpm-build.sh,target=/usr/local/bin/pkg-rpm-build \
+    --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=src-tgz,source=/out/model.tgz,target=/root/rpmbuild/SOURCES/model.tgz \
+    --mount=type=bind,from=src,source=/src,target=/usr/local/src/model \
+    --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \
+    OUTDIR=/out SRCDIR=/usr/local/src/model pkg-rpm-build
+
+# static
+FROM --platform=$BUILDPLATFORM ${DISTRO_IMAGE} AS builder-static
+COPY --from=xx / /
+ARG DEBIAN_FRONTEND
+RUN apt-get update && apt-get install -y --no-install-recommends bash ca-certificates file git zip tar
+ENV GOPROXY="https://proxy.golang.org|direct"
+ENV GOPATH="/go"
+ENV PATH="$PATH:/usr/local/go/bin:$GOPATH/bin"
+ENV GOTOOLCHAIN="local"
+ENV GO111MODULE="on"
+ENV CGO_ENABLED="0"
+ARG PKG_NAME
+ARG PKG_REF
+ARG NIGHTLY_BUILD
+WORKDIR /build
+ARG TARGETPLATFORM
+RUN --mount=type=bind,source=scripts/pkg-static-build.sh,target=/usr/local/bin/pkg-static-build \
+    --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=src,source=/src,target=/usr/local/src/model \
+    --mount=type=bind,from=gocross,source=/usr/local/go,target=/usr/local/go,rw \
+    OUTDIR=/out BUILDDIR=/build SRCDIR=/usr/local/src/model pkg-static-build
+
+FROM builder-${DISTRO_TYPE} AS build-pkg
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
+FROM scratch AS pkg
+COPY --from=build-pkg /out /
@@ -0,0 +1,20 @@
+Source: docker-model-plugin
+Section: admin
+Priority: optional
+Maintainer: Docker <support@docker.com>
+Homepage: https://www.docker.com
+Vcs-Browser: https://github.com/docker/model-cli
+Vcs-Git: git://github.com/docker/model-cli.git
+Standards-Version: 3.9.6
+Build-Depends: bash,
+               debhelper-compat (= 12),
+               make
+
+Package: docker-model-plugin
+Priority: optional
+Architecture: linux-any
+Enhances: docker-ce-cli
+Description: Docker Model Runner plugin for the Docker CLI.
+ .
+ This plugin provides the 'docker model' subcommand.
+Homepage: https://docs.docker.com/model-runner/
@@ -0,0 +1,42 @@
+#!/usr/bin/make -f
+
+# force packages to be built with xz compression, as Ubuntu 21.10 and up use
+# zstd compression, which is non-standard, and breaks 'dpkg-sig --verify'
+override_dh_builddeb:
+	dh_builddeb -- -Zxz
+
+override_dh_auto_build:
+	mkdir -p /usr/libexec/docker/cli-plugins && \
+	GO111MODULE=on make -C $(CURDIR)/model VERSION=$(VERSION) ce-release \
+	&& mv $(CURDIR)/model/dist/docker-model /usr/libexec/docker/cli-plugins/docker-model
+
+override_dh_auto_test:
+	ver="$$(/usr/libexec/docker/cli-plugins/docker-model docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $$1 == "Version" { print $$2 }')"; \
+		test "$$ver" = "$(VERSION)" && echo "PASS: docker-model version OK" || (echo "FAIL: docker-model version ($$ver) did not match" && exit 1)
+
+override_dh_strip:
+	# Go has lots of problems with stripping, so just don't
+
+# http://manpages.debian.org/dh_dwz
+override_dh_dwz:
+	# dh_dwz in debhelper versions less than 13 has issues with files that are missing debug symbols (once we update to debhelper-compat 13+ this can be removed)
+	@# https://packages.debian.org/debhelper
+	@# https://packages.ubuntu.com/debhelper
+
+override_dh_auto_install:
+	install -D -p -m 0755 /usr/libexec/docker/cli-plugins/docker-model debian/docker-model-plugin/usr/libexec/docker/cli-plugins/docker-model
+
+override_dh_installinit:
+	dh_installinit
+
+override_dh_shlibdeps:
+	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+
+override_dh_install:
+	dh_install
+
+override_dh_gencontrol:
+	dh_gencontrol --remaining-packages
+
+%:
+	dh $@
@@ -0,0 +1 @@
+1.0