moby · crazy-max · Feb 23, 2023 · Feb 22, 2023 · Feb 22, 2023 · Feb 22, 2023
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -20,16 +20,28 @@ env:
   SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest"
 
 jobs:
+  prepare:
+    runs-on: ubuntu-20.04
+    outputs:
+      targets: ${{ steps.targets.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Matrix
+        id: targets
+        run: |
+          echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
+
   validate:
     runs-on: ubuntu-20.04
+    needs:
+      - prepare
     strategy:
       fail-fast: false
       matrix:
-        include:
-          - script: ./hack/lint
-          - script: ./hack/validate-vendor
-          - script: ./hack/validate-generated-files
-          - script: ./hack/validate-shfmt
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
       -
         name: Checkout
@@ -42,6 +54,7 @@ jobs:
           driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
           buildkitd-flags: --debug
       -
-        name: Run
-        run: |
-          ${{ matrix.script }}
+        name: Validate
+        uses: docker/bake-action@v2
+        with:
+          targets: ${{ matrix.target }}
diff --git a/Makefile b/Makefile
@@ -1,46 +1,78 @@
 prefix=/usr/local
 bindir=$(prefix)/bin
 
-binaries: FORCE
+export BUILDX_CMD ?= docker buildx
+
+.PHONY: binaries
+binaries:
 	hack/binaries
 
-images: FORCE
+.PHONY: images
+images:
 # moby/buildkit:local and moby/buildkit:local-rootless are created on Docker
 	hack/images local moby/buildkit
 	TARGET=rootless hack/images local moby/buildkit
 
-install: FORCE
+.PHONY: install
+install:
 	mkdir -p $(DESTDIR)$(bindir)
 	install bin/* $(DESTDIR)$(bindir)
 
-clean: FORCE
+.PHONY: clean
+clean:
 	rm -rf ./bin
 
+.PHONY: test
 test:
 	./hack/test integration gateway dockerfile
 
+.PHONY: lint
 lint:
-	./hack/lint
+	$(BUILDX_CMD) bake lint
 
+.PHONY: validate-vendor
 validate-vendor:
-	./hack/validate-vendor
+	$(BUILDX_CMD) bake validate-vendor
 
+.PHONY: validate-shfmt
 validate-shfmt:
-	./hack/validate-shfmt
+	$(BUILDX_CMD) bake validate-shfmt
 
+.PHONY: shfmt
 shfmt:
-	./hack/shfmt
+	$(BUILDX_CMD) bake shfmt
+
+.PHONY: validate-authors
+validate-authors:
+	$(BUILDX_CMD) bake validate-authors
 
+.PHONY: validate-generated-files
 validate-generated-files:
-	./hack/validate-generated-files
+	$(BUILDX_CMD) bake validate-generated-files
 
-validate-all: test lint validate-vendor validate-generated-files
+.PHONY: validate-doctoc
+validate-doctoc:
+	$(BUILDX_CMD) bake validate-doctoc
 
+.PHONY: validate-all
+validate-all: test lint validate-vendor validate-generated-files validate-doctoc
+
+.PHONY: vendor
 vendor:
-	./hack/update-vendor
+	$(eval $@_TMP_OUT := $(shell mktemp -d -t buildkit-output.XXXXXXXXXX))
+	$(BUILDX_CMD) bake --set "*.output=type=local,dest=$($@_TMP_OUT)" vendor
+	rm -rf ./vendor
+	cp -R "$($@_TMP_OUT)"/out/* .
+	rm -rf "$($@_TMP_OUT)"/
 
+.PHONY: generated-files
 generated-files:
-	./hack/update-generated-files
+	$(BUILDX_CMD) bake generated-files
+
+.PHONY: authors
+authors:
+	$(BUILDX_CMD) bake authors
 
-.PHONY: vendor generated-files test binaries images install clean lint validate-all validate-vendor validate-generated-files
-FORCE:
+.PHONY: doctoc
+doctoc:
+	$(BUILDX_CMD) bake doctoc
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -0,0 +1,100 @@
+variable "ALPINE_VERSION" {
+  default = null
+}
+
+variable "GO_VERSION" {
+  default = null
+}
+
+variable "NODE_VERSION" {
+  default = null
+}
+
+target "_common" {
+  args = {
+    ALPINE_VERSION = ALPINE_VERSION
+    GO_VERSION = GO_VERSION
+    NODE_VERSION = NODE_VERSION
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
+group "validate" {
+  targets = ["lint", "validate-vendor", "validate-doctoc", "validate-generated-files", "validate-shfmt"]
+}
+
+target "lint" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
+  output = ["type=cacheonly"]
+}
+
+target "validate-vendor" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "validate-generated-files" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/generated-files.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "validate-shfmt" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/shfmt.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "validate-doctoc" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/doctoc.Dockerfile"
+  target = "validate-toc"
+  output = ["type=cacheonly"]
+}
+
+target "validate-authors" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/authors.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "vendor" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
+  target = "update"
+  output = ["."]
+}
+
+target "generated-files" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/generated-files.Dockerfile"
+  target = "update"
+  output = ["."]
+}
+
+target "shfmt" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/shfmt.Dockerfile"
+  target = "update"
+  output = ["."]
+}
+
+target "doctoc" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/doctoc.Dockerfile"
+  target = "update"
+  output = ["."]
+}
+
+target "authors" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/authors.Dockerfile"
+  target = "update"
+  output = ["."]
+}
diff --git a/hack/dockerfiles/authors.Dockerfile b/hack/dockerfiles/authors.Dockerfile
@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile-upstream:master
+
+ARG ALPINE_VERSION=3.17
+
+FROM alpine:${ALPINE_VERSION} AS gen
+RUN apk add --no-cache git
+WORKDIR /src
+RUN --mount=type=bind,target=. <<EOT
+  set -e
+  mkdir /out
+  # see also ".mailmap" for how email addresses and names are deduplicated
+  {
+    echo "# This file lists all individuals having contributed content to the repository."
+    echo "# For how it is generated, see hack/dockerfiles/authors.Dockerfile."
+    echo
+    git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf
+  } > /out/AUTHORS
+  cat /out/AUTHORS
+EOT
+
+FROM scratch AS update
+COPY --from=gen /out /
+
+FROM gen AS validate
+RUN --mount=type=bind,target=.,rw <<EOT
+  set -e
+  git add -A
+  cp -rf /out/* .
+  if [ -n "$(git status --porcelain -- AUTHORS)" ]; then
+    echo >&2 'ERROR: Authors result differs. Please update with "make authors"'
+    git status --porcelain -- AUTHORS
+    exit 1
+  fi
+EOT
diff --git a/hack/dockerfiles/doctoc.Dockerfile b/hack/dockerfiles/doctoc.Dockerfile
@@ -0,0 +1,31 @@
+# syntax=docker/dockerfile-upstream:master
+
+ARG NODE_VERSION=19
+
+FROM node:${NODE_VERSION}-alpine AS base
+RUN apk add --no-cache git
+WORKDIR /src
+
+FROM base AS doctoc
+RUN npm install -g doctoc
+RUN --mount=type=bind,source=README.md,target=README.md,rw <<EOT
+  set -e
+  doctoc README.md
+  mkdir /out
+  cp README.md /out/
+EOT
+
+FROM scratch AS update
+COPY --from=doctoc /out /
+
+FROM base AS validate-toc
+RUN --mount=type=bind,target=.,rw \
+    --mount=type=bind,from=doctoc,source=/out/README.md,target=./README.md <<EOT
+  set -e
+  diff=$(git status --porcelain -- 'README.md')
+  if [ -n "$diff" ]; then
+    echo >&2 'ERROR: The result of "doctoc" differs. Please update with "make doctoc"'
+    echo "$diff"
+    exit 1
+  fi
+EOT
diff --git a/hack/dockerfiles/generated-files.Dockerfile b/hack/dockerfiles/generated-files.Dockerfile
@@ -1,7 +1,6 @@
 # syntax=docker/dockerfile-upstream:master
 
 ARG GO_VERSION="1.20"
-ARG NODE_VERSION="19"
 ARG PROTOC_VERSION="3.11.4"
 
 # protoc is dynamically linked to glibc so can't use alpine base
@@ -54,24 +53,3 @@ RUN --mount=type=bind,target=.,rw \
     exit 1
   fi
 EOT
-
-FROM node:${NODE_VERSION}-alpine AS doctoc
-RUN npm install -g doctoc
-WORKDIR /buildkit
-RUN --mount=type=bind,target=.,rw <<EOT
-  doctoc README.md
-  mkdir /out
-  cp README.md /out/
-EOT
-
-FROM base AS validate-toc
-RUN --mount=type=bind,target=.,rw \
-    --mount=type=bind,from=doctoc,source=/out/README.md,target=./README.md <<EOT
-  set -e
-  diff=$(git status --porcelain -- 'README.md')
-  if [ -n "$diff" ]; then
-    echo >&2 'ERROR: The result of "doctoc" differs. Please update with "doctoc README.md"'
-    echo "$diff"
-    exit 1
-  fi
-EOT
diff --git a/hack/dockerfiles/shfmt.Dockerfile b/hack/dockerfiles/shfmt.Dockerfile
@@ -1,4 +1,5 @@
 # syntax=docker/dockerfile-upstream:master
+
 FROM mvdan/shfmt:v3.1.2-alpine AS shfmt
 WORKDIR /src
 ARG SHFMT_FLAGS="-i 2 -ci"

diff --git a/hack/dockerfiles/vendor.Dockerfile b/hack/dockerfiles/vendor.Dockerfile
@@ -2,20 +2,36 @@
 
 ARG GO_VERSION=1.20
 
-FROM golang:${GO_VERSION}-alpine AS vendored
-RUN  apk add --no-cache git
+FROM golang:${GO_VERSION}-alpine AS base
+RUN apk add --no-cache git rsync
 WORKDIR /src
-RUN --mount=target=/src,rw \
-  --mount=target=/go/pkg/mod,type=cache \
-  go mod tidy && go mod vendor && \
-  mkdir /out && cp -r go.mod go.sum vendor /out
+
+FROM base AS vendored
+RUN --mount=target=/context \
+    --mount=target=.,type=tmpfs  \
+    --mount=target=/go/pkg/mod,type=cache <<EOT
+  set -e
+  rsync -a /context/. .
+  go mod tidy
+  go mod vendor
+  mkdir /out
+  cp -r go.mod go.sum vendor /out
+EOT
 
 FROM scratch AS update
 COPY --from=vendored /out /out
 
 FROM vendored AS validate
-RUN --mount=target=.,rw \
-  git add -A && \
-  rm -rf vendor && \
-  cp -rf /out/* . && \
-  ./hack/validate-vendor check
+RUN --mount=target=/context \
+    --mount=target=.,type=tmpfs <<EOT
+  set -e
+  rsync -a /context/. .
+  git add -A
+  rm -rf vendor
+  cp -rf /out/* .
+  if [ -n "$(git status --porcelain -- go.mod go.sum vendor)" ]; then
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "make vendor"'
+    git status --porcelain -- go.mod go.sum vendor
+    exit 1
+  fi
+EOT