centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 06:18:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

Update buildkit reference to v0.24.0 (#23354)

Browse Source 
## Description

https://github.com/moby/buildkit/releases/tag/v0.24.0

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2025-09-04 10:15:28 +02:00
committed by GitHub
parent e085bfab7c
commit 54fe6a2666
7 changed files with 135 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
_vendor/github.com/moby/buildkit/docs/buildkitd.toml.md generated
View File

@@ -20,7 +20,7 @@ trace = true
# root is where all buildkit state is stored.
root = "/var/lib/buildkit"
# insecure-entitlements allows insecure entitlements, disabled by default.
insecure-entitlements = [ "network.host", "security.insecure" ]
insecure-entitlements = [ "network.host", "security.insecure", "device" ]
[log]
# log formatter: json or text
@@ -69,7 +69,6 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
# Whether run subprocesses in main pid namespace or not, this is useful for
# running rootless buildkit inside a container.
noProcessSandbox = false
# gc enables/disables garbage collection
gc = true
# reservedSpace is the minimum amount of disk space guaranteed to be
@@ -87,7 +86,6 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
# collector will attempt to leave - however, it will never be bought below
# reservedSpace.
minFreeSpace = "20GB"
# alternate OCI worker binary name(example 'crun'), by default either
# buildkit-runc or runc binary is used
binary = ""
@@ -116,7 +114,6 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
# collector will attempt to leave - however, it will never be bought below
# reservedSpace.
minFreeSpace = "10GB"
# keepDuration can be an integer number of seconds (e.g. 172800), or a
# string duration (e.g. "48h")
keepDuration = "48h"
@@ -148,7 +145,8 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
# collector will attempt to leave - however, it will never be bought below
# reservedSpace.
minFreeSpace = "20GB"
# limit the number of parallel build steps that can run at the same time
max-parallelism = 4
# maintain a pool of reusable CNI network namespaces to amortize the overhead
# of allocating and releasing the namespaces
cniPoolSize = 16
@@ -195,7 +193,6 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
[frontend."gateway.v0"]
enabled = true
# If allowedRepositories is empty, all gateway sources are allowed.
# Otherwise, only the listed repositories are allowed as a gateway source.
#
@@ -208,5 +205,4 @@ insecure-entitlements = [ "network.host", "security.insecure" ]
[system]
# how often buildkit scans for changes in the supported emulated platforms
platformsCacheMaxAge = "1h"
```

41
_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/reference.md generated
View File

@@ -721,6 +721,12 @@ RUN --device=name,[required]
`RUN --device` allows build to request [CDI devices](https://github.com/moby/buildkit/blob/master/docs/cdi.md)
to be available to the build step.
> [!WARNING]
> The use of `--device` is protected by the `device` entitlement, which needs
> to be enabled when starting the buildkitd daemon with
> `--allow-insecure-entitlement device` flag or in [buildkitd config](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md),
> and for a build request with [`--allow device` flag](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow).
The device `name` is provided by the CDI specification registered in BuildKit.
In the following example, multiple devices are registered in the CDI
@@ -752,6 +758,8 @@ devices:
containerEdits:
env:
- QUX=injected
annotations:
org.mobyproject.buildkit.device.autoallow: true
```
The device name format is flexible and accepts various patterns to support
@@ -762,6 +770,14 @@ multiple device configurations:
* `vendor1.com/device=*`: request all devices for this vendor
* `class1`: request devices by `org.mobyproject.buildkit.device.class` annotation
> [!NOTE]
> Annotations are supported by the CDI specification since 0.6.0.
> [!NOTE]
> To automatically allow all devices registered in the CDI specification, you
> can set the `org.mobyproject.buildkit.device.autoallow` annotation. You can
> also set this annotation for a specific device.
#### Example: CUDA-Powered LLaMA Inference
In this example we use the `--device` flag to run `llama.cpp` inference using
@@ -1889,7 +1905,7 @@ conditions for cache reuse.
### COPY --parents
> [!NOTE]
> Not yet available in stable syntax, use [`docker/dockerfile:1.7-labs`](#syntax) version.
> Not yet available in stable syntax, use [`docker/dockerfile:1-labs`](#syntax) version.
```dockerfile
COPY [--parents[=<boolean>]] <src> ... <dest>
@@ -1946,7 +1962,7 @@ with the `--parents` flag, the Buildkit is capable of packing multiple
### COPY --exclude
> [!NOTE]
> Not yet available in stable syntax, use [`docker/dockerfile:1.7-labs`](#syntax) version.
> Not yet available in stable syntax, use [`docker/dockerfile:1-labs`](#syntax) version.
```dockerfile
COPY [--exclude=<path> ...] <src> ... <dest>
@@ -2608,16 +2624,17 @@ RUN echo "I'm building for $TARGETPLATFORM"
### BuildKit built-in build args
| Arg | Type | Description |
|----------------------------------|--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `BUILDKIT_CACHE_MOUNT_NS` | String | Set optional cache ID namespace. |
| `BUILDKIT_CONTEXT_KEEP_GIT_DIR` | Bool | Trigger Git context to keep the `.git` directory. |
| `BUILDKIT_HISTORY_PROVENANCE_V1` | Bool | Enable [SLSA Provenance v1](https://slsa.dev/spec/v1.1/provenance) for build history record. |
| `BUILDKIT_INLINE_CACHE`[^2] | Bool | Inline cache metadata to image config or not. |
| `BUILDKIT_MULTI_PLATFORM` | Bool | Opt into deterministic output regardless of multi-platform output or not. |
| `BUILDKIT_SANDBOX_HOSTNAME` | String | Set the hostname (default `buildkitsandbox`) |
| `BUILDKIT_SYNTAX` | String | Set frontend image |
| `SOURCE_DATE_EPOCH` | Int | Set the Unix timestamp for created image and layers. More info from [reproducible builds](https://reproducible-builds.org/docs/source-date-epoch/). Supported since Dockerfile 1.5, BuildKit 0.11 |
| Arg | Type | Description |
|----------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `BUILDKIT_BUILD_NAME` | String | Override the build name shown in [`buildx history` command](https://docs.docker.com/reference/cli/docker/buildx/history/) and [Docker Desktop Builds view](https://docs.docker.com/desktop/use-desktop/builds/). |
| `BUILDKIT_CACHE_MOUNT_NS` | String | Set optional cache ID namespace. |
| `BUILDKIT_CONTEXT_KEEP_GIT_DIR` | Bool | Trigger Git context to keep the `.git` directory. |
| `BUILDKIT_HISTORY_PROVENANCE_V1` | Bool | Enable [SLSA Provenance v1](https://slsa.dev/spec/v1.1/provenance) for build history record. |
| `BUILDKIT_INLINE_CACHE`[^2] | Bool | Inline cache metadata to image config or not. |
| `BUILDKIT_MULTI_PLATFORM` | Bool | Opt into deterministic output regardless of multi-platform output or not. |
| `BUILDKIT_SANDBOX_HOSTNAME` | String | Set the hostname (default `buildkitsandbox`) |
| `BUILDKIT_SYNTAX` | String | Set frontend image |
| `SOURCE_DATE_EPOCH` | Int | Set the Unix timestamp for created image and layers. More info from [reproducible builds](https://reproducible-builds.org/docs/source-date-epoch/). Supported since Dockerfile 1.5, BuildKit 0.11 |
#### Example: keep `.git` dir

8
_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/_index.md generated
View File

@@ -107,5 +107,13 @@ To learn more about how to use build checks, see
<td><a href="./invalid-definition-description/">InvalidDefinitionDescription (experimental)</a></td>
<td>Comment for build stage or argument should follow the format: `# <arg/stage name> <description>`. If this is not intended to be a description comment, add an empty line or comment between the instruction and the comment.</td>
</tr>
<tr>
<td><a href="./expose-proto-casing/">ExposeProtoCasing</a></td>
<td>Protocol in EXPOSE instruction should be lowercase</td>
</tr>
<tr>
<td><a href="./expose-invalid-format/">ExposeInvalidFormat</a></td>
<td>IP address and host-port mapping should not be used in EXPOSE instruction. This will become an error in a future release</td>
</tr>
</tbody>
</table>

55
_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/expose-invalid-format.md generated Normal file
View File

@@ -0,0 +1,55 @@
---
title: ExposeInvalidFormat
description: >-
IP address and host-port mapping should not be used in EXPOSE instruction. This will become an error in a future release
aliases:
- /go/dockerfile/rule/expose-invalid-format/
---
## Output
```text
EXPOSE instruction should not define an IP address or host-port mapping, found '127.0.0.1:80:80'
```
## Description
The [`EXPOSE`](https://docs.docker.com/reference/dockerfile/#expose) instruction
in a Dockerfile is used to indicate which ports the container listens on at
runtime. It should not include an IP address or host-port mapping, as this is
not the intended use of the `EXPOSE` instruction. Instead, it should only
specify the port number and optionally the protocol (TCP or UDP).
> [!IMPORTANT]
> This will become an error in a future release.
## Examples
❌ Bad: IP address and host-port mapping used.
```dockerfile
FROM alpine
EXPOSE 127.0.0.1:80:80
```
✅ Good: only the port number is specified.
```dockerfile
FROM alpine
EXPOSE 80
```
❌ Bad: Host-port mapping used.
```dockerfile
FROM alpine
EXPOSE 80:80
```
✅ Good: only the port number is specified.
```dockerfile
FROM alpine
EXPOSE 80
```

37
_vendor/github.com/moby/buildkit/frontend/dockerfile/docs/rules/expose-proto-casing.md generated Normal file
View File

@@ -0,0 +1,37 @@
---
title: ExposeProtoCasing
description: >-
Protocol in EXPOSE instruction should be lowercase
aliases:
- /go/dockerfile/rule/expose-proto-casing/
---
## Output
```text
Defined protocol '80/TcP' in EXPOSE instruction should be lowercase
```
## Description
Protocol names in the [`EXPOSE`](https://docs.docker.com/reference/dockerfile/#expose)
instruction should be specified in lowercase to maintain consistency and
readability. This rule checks for protocols that are not in lowercase and
reports them.
## Examples
❌ Bad: protocol is not in lowercase.
```dockerfile
FROM alpine
EXPOSE 80/TcP
```
✅ Good: protocol is in lowercase.
```dockerfile
FROM alpine
EXPOSE 80/tcp
```

2
go.mod
View File

@@ -114,7 +114,7 @@ replace (
github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.39.2
github.com/docker/model-cli => github.com/docker/model-cli v0.1.39
github.com/docker/scout-cli => github.com/docker/scout-cli v1.18.1
github.com/moby/buildkit => github.com/moby/buildkit v0.23.2
github.com/moby/buildkit => github.com/moby/buildkit v0.24.0
github.com/moby/moby => github.com/moby/moby v28.3.3+incompatible
)

2
go.sum
View File

@@ -194,6 +194,8 @@ github.com/moby/buildkit v0.22.0 h1:aWN06w1YGSVN1XfeZbj2ZbgY+zi5xDAjEFI8Cy9fTjA=
github.com/moby/buildkit v0.22.0/go.mod h1:j4pP5hxiTWcz7xuTK2cyxQislHl/N2WWHzOy43DlLJw=
github.com/moby/buildkit v0.23.2 h1:gt/dkfcpgTXKx+B9I310kV767hhVqTvEyxGgI3mqsGQ=
github.com/moby/buildkit v0.23.2/go.mod h1:iEjAfPQKIuO+8y6OcInInvzqTMiKMbb2RdJz1K/95a0=
github.com/moby/buildkit v0.24.0 h1:qYfTl7W1SIJzWDIDCcPT8FboHIZCYfi++wvySi3eyFE=
github.com/moby/buildkit v0.24.0/go.mod h1:4qovICAdR2H4C7+EGMRva5zgHW1gyhT4/flHI7F5F9k=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=