Skip to content

feat(docker): upgrade buildkit and buildx #698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
neilime merged 1 commit into from
Mar 16, 2026
Merged

feat(docker): upgrade buildkit and buildx #698

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 41 additions & 45 deletions .github/workflows/docker-build-images.md
View file
Open in desktop

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions .github/workflows/docker-build-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,11 @@ on: # yamllint disable-line rule:truthy
Inline BuildKit daemon configuration.
See https://github.com/docker/setup-buildx-action#inputs.
Example for insecure registry:
```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
```
```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
```
type: string
required: false
sign:
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ npm-audit-fix: ## Execute npm audit fix

ci: ## Execute CI tasks
$(MAKE) npm-audit-fix
$(MAKE) lint
$(MAKE) lint-fix

test-build-application: ## Build the test application image
@docker buildx build \
Expand Down
134 changes: 52 additions & 82 deletions actions/docker/build-image/README.md
View file
Open in desktop

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions actions/docker/build-image/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,11 @@ inputs:
Inline BuildKit daemon configuration.
See https://github.com/docker/setup-buildx-action#inputs.
Example for insecure registry:
```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
```
```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
```
required: false
multi-platform:
description: |
Expand Down
66 changes: 45 additions & 21 deletions actions/docker/setup/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Shared action to configure Docker tooling and OCI registry authentication.
## Usage

````yaml
- uses: hoverkraft-tech/ci-github-container/actions/docker/setup@a0bab9151cc074af9f6c8204ab42a48d2d570379 # 0.30.6
- uses: hoverkraft-tech/ci-github-container/actions/docker/setup@c84014f56f57f8abe320ffa48adccbb997681550 # feat/docker-upgrade-buildkit-buildx
with:
# OCI registry configuration used to pull, push and cache images.
# Accepts either a registry hostname string (default format) or a JSON object.
Expand Down Expand Up @@ -73,30 +73,54 @@ Shared action to configure Docker tooling and OCI registry authentication.

## Inputs

| **Input** | **Description** | **Required** | **Default** |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------ | ----------- |
| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` |
| | Accepts either a registry hostname string (default format) or a JSON object. | | |
| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | |
| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **false** | - |
| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | |
| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **false** | - |
| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | |
| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | - |
| | See <https://github.com/docker/setup-buildx-action#inputs>. | | |
| | Example for insecure registry: | | |
| | ```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
``` | | |
| **`built-images`** | Optional built images payload used to resolve manifest publication registries. | **false** | - |
| | When provided, registry authentication targets are inferred from the built image data. | | |
| **`setup-buildx`** | Whether to install and configure Docker Buildx. | **false** | `true` |
| **Input** | **Description** | **Required** | **Default** |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ----------- |
| **`oci-registry`** | OCI registry configuration used to pull, push and cache images. | **true** | `ghcr.io` |
| | Accepts either a registry hostname string (default format) or a JSON object. | | |
| | JSON example: `{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}` | | |
| **`oci-registry-username`** | Username configuration used to log against OCI registries. | **false** | - |
| | Accepts either a single username string (default format) or a JSON object using the same keys as `oci-registry`. | | |
| **`oci-registry-password`** | Password or personal access token configuration used to log against OCI registries. | **false** | - |
| | Accepts either a single password/token string (default format) or a JSON object using the same keys as `oci-registry`. | | |
| **`buildkitd-config-inline`** | Inline BuildKit daemon configuration. | **false** | - |
| | See <https://github.com/docker/setup-buildx-action#inputs>. | | |
| | Example for insecure registry: | | |
| | <!-- textlint-disable --><pre lang="ini">[registry."my-registry.local:5000"]&#13; http = true&#13; insecure = true</pre><!-- textlint-enable --> | | |
| **`built-images`** | Optional built images payload used to resolve manifest publication registries. | **false** | - |
| | When provided, registry authentication targets are inferred from the built image data. | | |
| **`setup-buildx`** | Whether to install and configure Docker Buildx. | **false** | `true` |

<!-- inputs:end -->

### Multiple registries

The default single-registry format still works:

```yaml
oci-registry: ghcr.io
oci-registry-username: ${{ github.repository_owner }}
oci-registry-password: ${{ github.token }}
```

To configure distinct pull, push and cache registries, pass JSON objects:

```yaml
oci-registry: |
{"pull":"docker.io","pull:private":"ghcr.io","push":"ghcr.io"}
oci-registry-username: |
{"pull:private":"${{ github.repository_owner }}","push":"${{ github.repository_owner }}"}
oci-registry-password: |
{"pull:private":"${{ github.token }}","push":"${{ github.token }}"}
```

Registry credentials are resolved by role using the same keys as `oci-registry`.
`pull` is the default pull registry, while `pull:<name>` can be repeated for additional pull registries.
When no pull registry is provided, the push registry is also used for pulls.
Optional pull registries without credentials are skipped, which is useful for public registries such as Docker Hub.

<!-- secrets:start -->
<!-- secrets:end -->

<!-- outputs:start -->

## Outputs
Expand Down
14 changes: 7 additions & 7 deletions actions/docker/setup/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ inputs:
Inline BuildKit daemon configuration.
See https://github.com/docker/setup-buildx-action#inputs.
Example for insecure registry:
```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
```
```ini
[registry."my-registry.local:5000"]
http = true
insecure = true
```
built-images:
description: |
Optional built images payload used to resolve manifest publication registries.
Expand Down Expand Up @@ -393,10 +393,10 @@ runs:
id: setup-buildx
with:
# FIXME: upgrade version when available (https://github.com/docker/buildx/releases)
version: v0.31.1
version: v0.32.1
# FIXME: upgrade version when available (https://hub.docker.com/r/moby/buildkit)
driver-opts: |
image=moby/buildkit:v0.27.0
image=moby/buildkit:v0.28.0
buildkitd-config-inline: ${{ inputs.buildkitd-config-inline }}

- if: steps.resolve-oci-registries.outputs.has-registry-auth == 'true'
Expand Down
5 changes: 5 additions & 0 deletions actions/helm/generate-docs/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading