Merge pull request #345 from crazy-max/update-yarn

update yarn to 4.9.2

.dockerignore

@@ -1,6 +1,12 @@
-/.dev
 /coverage
-/dist
-/lib
-/node_modules
-/.env
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.eslintignore

@@ -0,0 +1,3 @@
+/dist/**
+/coverage/**
+/node_modules/**

.eslintrc.json

@@ -0,0 +1,24 @@
+{
+  "env": {
+    "node": true,
+    "es6": true,
+    "jest": true
+  },
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:jest/recommended",
+    "plugin:prettier/recommended"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": "latest",
+    "sourceType": "module"
+  },
+  "plugins": [
+    "@typescript-eslint",
+    "jest",
+    "prettier"
+  ]
+}

.gitattributes

@@ -1,2 +1,4 @@
+/.yarn/releases/** binary
+/.yarn/plugins/** binary
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true

.github/CODEOWNERS

@@ -1 +0,0 @@
-*	@crazy-max

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,3 @@
+# Code of conduct
+
+- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

.github/CONTRIBUTING.md

@@ -2,22 +2,24 @@
 
 Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
 
-Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE).
+Contributions to this project are [released](https://docs.github.com/en/github/site-policy/github-terms-of-service#6-contributions-under-repository-license)
+to the public under the [project's open source license](LICENSE).
 
 ## Submitting a pull request
 
-1. [Fork](https://github.com/crazy-max/ghaction-docker-buildx-bake/fork) and clone the repository
+1. [Fork](https://github.com/docker/bake-action/fork) and clone the repository
 2. Configure and install the dependencies: `yarn install`
 3. Create a new branch: `git checkout -b my-branch-name`
 4. Make your changes
 5. Make sure the tests pass: `docker buildx bake test`
 6. Format code and build javascript artifacts: `docker buildx bake pre-checkin`
 7. Validate all code has correctly formatted and built: `docker buildx bake validate`
-8. Push to your fork and [submit a pull request](https://github.com/crazy-max/ghaction-docker-buildx-bake/compare)
+8. Push to your fork and [submit a pull request](https://github.com/docker/bake-action/compare)
 9. Pat your self on the back and wait for your pull request to be reviewed and merged.
 
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 
+- Write tests.
 - Make sure the `README.md` and any other relevant **documentation are kept up-to-date**.
 - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option.
 - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as **separate pull requests**.
@@ -26,5 +28,5 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
-- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
-- [GitHub Help](https://help.github.com)
+- [Using Pull Requests](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests)
+- [GitHub Help](https://docs.github.com/en)

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,101 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Bug Report
+description: Report a bug
+labels:
+  - status/triage
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to report a bug!
+        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
+
+  - type: checkboxes
+    attributes:
+      label: Contributing guidelines
+      description: >
+        Make sure you've read the contributing guidelines before proceeding.
+      options:
+        - label: I've read the [contributing guidelines](https://github.com/docker/bake-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: "I've found a bug, and:"
+      description: |
+        Make sure that your request fulfills all of the following requirements.
+        If one requirement cannot be satisfied, explain in detail why.
+      options:
+        - label: The documentation does not mention anything about my problem
+        - label: There are no open or closed issues that are related to my problem
+
+  - type: textarea
+    attributes:
+      label: Description
+      description: >
+        Provide a brief description of the bug in 1-2 sentences.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: >
+        Describe precisely what you'd expect to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Actual behaviour
+      description: >
+        Describe precisely what is actually happening.
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Repository URL
+      description: >
+        Enter the URL of the repository where you are experiencing the
+        issue. If your repository is private, provide a link to a minimal
+        repository that reproduces the issue.
+
+  - type: input
+    attributes:
+      label: Workflow run URL
+      description: >
+        Enter the URL of the GitHub Action workflow run if public (e.g.
+        `https://github.com/<user>/<repo>/actions/runs/<id>`)
+
+  - type: textarea
+    attributes:
+      label: YAML workflow
+      description: |
+        Provide the YAML of the workflow that's causing the issue.
+        Make sure to remove any sensitive information.
+      render: yaml
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Workflow logs
+      description: >
+        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
+        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
+        and make sure to remove any sensitive information.
+
+  - type: textarea
+    attributes:
+      label: BuildKit logs
+      description: >
+        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
+      render: text
+
+  - type: textarea
+    attributes:
+      label: Additional info
+      description: |
+        Provide any additional information that could be useful.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,33 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
----
-
-### Behaviour
-
-#### Steps to reproduce this issue
-
-1.
-2.
-3.
-
-#### Expected behaviour
-
-> Tell us what should happen
-
-#### Actual behaviour
-
-> Tell us what happens instead
-
-### Configuration
-
-* Repository URL (if public): 
-* Build URL (if public): 
-
-```yml
-# paste your YAML workflow file here and remove sensitive data
-```
-
-### Logs
-
-> Download the [log file of your build](https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#downloading-logs) and [attach it](https://help.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,9 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
+blank_issues_enabled: true
+contact_links:
+  - name: Questions and Discussions
+    url: https://github.com/docker/bake-action/discussions/new
+    about: Use Github Discussions to ask questions and/or open discussion topics.
+  - name: Documentation
+    url: https://docs.docker.com/build/ci/github-actions/
+    about: Read the documentation.

.github/ISSUE_TEMPLATE/feature.yml

@@ -0,0 +1,15 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Feature request
+description: Missing functionality? Come tell us about it!
+labels:
+  - kind/enhancement
+  - status/triage
+
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is the feature you want to see?
+    validations:
+      required: true

.github/SECURITY.md

@@ -0,0 +1,12 @@
+# Reporting security issues
+
+The project maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+**Please _DO NOT_ file a public issue**, instead send your report privately to
+[security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated, and we will publicly thank you for it.
+We also like to send gifts—if you'd like Docker swag, make sure to let
+us know. We currently do not offer a paid security bounty program, but are not
+ruling it out in the future.

.github/SUPPORT.md

@@ -1,31 +0,0 @@
-# Support [![](https://isitmaintained.com/badge/resolution/crazy-max/ghaction-docker-buildx-bake.svg)](https://isitmaintained.com/project/crazy-max/ghaction-docker-buildx-bake)
-
-First, [be a good guy](https://github.com/kossnocorp/etiquette/blob/master/README.md).
-
-## Reporting an issue
-
-Please do a search in [open issues](https://github.com/crazy-max/ghaction-docker-buildx-bake/issues?utf8=%E2%9C%93&q=) to see if the issue or feature request has already been filed.
-
-If you find your issue already exists, make relevant comments and add your [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place of a "+1" comment.
-
-:+1: - upvote
-
-:-1: - downvote
-
-If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
-
-## Writing good bug reports and feature requests
-
-File a single issue per problem and feature request.
-
-* Do not enumerate multiple bugs or feature requests in the same issue.
-* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
-
-The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
-
-You are now ready to [create a new issue](https://github.com/crazy-max/ghaction-docker-buildx-bake/issues/new/choose)!
-
-## Closure policy
-
-* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
-* Issues that go a week without a response from original poster are subject to closure at our discretion.

.github/dependabot.yml

@@ -5,14 +5,15 @@ updates:
     schedule:
       interval: "daily"
     labels:
-      - ":game_die: dependencies"
-      - ":robot: bot"
+      - "dependencies"
+      - "bot"
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
+    versioning-strategy: "increase"
     allow:
       - dependency-type: "production"
     labels:
-      - ":game_die: dependencies"
-      - ":robot: bot"
+      - "dependencies"
+      - "bot"

.github/labels.yml

@@ -1,79 +0,0 @@
-## more info https://github.com/crazy-max/ghaction-github-labeler
-- # automerge
-  name: ":bell: automerge"
-  color: "8f4fbc"
-  description: ""
-- # bot
-  name: ":robot: bot"
-  color: "69cde9"
-  description: ""
-- # bug
-  name: ":bug: bug"
-  color: "b60205"
-  description: ""
-- # dependencies
-  name: ":game_die: dependencies"
-  color: "0366d6"
-  description: ""
-  from_name: "dependencies"
-- # documentation
-  name: ":memo: documentation"
-  color: "c5def5"
-  description: ""
-- # duplicate
-  name: ":busts_in_silhouette: duplicate"
-  color: "cccccc"
-  description: ""
-- # enhancement
-  name: ":sparkles: enhancement"
-  color: "0054ca"
-  description: ""
-- # feature request
-  name: ":bulb: feature request"
-  color: "0e8a16"
-  description: ""
-- # feedback
-  name: ":mega: feedback"
-  color: "03a9f4"
-  description: ""
-- # future maybe
-  name: ":rocket: future maybe"
-  color: "fef2c0"
-  description: ""
-- # good first issue
-  name: ":hatching_chick: good first issue"
-  color: "7057ff"
-  description: ""
-- # help wanted
-  name: ":pray: help wanted"
-  color: "4caf50"
-  description: ""
-- # hold
-  name: ":hand: hold"
-  color: "24292f"
-  description: ""
-- # invalid
-  name: ":no_entry_sign: invalid"
-  color: "e6e6e6"
-  description: ""
-- # maybe bug
-  name: ":interrobang: maybe bug"
-  color: "ff5722"
-  description: ""
-- # needs more info
-  name: ":thinking: needs more info"
-  color: "795548"
-  description: ""
-- # question
-  name: ":question: question"
-  color: "3f51b5"
-  description: ""
-  from_name: "question"
-- # upstream
-  name: ":eyes: upstream"
-  color: "fbca04"
-  description: ""
-- # wontfix
-  name: ":coffin: wontfix"
-  color: "ffffff"
-  description: ""

.github/stale.yml

@@ -1,18 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 30
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - ":hand: hold"
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: true
-# Label to use when marking an issue as stale
-staleLabel: ":skull: stale"
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false

.github/workflows/ci-subaction.yml

@@ -0,0 +1,136 @@
+name: ci-subaction
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 10 * * *'
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+    tags:
+      - 'v*'
+    paths:
+      - '.github/workflows/ci-subaction.yml'
+      - 'subaction/**'
+      - 'test/**'
+  pull_request:
+    paths:
+      - '.github/workflows/ci-subaction.yml'
+      - 'subaction/**'
+      - 'test/**'
+
+jobs:
+  list-targets:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          -
+            testdir: group
+            expected: >
+              ["t1","t2"]
+          -
+            testdir: group-matrix
+            target: validate
+            expected: >
+              ["lint-default","lint-labs","lint-nydus","lint-proto","lint-yaml","validate-doctoc","validate-vendor"]
+          -
+            testdir: multi-files
+            files: |
+              docker-bake.json
+              docker-bake.hcl
+            expected: >
+              ["v1-tag","v2-tag"]
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Matrix gen
+        id: gen
+        uses: ./subaction/list-targets
+        with:
+          workdir: ./test/${{ matrix.testdir }}
+          files: ${{ matrix.files }}
+          target: ${{ matrix.target }}
+      -
+        name: Check output
+        uses: actions/github-script@v7
+        env:
+          INPUT_TARGETS: ${{ steps.gen.outputs.targets }}
+          INPUT_EXPECTED: ${{ matrix.expected }}
+        with:
+          script: |
+            const targets = JSON.stringify(JSON.parse(core.getInput('targets')));
+            const expected = JSON.stringify(JSON.parse(core.getInput('expected')));
+            if (targets !== expected) {
+              throw new Error(`Targets do not match expected values: ${targets} != ${expected}`);
+            } else {
+              core.info(`✅`);
+            }
+
+  matrix:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          -
+            testdir: group
+            expected: >
+              [{"target":"t1"},{"target":"t2"}]
+          -
+            testdir: group-matrix
+            target: validate
+            expected: >
+              [{"target":"lint-default"},{"target":"lint-labs"},{"target":"lint-nydus"},{"target":"lint-proto"},{"target":"lint-yaml"},{"target":"validate-doctoc"},{"target":"validate-vendor"}]
+          -
+            testdir: group-with-platform
+            target: validate
+            expected: >
+              [{"target":"lint"},{"target":"lint-gopls"},{"target":"validate-docs"},{"target":"validate-vendor"}]
+          -
+            testdir: group-with-platform
+            target: validate
+            fields: platforms
+            expected: >
+              [{"target":"lint","platforms":"darwin/amd64"},{"target":"lint","platforms":"darwin/arm64"},{"target":"lint","platforms":"linux/amd64"},{"target":"lint","platforms":"linux/arm64"},{"target":"lint","platforms":"linux/s390x"},{"target":"lint","platforms":"linux/ppc64le"},{"target":"lint","platforms":"linux/riscv64"},{"target":"lint","platforms":"windows/amd64"},{"target":"lint","platforms":"windows/arm64"},{"target":"lint-gopls","platforms":"darwin/amd64"},{"target":"lint-gopls","platforms":"darwin/arm64"},{"target":"lint-gopls","platforms":"linux/amd64"},{"target":"lint-gopls","platforms":"linux/arm64"},{"target":"lint-gopls","platforms":"linux/s390x"},{"target":"lint-gopls","platforms":"linux/ppc64le"},{"target":"lint-gopls","platforms":"linux/riscv64"},{"target":"lint-gopls","platforms":"windows/amd64"},{"target":"lint-gopls","platforms":"windows/arm64"},{"target":"validate-docs"},{"target":"validate-vendor"}]
+          -
+            testdir: group-with-platform
+            target: validate
+            fields: platforms,dockerfile
+            expected: >
+               [{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/arm64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/arm64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/s390x"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/ppc64le"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/riscv64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/amd64"},{"target":"lint","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"darwin/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/arm64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/s390x"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/ppc64le"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"linux/riscv64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/amd64"},{"target":"lint-gopls","dockerfile":"./hack/dockerfiles/lint.Dockerfile","platforms":"windows/arm64"},{"target":"validate-docs","dockerfile":"./hack/dockerfiles/docs.Dockerfile"},{"target":"validate-vendor","dockerfile":"./hack/dockerfiles/vendor.Dockerfile"}]
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Matrix gen
+        id: gen
+        uses: ./subaction/matrix
+        with:
+          workdir: ./test/${{ matrix.testdir }}
+          target: ${{ matrix.target }}
+          fields: ${{ matrix.fields }}
+      -
+        name: Check output
+        uses: actions/github-script@v7
+        env:
+          INPUT_MATRIX: ${{ steps.gen.outputs.matrix }}
+          INPUT_EXPECTED: ${{ matrix.expected }}
+        with:
+          script: |
+            const matrix = JSON.stringify(JSON.parse(core.getInput('matrix')));
+            const expected = JSON.stringify(JSON.parse(core.getInput('expected')));
+            if (matrix !== expected) {
+              throw new Error(`Matrix do not match expected values: ${matrix} != ${expected}`);
+            } else {
+              core.info(`✅`);
+            }

.github/workflows/ci.yml

@@ -1,12 +1,39 @@
 name: ci
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
+  workflow_dispatch:
+    inputs:
+      buildx-version:
+        description: 'Buildx version or Git context'
+        default: 'latest'
+        required: false
+      buildkit-image:
+        description: 'BuildKit image'
+        default: 'moby/buildkit:buildx-stable-1'
+        required: false
+  schedule:
+    - cron: '0 10 * * *'
   push:
     branches:
-      - master
+      - 'master'
+      - 'releases/v*'
+    tags:
+      - 'v*'
+    paths-ignore:
+      - '.github/workflows/ci-subaction.yml'
+      - 'subaction/**'
   pull_request:
-    branches:
-      - master
+    paths-ignore:
+      - '.github/workflows/ci-subaction.yml'
+      - 'subaction/**'
+
+env:
+  BUILDX_VERSION: edge
+  BUILDKIT_IMAGE: moby/buildkit:latest
 
 jobs:
   bake:
@@ -25,28 +52,818 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       -
         name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
         with:
-          driver-opts: network=host
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
       -
         name: Build and push
-        id: docker_build
         uses: ./
         with:
+          source: .
           builder: ${{ steps.buildx.outputs.name }}
           files: |
             ./test/config.hcl
           targets: |
             ${{ matrix.target }}
           push: false # set to true when https://github.com/docker/buildx/issues/179 is fixed
+
+  error-msg:
+    runs-on: ubuntu-latest
+    steps:
       -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Build
+        continue-on-error: true
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+          set: |
+            *.platform=linux/amd64,linux/ppc64le,linux/s390x
+
+  error-check:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Stop docker
+        run: |
+          sudo systemctl stop docker docker.socket
+      -
+        name: Build
+        id: bake
+        continue-on-error: true
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+      -
+        name: Check
+        run: |
+          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
+            echo "::error::Should have failed"
+            exit 1
+          fi
+
+  standalone:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Uninstall docker cli
+        run: |
+          if dpkg -s "docker-ce" >/dev/null 2>&1; then
+            sudo dpkg -r --force-depends docker-ce-cli docker-buildx-plugin
+          else
+            sudo apt-get purge -y moby-cli moby-buildx
+          fi
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+
+  remote:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Build
+        uses: ./
+        with:
+          source: https://github.com/docker/buildx.git#v0.8.2
+          targets: update-docs
+
+  provenance:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        attrs:
+          - ''
+          - mode=max
+          - builder-id=foo
+          - false
+          - true
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            network=host
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          workdir: ./test/go
+          source: .
+          targets: binary
+          provenance: ${{ matrix.attrs }}
+          set: |
+            *.output=type=oci,dest=/tmp/build.tar
+            *.cache-from=type=gha,scope=provenance
+            *.cache-to=type=gha,scope=provenance,mode=max
+
+  sbom:
+    runs-on: ubuntu-latest
+    env:
+      DESTDIR: /tmp/bake-build
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - target: image
+            output: type=image,name=localhost:5000/name/app:latest,push=true
+          - target: binary
+            output: /tmp/bake-build
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            network=host
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          workdir: ./test/go
+          source: .
+          targets: ${{ matrix.target }}
+          sbom: true
+          set: |
+            *.output=${{ matrix.output }}
+            *.cache-from=type=gha,scope=attests-${{ matrix.target }}
+            *.cache-to=type=gha,scope=attests-${{ matrix.target }},mode=max
+      -
+        name: Inspect image
+        if: matrix.target == 'image'
+        run: |
+          docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
+      -
+        name: Check output folder
+        if: matrix.target == 'binary'
+        working-directory: ${{ env.DESTDIR }}
+        run: |
+          tree .
+      -
+        name: Print provenance
+        if: matrix.target == 'binary'
+        working-directory: ${{ env.DESTDIR }}
+        run: |
+          cat provenance.json | jq
+      -
+        name: Print SBOM
+        if: matrix.target == 'binary'
+        working-directory: ${{ env.DESTDIR }}
+        run: |
+          cat sbom.spdx.json | jq
+
+  set:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Build
+        uses: ./
+        with:
+          workdir: ./test/go
+          source: .
+          set: |
+            *.platform=linux/amd64
+            *.output=type=image,"name=localhost:5000/name/app:v1.0.0,localhost:5000/name/app:latest",push=true
+            *.tags=
+
+  group:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
+      -
+        name: Build and push
+        uses: ./
+        with:
+          workdir: ./test/group
+          source: .
+          push: true
+          set: |
+            t1.tags=localhost:5000/name/app:t1
+            t2.tags=localhost:5000/name/app:t2
+
+  docker-config-malformed:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set malformed docker config
+        run: |
+          mkdir -p ~/.docker
+          echo 'foo_bar' >> ~/.docker/config.json
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+
+  proxy-docker-config:
+    runs-on: ubuntu-latest
+    services:
+      squid-proxy:
+        image: ubuntu/squid:latest
+        ports:
+          - 3128:3128
+    steps:
+      -
+        name: Check proxy
+        run: |
+          netstat -aptn
+          curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set proxy config
+        run: |
+          mkdir -p ~/.docker
+          echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
+          buildkitd-flags: --debug
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+          targets: app-proxy
+
+  proxy-buildkitd:
+    runs-on: ubuntu-latest
+    services:
+      squid-proxy:
+        image: ubuntu/squid:latest
+        ports:
+          - 3128:3128
+    steps:
+      -
+        name: Check proxy
+        run: |
+          netstat -aptn
+          curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
+            env.http_proxy=http://127.0.0.1:3128
+            env.https_proxy=http://127.0.0.1:3128
+          buildkitd-flags: --debug
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+
+  git-context:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+
+  git-context-and-local:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            cwd://${{ steps.meta.outputs.bake-file }}
+
+  multi-output:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            network=host
+      -
+        name: Build and push
+        uses: ./
+        with:
+          workdir: ./test/go
+          source: .
+          set: |
+            *.output=type=image,name=localhost:5000/name/app:latest,push=true
+            *.output=type=docker,name=app:local
+            *.output=type=oci,dest=/tmp/oci.tar
+      -
+        name: Check registry
+        run: |
+          docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
+      -
+        name: Check docker
+        run: |
+          docker image inspect app:local
+      -
+        name: Check oci
+        run: |
+          set -ex
+          mkdir -p /tmp/oci-out
+          tar xf /tmp/oci.tar -C /tmp/oci-out
+          tree -nh /tmp/oci-out
+
+  load-and-push:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            network=host
+      -
+        name: Build and push
+        uses: ./
+        with:
+          workdir: ./test/go
+          source: .
+          targets: image
+          load: true
+          push: true
+          set: |
+            *.tags=localhost:5000/name/app:latest
+      -
+        name: Check registry
+        run: |
+          docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'
+      -
+        name: Check docker
+        run: |
+          docker image inspect localhost:5000/name/app:latest
+
+  summary-disable:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          targets: app
+        env:
+          DOCKER_BUILD_SUMMARY: false
+
+  summary-disable-deprecated:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+          targets: app
+        env:
+          DOCKER_BUILD_NO_SUMMARY: true
+
+  summary-not-supported:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: v0.12.1
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          targets: app
+
+  record-upload-disable:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          targets: app
+        env:
+          DOCKER_BUILD_RECORD_UPLOAD: false
+
+  record-retention-days:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        days:
+          - 2
+          - 0
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          targets: app
+        env:
+          DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }}
+
+  export-legacy:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        legacy:
+          - false
+          - true
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          targets: app
+        env:
+          DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }}
+
+  checks:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        buildx-version:
+          - edge
+          - v0.14.1
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ matrix.buildx-version }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          workdir: ./test
+          source: .
+          files: |
+            ./lint.hcl
+
+  annotations-disabled:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          workdir: ./test
+          source: .
+          files: |
+            ./lint.hcl
+        env:
+          DOCKER_BUILD_CHECKS_ANNOTATIONS: false
+
+  allow:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        buildx-version:
+          - edge
+          - v0.19.0
+          - v0.18.0
+          - v0.17.1
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ matrix.buildx-version }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        uses: ./
+        with:
+          files: |
+            ./test/config.hcl
+          allow: network.host
+          targets: app-entitlements
+
+  no-default-attestations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Build
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+        env:
+          BUILDX_NO_DEFAULT_ATTESTATIONS: 1
+
+  call-check:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        id: bake
+        continue-on-error: true
+        uses: ./
+        with:
+          workdir: ./test
+          source: .
+          files: |
+            ./lint.hcl
+          call: check
+          targets: lint
+      -
+        name: Check
+        run: |
+          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
+            echo "::error::Should have failed"
+            exit 1
+          fi
+
+  call-check-multi:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        id: bake
+        continue-on-error: true
+        uses: ./
+        with:
+          workdir: ./test
+          source: .
+          files: |
+            ./lint.hcl
+          call: check
+      -
+        name: Check
+        run: |
+          if [ "${{ steps.bake.outcome }}" != "failure" ] || [ "${{ steps.bake.conclusion }}" != "success" ]; then
+            echo "::error::Should have failed"
+            exit 1
+          fi
+
+  call-check-nowarning:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+      -
+        name: Build
+        id: bake
+        continue-on-error: true
+        uses: ./
+        with:
+          source: .
+          files: |
+            ./test/config.hcl
+          call: check

.github/workflows/labels.yml

@@ -1,20 +0,0 @@
-name: labels
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - '.github/labels.yml'
-      - '.github/workflows/labels.yml'
-
-jobs:
-  labeler:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Run Labeler
-        uses: crazy-max/ghaction-github-labeler@v3

.github/workflows/pr-assign-author.yml

@@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: publish
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v5
+      -
+        name: Publish
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -1,17 +1,21 @@
 name: test
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
     paths-ignore:
-      - '**.md'
+      - '.github/workflows/ci-subaction.yml'
+      - 'subaction/**'
   pull_request:
-    branches:
-      - 'master'
     paths-ignore:
-      - '**.md'
+      - '.github/workflows/ci-subaction.yml'
+      - 'subaction/**'
 
 jobs:
   test:
@@ -19,13 +23,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
       -
         name: Test
-        run: docker buildx bake test
+        uses: docker/bake-action@v6
+        with:
+          source: .
+          targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v5
         with:
+          files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}
-          file: ./coverage/clover.xml

.github/workflows/validate.yml

@@ -1,25 +1,43 @@
 name: validate
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
-    paths-ignore:
-      - '**.md'
   pull_request:
-    branches:
-      - 'master'
-    paths-ignore:
-      - '**.md'
 
 jobs:
-  validate:
+  prepare:
     runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.generate.outputs.targets }}
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v5
+      -
+        name: List targets
+        id: generate
+        uses: ./subaction/list-targets
+        with:
+          target: validate
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
       -
         name: Validate
-        run: docker buildx bake validate
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}

.gitignore

@@ -1,12 +1,5 @@
-/.dev
-node_modules
-lib
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
 
-# Jetbrains
-/.idea
-/*.iml
-
-# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@@ -14,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -24,34 +18,14 @@ pids
 *.seed
 *.pid.lock
 
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
 # Dependency directories
+node_modules/
 jspm_packages/
 
-# TypeScript v1 declaration files
-typings/
-
 # TypeScript cache
 *.tsbuildinfo
 
@@ -61,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache
 
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
 # Yarn Integrity file
 .yarn-integrity
 
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
 
-# parcel-bundler cache (https://parceljs.org/)
-.cache
-
-# next.js build output
-.next
-
-# nuxt.js build output
-.nuxt
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.prettierignore

@@ -0,0 +1,6 @@
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/

.prettierrc.json

@@ -1,5 +1,5 @@
 {
-  "printWidth": 120,
+  "printWidth": 240,
   "tabWidth": 2,
   "useTabs": false,
   "semi": true,

.yarnrc.yml

@@ -0,0 +1,17 @@
+# https://yarnpkg.com/configuration/yarnrc
+
+compressionLevel: mixed
+enableGlobalCache: false
+enableHardenedMode: true
+
+logFilters:
+  - code: YN0013
+    level: discard
+  - code: YN0019
+    level: discard
+  - code: YN0076
+    level: discard
+  - code: YN0086
+    level: discard
+
+nodeLinker: node-modules

Dockerfile.dev

@@ -1,59 +0,0 @@
-#syntax=docker/dockerfile:1.2
-
-FROM node:12 AS deps
-WORKDIR /src
-COPY package.json yarn.lock ./
-RUN --mount=type=cache,target=/src/node_modules \
-  yarn install
-
-FROM scratch AS update-yarn
-COPY --from=deps /src/yarn.lock /
-
-FROM deps AS validate-yarn
-COPY .git .git
-RUN status=$(git status --porcelain -- yarn.lock); if [ -n "$status" ]; then echo $status; exit 1; fi
-
-FROM deps AS base
-COPY . .
-
-FROM base AS build
-RUN --mount=type=cache,target=/src/node_modules \
-  yarn build
-
-FROM deps AS test
-COPY --from=docker /usr/local/bin/docker /usr/bin/
-ARG TARGETOS
-ARG TARGETARCH
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
-ARG BUILDX_VERSION=v0.5.1
-RUN mkdir -p /usr/local/lib/docker/cli-plugins \
-  && curl -fsSL https://github.com/docker/buildx/releases/download/$BUILDX_VERSION/buildx-$BUILDX_VERSION.$TARGETOS-$TARGETARCH > /usr/local/lib/docker/cli-plugins/docker-buildx \
-  && chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx \
-  && docker buildx version
-COPY . .
-RUN --mount=type=cache,target=/src/node_modules \
-  yarn run test
-
-FROM scratch AS test-coverage
-COPY --from=test /src/coverage /coverage/
-
-FROM base AS run-format
-RUN --mount=type=cache,target=/src/node_modules \
-  yarn run format
-
-FROM scratch AS format
-COPY --from=run-format /src/src/*.ts /src/
-
-FROM base AS validate-format
-RUN --mount=type=cache,target=/src/node_modules \
-  yarn run format-check
-
-FROM scratch AS dist
-COPY --from=build /src/dist/ /dist/
-
-FROM build AS validate-build
-RUN status=$(git status --porcelain -- dist); if [ -n "$status" ]; then echo $status; exit 1; fi
-
-FROM base AS dev
-ENTRYPOINT ["bash"]

README.md

@@ -1,36 +1,121 @@
-[![GitHub release](https://img.shields.io/github/release/crazy-max/ghaction-docker-buildx-bake.svg?style=flat-square)](https://github.com/crazy-max/ghaction-docker-buildx-bake/releases/latest)
+[![GitHub release](https://img.shields.io/github/release/docker/bake-action.svg?style=flat-square)](https://github.com/docker/bake-action/releases/latest)
 [![GitHub marketplace](https://img.shields.io/badge/marketplace-docker--buildx--bake-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/docker-buildx-bake)
-[![Test workflow](https://img.shields.io/github/workflow/status/crazy-max/ghaction-docker-buildx-bake/test?label=test&logo=github&style=flat-square)](https://github.com/crazy-max/ghaction-docker-buildx-bake/actions?workflow=test)
-[![Codecov](https://img.shields.io/codecov/c/github/crazy-max/ghaction-docker-buildx-bake?logo=codecov&style=flat-square)](https://codecov.io/gh/crazy-max/ghaction-docker-buildx-bake)
-[![Become a sponsor](https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github&style=flat-square)](https://github.com/sponsors/crazy-max)
-[![Paypal Donate](https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal&style=flat-square)](https://www.paypal.me/crazyws)
+[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/bake-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/bake-action/actions?workflow=ci)
+[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/bake-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/bake-action/actions?workflow=test)
+[![Codecov](https://img.shields.io/codecov/c/github/docker/bake-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/bake-action)
 
 ## About
 
-GitHub Action to use Docker [Buildx Bake](https://github.com/docker/buildx#buildx-bake-options-target) as a high-level build command.
+GitHub Action to use Docker [Buildx Bake](https://docs.docker.com/build/customize/bake/)
+as a high-level build command.
 
-If you are interested, [check out](https://git.io/Je09Y) my other :octocat: GitHub Actions!
+![Screenshot](.github/bake-action.png)
 
 ___
 
 * [Usage](#usage)
+  * [Git context](#git-context)
+  * [Path context](#path-context)
+* [Summaries](#summaries)
 * [Customizing](#customizing)
   * [inputs](#inputs)
-* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
-* [Limitation](#limitation)
+  * [outputs](#outputs)
+  * [environment variables](#environment-variables)
+* [Subactions](#subactions)
+  * [`matrix`](subaction/matrix)
 * [Contributing](#contributing)
-* [License](#license)
 
 ## Usage
 
+### Git context
+
+Since `v6` this action uses the [Git context](https://docs.docker.com/build/bake/remote-definition/)
+to build from a remote bake definition by default like the [build-push-action](https://github.com/docker/build-push-action)
+does. This means that you don't need to use the [`actions/checkout`](https://github.com/actions/checkout/)
+action to check out the repository as [BuildKit](https://docs.docker.com/build/buildkit/)
+will do this directly.
+
+The git reference will be based on the [event that triggered your workflow](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows)
+and will result in the following context: `https://github.com/<owner>/<repo>.git#<ref>`.
+
 ```yaml
 name: ci
+
+on:
+  push:
+
+jobs:
+  bake:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Build and push
+        uses: docker/bake-action@v6
+        with:
+          push: true
+          set: |
+            *.tags=user/app:latest
+```
+
+Be careful because **any file mutation in the steps that precede the build step
+will be ignored, including processing of the `.dockerignore` file** since
+the context is based on the Git reference. However, you can use the
+[Path context](#path-context) using the [`source` input](#inputs) alongside
+the [`actions/checkout`](https://github.com/actions/checkout/) action to remove
+this restriction.
+
+Default Git context can also be provided using the [Handlebars template](https://handlebarsjs.com/guide/)
+expression `{{defaultContext}}`. Here we can use it to provide a subdirectory
+to the default Git context:
+
+```yaml
+      -
+        name: Build and push
+        uses: docker/bake-action@v6
+        with:
+          source: "{{defaultContext}}:mysubdir"
+          push: true
+          set: |
+            *.tags=user/app:latest
+```
+
+Building from the current repository automatically uses the `GITHUB_TOKEN`
+secret that GitHub [automatically creates for workflows](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
+so you don't need to pass that manually. If you want to authenticate against
+another private repository for remote definitions, you can set the
+[`BUILDX_BAKE_GIT_AUTH_TOKEN` environment variable](https://docs.docker.com/build/building/variables/#buildx_bake_git_auth_token).
+
+> [!NOTE]
+> Supported since Buildx 0.14.0
+
+```yaml
+      -
+        name: Build and push
+        uses: docker/bake-action@v6
+        with:
+          push: true
+          set: |
+            *.tags=user/app:latest
+        env:
+          BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.MYTOKEN }}
+```
+
+### Path context
+
+```yaml
+name: ci
+
 on:
-  pull_request:
-    branches: master
   push:
-    branches: master
-    tags:
 
 jobs:
   bake:
@@ -38,35 +123,64 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: actions/checkout@v4
       -
         name: Login to DockerHub
-        uses: docker/login-action@v1 
+        uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       -
         name: Build and push
-        uses: crazy-max/ghaction-docker-buildx-bake@v1
+        uses: docker/bake-action@v6
         with:
-          files: |
-            ./config.hcl
-          targets: |
-            release
+          source: .
           push: true
+          set: |
+            *.tags=user/app:latest
 ```
 
+## Summaries
+
+This action generates a [job summary](https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries/)
+that provides a detailed overview of the build execution. The summary shows an
+overview of all the steps executed during the build, including the build
+inputs, bake definition, and eventual errors.
+
+![build-push-action job summary](./.github/bake-summary.png)
+
+The summary also includes a link for downloading a build record archive with
+additional details about the build execution for all the bake targets,
+including build stats, logs, outputs, and more. The build record can be
+imported to Docker Desktop for inspecting the build in greater detail.
+
+> [!WARNING]
+>
+> If you're using the [`actions/download-artifact`](https://github.com/actions/download-artifact)
+> action in your workflow, you need to ignore the build record artifacts
+> if `name` and `pattern` inputs are not specified ([defaults to download all artifacts](https://github.com/actions/download-artifact?tab=readme-ov-file#download-all-artifacts) of the workflow),
+> otherwise the action will fail:
+> ```yaml
+> - uses: actions/download-artifact@v4
+>   with:
+>     pattern: "!*.dockerbuild"
+> ```
+> More info: https://github.com/actions/toolkit/pull/1874
+
+Summaries are enabled by default, but can be disabled with the
+`DOCKER_BUILD_SUMMARY` [environment variable](#environment-variables).
+
+For more information about summaries, refer to the
+[documentation](https://docs.docker.com/go/build-summary/).
+
 ## Customizing
 
 ### inputs
 
-Following inputs can be used as `step.with` keys
+The following inputs can be used as `step.with` keys
 
 > `List` type is a newline-delimited string
 > ```yaml
@@ -83,48 +197,47 @@ Following inputs can be used as `step.with` keys
 > targets: default,release
 > ```
 
-| Name             | Type     | Description                        |
-|------------------|----------|------------------------------------|
-| `builder`        | String   | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) |
-| `files`          | List/CSV | List of [bake definition files](https://github.com/docker/buildx#file-definition) |
-| `targets`        | List/CSV | List of bake targets |
-| `no-cache`       | Bool     | Do not use cache when building the image (default `false`) |
-| `pull`           | Bool     | Always attempt to pull a newer version of the image (default `false`) |
-| `load`           | Bool     | Load is a shorthand for `--set=*.output=type=docker` (default `false`) |
-| `push`           | Bool     | Push is a shorthand for `--set=*.output=type=registry` (default `false`) |
-| `set`            | List     | List of [targets values to override](https://github.com/docker/buildx#--set-targetpatternkeysubkeyvalue) (eg: `targetpattern.key=value`) |
+| Name           | Type        | Description                                                                                                                                                        |
+|----------------|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `builder`      | String      | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action)                                                                        |
+| `workdir`      | String      | Working directory of execution                                                                                                                                     |
+| `source`       | String      | Context to build from. Can be either local (`.`) or a [remote bake definition](https://docs.docker.com/build/bake/remote-definition/)                              |
+| `allow`        | List/CSV    | Allow build to access specified resources (e.g., `network.host`)                                                                                                   |
+| `call`         | String      | Set method for evaluating build (e.g., check)                                                                                                                      |
+| `files`        | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                                                     |
+| `no-cache`     | Bool        | Do not use cache when building the image (default `false`)                                                                                                         |
+| `pull`         | Bool        | Always attempt to pull a newer version of the image (default `false`)                                                                                              |
+| `load`         | Bool        | Load is a shorthand for `--set=*.output=type=docker` (default `false`)                                                                                             |
+| `provenance`   | Bool/String | [Provenance](https://docs.docker.com/build/attestations/slsa-provenance/) is a shorthand for `--set=*.attest=type=provenance`                                      |
+| `push`         | Bool        | Push is a shorthand for `--set=*.output=type=registry` (default `false`)                                                                                           |
+| `sbom`         | Bool/String | [SBOM](https://docs.docker.com/build/attestations/sbom/) is a shorthand for `--set=*.attest=type=sbom`                                                             |
+| `set`          | List        | List of [targets values to override](https://docs.docker.com/engine/reference/commandline/buildx_bake/#set) (e.g., `targetpattern.key=value`)                      |
+| `targets`      | List/CSV    | List of bake targets (`default` target used if empty)                                                                                                              |
+| `github-token` | String      | API token used to authenticate to a Git repository for [remote definitions](https://docs.docker.com/build/bake/remote-definition/) (default `${{ github.token }}`) |
 
-## Keep up-to-date with GitHub Dependabot
+### outputs
 
-Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
-has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
-to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
+The following outputs are available
 
-```yaml
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-```
+| Name       | Type | Description           |
+|------------|------|-----------------------|
+| `metadata` | JSON | Build result metadata |
 
-## Limitation
+### environment variables
 
-This action is only available for Linux [virtual environments](https://help.github.com/en/articles/virtual-environments-for-github-actions#supported-virtual-environments-and-hardware-resources).
+| Name                                 | Type   | Default | Description                                                                                                                                                                                                                                                        |
+|--------------------------------------|--------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `DOCKER_BUILD_CHECKS_ANNOTATIONS`    | Bool   | `true`  | If `false`, GitHub annotations are not generated for [build checks](https://docs.docker.com/build/checks/)                                                                                                                                                         |
+| `DOCKER_BUILD_SUMMARY`               | Bool   | `true`  | If `false`, [build summary](https://docs.docker.com/build/ci/github-actions/build-summary/) generation is disabled                                                                                                                                                 |
+| `DOCKER_BUILD_RECORD_UPLOAD`         | Bool   | `true`  | If `false`, build record upload as [GitHub artifact](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts) is disabled                                                                                                            |
+| `DOCKER_BUILD_RECORD_RETENTION_DAYS` | Number |         | Duration after which build record artifact will expire in days. Defaults to repository/org [retention settings](https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy) if unset or `0` |
+| `DOCKER_BUILD_EXPORT_LEGACY`         | Bool   | `false` | If `true`, exports build using legacy export-build tool instead of [`buildx history export` command](https://docs.docker.com/reference/cli/docker/buildx/history/export/)                                                                                          |
+
+## Subactions
+
+* [`matrix`](subaction/matrix)
 
 ## Contributing
 
-Want to contribute? Awesome! The most basic way to show your support is to star :star2: the project,
-or to raise issues :speech_balloon:. If you want to open a pull request, please read the
-[contributing guidelines](.github/CONTRIBUTING.md).
-
-You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max) or by
-making a [Paypal donation](https://www.paypal.me/crazyws) to ensure this journey continues indefinitely!
-
-Thanks again for your support, it is much appreciated! :pray:
-
-## License
-
-MIT. See `LICENSE` for more details.
+Want to contribute? Awesome! You can find information about contributing to
+this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)

__mocks__/@actions/github.ts

@@ -0,0 +1,207 @@
+import {jest} from '@jest/globals';
+
+export const context = {
+  repo: {
+    owner: 'docker',
+    repo: 'build-push-action'
+  },
+  ref: 'refs/heads/master',
+  runId: 123456789,
+  payload: {
+    after: '860c1904a1ce19322e91ac35af1ab07466440c37',
+    base_ref: null,
+    before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
+    commits: [
+      {
+        author: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        committer: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        distinct: true,
+        id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+        message: 'hello dev',
+        timestamp: '2022-04-19T11:27:24+02:00',
+        tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+        url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+      }
+    ],
+    compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
+    created: false,
+    deleted: false,
+    forced: false,
+    head_commit: {
+      author: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      committer: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      distinct: true,
+      id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+      message: 'hello dev',
+      timestamp: '2022-04-19T11:27:24+02:00',
+      tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+      url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+    },
+    organization: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+      description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
+      events_url: 'https://api.github.com/orgs/docker/events',
+      hooks_url: 'https://api.github.com/orgs/docker/hooks',
+      id: 5429470,
+      issues_url: 'https://api.github.com/orgs/docker/issues',
+      login: 'docker',
+      members_url: 'https://api.github.com/orgs/docker/members{/member}',
+      node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+      public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
+      repos_url: 'https://api.github.com/orgs/docker/repos',
+      url: 'https://api.github.com/orgs/docker'
+    },
+    pusher: {
+      email: 'github@crazymax.dev',
+      name: 'crazy-max'
+    },
+    ref: 'refs/heads/dev',
+    repository: {
+      allow_forking: true,
+      archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
+      archived: false,
+      assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
+      blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
+      branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
+      clone_url: 'https://github.com/docker/test-docker-action.git',
+      collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
+      comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
+      commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
+      compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
+      contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
+      contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
+      created_at: 1596792180,
+      default_branch: 'master',
+      deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
+      description: 'Test "Docker" Actions',
+      disabled: false,
+      downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
+      events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
+      fork: false,
+      forks: 1,
+      forks_count: 1,
+      forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
+      full_name: 'docker/test-docker-action',
+      git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
+      git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
+      git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
+      git_url: 'git://github.com/docker/test-docker-action.git',
+      has_downloads: true,
+      has_issues: true,
+      has_pages: false,
+      has_projects: true,
+      has_wiki: true,
+      homepage: '',
+      hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
+      html_url: 'https://github.com/docker/test-docker-action',
+      id: 285789493,
+      is_template: false,
+      issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
+      issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
+      issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
+      keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
+      labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
+      language: 'JavaScript',
+      languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
+      license: {
+        key: 'mit',
+        name: 'MIT License',
+        node_id: 'MDc6TGljZW5zZTEz',
+        spdx_id: 'MIT',
+        url: 'https://api.github.com/licenses/mit'
+      },
+      master_branch: 'master',
+      merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
+      milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
+      mirror_url: null,
+      name: 'test-docker-action',
+      node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
+      notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
+      open_issues: 6,
+      open_issues_count: 6,
+      organization: 'docker',
+      owner: {
+        avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+        email: 'info@docker.com',
+        events_url: 'https://api.github.com/users/docker/events{/privacy}',
+        followers_url: 'https://api.github.com/users/docker/followers',
+        following_url: 'https://api.github.com/users/docker/following{/other_user}',
+        gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
+        gravatar_id: '',
+        html_url: 'https://github.com/docker',
+        id: 5429470,
+        login: 'docker',
+        name: 'docker',
+        node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+        organizations_url: 'https://api.github.com/users/docker/orgs',
+        received_events_url: 'https://api.github.com/users/docker/received_events',
+        repos_url: 'https://api.github.com/users/docker/repos',
+        site_admin: false,
+        starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
+        subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
+        type: 'Organization',
+        url: 'https://api.github.com/users/docker'
+      },
+      private: true,
+      pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
+      pushed_at: 1650360446,
+      releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
+      size: 796,
+      ssh_url: 'git@github.com:docker/test-docker-action.git',
+      stargazers: 0,
+      stargazers_count: 0,
+      stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
+      statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
+      subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
+      subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
+      svn_url: 'https://github.com/docker/test-docker-action',
+      tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
+      teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
+      topics: [],
+      trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
+      updated_at: '2022-04-19T09:05:09Z',
+      url: 'https://github.com/docker/test-docker-action',
+      visibility: 'private',
+      watchers: 0,
+      watchers_count: 0
+    },
+    sender: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
+      events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
+      followers_url: 'https://api.github.com/users/crazy-max/followers',
+      following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
+      gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
+      gravatar_id: '',
+      html_url: 'https://github.com/crazy-max',
+      id: 1951866,
+      login: 'crazy-max',
+      node_id: 'MDQ6VXNlcjE5NTE4NjY=',
+      organizations_url: 'https://api.github.com/users/crazy-max/orgs',
+      received_events_url: 'https://api.github.com/users/crazy-max/received_events',
+      repos_url: 'https://api.github.com/users/crazy-max/repos',
+      site_admin: false,
+      starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
+      subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
+      type: 'User',
+      url: 'https://api.github.com/users/crazy-max'
+    }
+  }
+};
+
+export const getOctokit = jest.fn();

__tests__/buildx.test.ts

@@ -1,22 +0,0 @@
-import * as semver from 'semver';
-import * as buildx from '../src/buildx';
-import * as exec from '@actions/exec';
-
-describe('getVersion', () => {
-  it('valid', async () => {
-    await exec.exec('docker', ['buildx', 'version']);
-    const version = await buildx.getVersion();
-    console.log(`version: ${version}`);
-    expect(semver.valid(version)).not.toBeNull();
-  }, 100000);
-});
-
-describe('parseVersion', () => {
-  test.each([
-    ['github.com/docker/buildx 0.4.1+azure bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
-    ['github.com/docker/buildx v0.4.1 bda4882a65349ca359216b135896bddc1d92461c', '0.4.1'],
-    ['github.com/docker/buildx v0.4.2 fb7b670b764764dc4716df3eba07ffdae4cc47b2', '0.4.2']
-  ])('given %p', async (stdout, expected) => {
-    expect(await buildx.parseVersion(stdout)).toEqual(expected);
-  });
-});

__tests__/context.test.ts

@@ -1,172 +1,457 @@
+import {afterEach, beforeEach, describe, expect, jest, test} from '@jest/globals';
+import * as fs from 'fs';
+import * as path from 'path';
+
+import {Bake} from '@docker/actions-toolkit/lib/buildx/bake';
+import {Builder} from '@docker/actions-toolkit/lib/buildx/builder';
+import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
+import {Context} from '@docker/actions-toolkit/lib/context';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+
+import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
+import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
+import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
+
 import * as context from '../src/context';
 
-describe('getInputList', () => {
-  it('single line correctly', async () => {
-    await setInput('foo', 'bar');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar']);
-  });
+const tmpDir = path.join('/tmp', '.docker-bake-action-jest');
+const tmpName = path.join(tmpDir, '.tmpname-jest');
 
-  it('multiline correctly', async () => {
-    setInput('foo', 'bar\nbaz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty lines correctly', async () => {
-    setInput('foo', 'bar\n\nbaz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('comma correctly', async () => {
-    setInput('foo', 'bar,baz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty result correctly', async () => {
-    setInput('foo', 'bar,baz,');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines correctly', async () => {
-    setInput('foo', 'bar\r\nbaz');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines and comma correctly', async () => {
-    setInput('foo', 'bar\r\nbaz,bat');
-    const res = await context.getInputList('foo');
-    console.log(res);
-    expect(res).toEqual(['bar', 'baz', 'bat']);
-  });
-
-  it('multiline and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
-    const res = await context.getInputList('cache-from', true);
-    console.log(res);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('different new lines and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
-    const res = await context.getInputList('cache-from', true);
-    console.log(res);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('multiline values', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
-  });
-
-  it('multiline values with empty lines', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar
-"EMPTYLINE=aaaa
-
-bbbb
-ccc"`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar',
-      `EMPTYLINE=aaaa
-
-bbbb
-ccc`
-    ]);
-  });
-
-  it('multiline values without quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      'MYSECRET=aaaaaaaa',
-      'bbbbbbb',
-      'ccccccccc',
-      'FOO=bar'
-    ]);
-  });
-
-  it('multiline values escape quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbb""bbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = await context.getInputList('secrets', true);
-    console.log(res);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbb\"bbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
-  });
+import repoFixture from './fixtures/github-repo.json';
+jest.spyOn(GitHub.prototype, 'repoData').mockImplementation((): Promise<GitHubRepo> => {
+  return <Promise<GitHubRepo>>(repoFixture as unknown);
 });
 
-describe('asyncForEach', () => {
-  it('executes async tasks sequentially', async () => {
-    const testValues = [1, 2, 3, 4, 5];
-    const results: number[] = [];
-
-    await context.asyncForEach(testValues, async value => {
-      results.push(value);
-    });
-
-    expect(results).toEqual(testValues);
-  });
+jest.spyOn(Context, 'tmpDir').mockImplementation((): string => {
+  if (!fs.existsSync(tmpDir)) {
+    fs.mkdirSync(tmpDir, {recursive: true});
+  }
+  return tmpDir;
 });
 
-// See: https://github.com/actions/toolkit/blob/master/packages/core/src/core.ts#L67
+jest.spyOn(Context, 'tmpName').mockImplementation((): string => {
+  return tmpName;
+});
+
+jest.spyOn(Docker, 'isAvailable').mockImplementation(async (): Promise<boolean> => {
+  return true;
+});
+
+const metadataJson = path.join(tmpDir, 'metadata.json');
+jest.spyOn(Bake.prototype, 'getMetadataFilePath').mockImplementation((): string => {
+  return metadataJson;
+});
+
+jest.spyOn(Builder.prototype, 'inspect').mockImplementation(async (): Promise<BuilderInfo> => {
+  return {
+    name: 'builder2',
+    driver: 'docker-container',
+    lastActivity: new Date('2023-01-16 09:45:23 +0000 UTC'),
+    nodes: [
+      {
+        buildkit: 'v0.11.0',
+        'buildkitd-flags': '--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
+        'driver-opts': ['BUILDKIT_STEP_LOG_MAX_SIZE=10485760', 'BUILDKIT_STEP_LOG_MAX_SPEED=10485760', 'JAEGER_TRACE=localhost:6831', 'image=moby/buildkit:latest', 'network=host'],
+        endpoint: 'unix:///var/run/docker.sock',
+        name: 'builder20',
+        platforms: 'linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6',
+        status: 'running'
+      }
+    ]
+  };
+});
+
+jest.spyOn(Bake.prototype, 'getDefinition').mockImplementation(async (): Promise<BakeDefinition> => {
+  return JSON.parse(`{
+    "group": {
+      "default": {
+        "targets": [
+          "validate"
+        ]
+      },
+      "validate": {
+        "targets": [
+          "lint",
+          "validate-vendor",
+          "validate-docs"
+        ]
+      }
+    },
+    "target": {
+      "lint": {
+        "context": ".",
+        "dockerfile": "./hack/dockerfiles/lint.Dockerfile",
+        "args": {
+          "BUILDKIT_CONTEXT_KEEP_GIT_DIR": "1",
+          "GO_VERSION": "1.20"
+        },
+        "output": [
+          "type=cacheonly"
+        ]
+      },
+      "validate-docs": {
+        "context": ".",
+        "dockerfile": "./hack/dockerfiles/docs.Dockerfile",
+        "args": {
+          "BUILDKIT_CONTEXT_KEEP_GIT_DIR": "1",
+          "BUILDX_EXPERIMENTAL": "1",
+          "FORMATS": "md",
+          "GO_VERSION": "1.20"
+        },
+        "target": "validate",
+        "output": [
+          "type=cacheonly"
+        ]
+      },
+      "validate-vendor": {
+        "context": ".",
+        "dockerfile": "./hack/dockerfiles/vendor.Dockerfile",
+        "args": {
+          "BUILDKIT_CONTEXT_KEEP_GIT_DIR": "1",
+          "GO_VERSION": "1.20"
+        },
+        "target": "validate",
+        "output": [
+          "type=cacheonly"
+        ]
+      }
+    }
+  }`) as BakeDefinition;
+});
+
+describe('getArgs', () => {
+  const originalEnv = process.env;
+  beforeEach(() => {
+    process.env = Object.keys(process.env).reduce((object, key) => {
+      if (!key.startsWith('INPUT_')) {
+        object[key] = process.env[key];
+      }
+      return object;
+    }, {});
+  });
+  afterEach(() => {
+    process.env = originalEnv;
+  });
+
+  // prettier-ignore
+  test.each([
+    [
+      0,
+      '0.4.1',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'bake',
+      ],
+      undefined
+    ],
+    [
+      1,
+      '0.8.2',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson
+      ],
+      undefined
+    ],
+    [
+      2,
+      '0.8.2',
+      new Map<string, string>([
+        ['source', '.'],
+        ['targets', 'webapp\nvalidate'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson,
+        'webapp', 'validate'
+      ],
+      undefined
+    ],
+    [
+      3,
+      '0.8.2',
+      new Map<string, string>([
+        ['source', '.'],
+        ['set', '*.cache-from=type=gha\n*.cache-to=type=gha'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'bake',
+        '--set', '*.cache-from=type=gha',
+        '--set', '*.cache-to=type=gha',
+        '--metadata-file', metadataJson
+      ],
+      undefined
+    ],
+    [
+      4,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+      ],
+      undefined
+    ],
+    [
+      5,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'true'],
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson,
+        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+      ],
+      undefined
+    ],
+    [
+      6,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'mode=max'],
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson,
+        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+      ],
+      undefined
+    ],
+    [
+      7,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'false'],
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson,
+        "--provenance", 'false'
+      ],
+      undefined
+    ],
+    [
+      8,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['provenance', 'builder-id=foo'],
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson,
+        "--provenance", 'builder-id=foo'
+      ],
+      undefined
+    ],
+    [
+      9,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['set', `*.platform=linux/amd64,linux/ppc64le,linux/s390x\n*.output=type=image,"name=moby/buildkit:v0.11.0,moby/buildkit:latest",push=true`],
+        ['targets', `"image-all"`],
+      ]),
+      [
+        'bake',
+        '--set', '*.platform=linux/amd64,linux/ppc64le,linux/s390x',
+        '--set', `*.output=type=image,"name=moby/buildkit:v0.11.0,moby/buildkit:latest",push=true`,
+        '--metadata-file', metadataJson,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        'image-all'
+      ],
+      undefined
+    ],
+    [
+      10,
+      '0.10.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['set', `*.labels.foo=bar=#baz`],
+        ['targets', `"image-all"`],
+      ]),
+      [
+        'bake',
+        '--set', `*.labels.foo=bar=#baz`,
+        '--metadata-file', metadataJson,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+        'image-all'
+      ],
+      undefined
+    ],
+    [
+      11,
+      '0.10.0',
+      new Map<string, string>([
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['files', './foo.hcl'],
+      ]),
+      [
+        'bake',
+        'https://github.com/docker/build-push-action.git#refs/heads/master',
+        '--file', './foo.hcl',
+        '--metadata-file', metadataJson,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+      ],
+      undefined
+    ],
+    [
+      12,
+      '0.17.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['allow', 'network.host'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+      ]),
+      [
+        'bake',
+        '--allow', 'network.host',
+        '--metadata-file', metadataJson,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`
+      ],
+      undefined
+    ],
+    [
+      13,
+      '0.15.0',
+      new Map<string, string>([
+        ['source', '{{defaultContext}}:subdir'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false'],
+        ['files', './foo.hcl'],
+      ]),
+      [
+        'bake',
+        'https://github.com/docker/build-push-action.git#refs/heads/master:subdir',
+        '--file', './foo.hcl',
+        '--metadata-file', metadataJson,
+        '--provenance', `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789/attempts/1`,
+      ],
+      undefined
+    ],
+    [
+      14,
+      '0.15.0',
+      new Map<string, string>([
+        ['source', '.'],
+        ['load', 'false'],
+        ['no-cache', 'false'],
+        ['push', 'false'],
+        ['pull', 'false']
+      ]),
+      [
+        'bake',
+        '--metadata-file', metadataJson
+      ],
+      new Map<string, string>([
+        ['BUILDX_NO_DEFAULT_ATTESTATIONS', '1']
+      ])
+    ],
+  ])(
+    '[%d] given %p with %p as inputs, returns %p',
+    async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>, envs: Map<string, string> | undefined) => {
+      if (envs) {
+        envs.forEach((value: string, name: string) => {
+          process.env[name] = value;
+        });
+      }
+      inputs.forEach((value: string, name: string) => {
+        setInput(name, value);
+      });
+      const toolkit = new Toolkit();
+      jest.spyOn(Buildx.prototype, 'version').mockImplementation(async (): Promise<string> => {
+        return buildxVersion;
+      });
+      const inp = await context.getInputs();
+      const definition = await toolkit.buildxBake.getDefinition(
+        {
+          files: inp.files,
+          load: inp.load,
+          noCache: inp['no-cache'],
+          overrides: inp.set,
+          provenance: inp.provenance,
+          push: inp.push,
+          sbom: inp.sbom,
+          source: inp.source,
+          targets: inp.targets
+        },
+        {
+          cwd: inp.workdir
+        }
+      );
+      const res = await context.getArgs(inp, definition, toolkit);
+      expect(res).toEqual(expected);
+    }
+  );
+});
+
+// See: https://github.com/actions/toolkit/blob/a1b068ec31a042ff1e10a522d8fdf0b8869d53ca/packages/core/src/core.ts#L89
 function getInputName(name: string): string {
   return `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
 }

__tests__/fixtures/github-repo.json

@@ -0,0 +1,362 @@
+{
+  "id": 1296269,
+  "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+  "name": "Hello-World",
+  "full_name": "octocat/Hello-World",
+  "owner": {
+    "login": "octocat",
+    "id": 1,
+    "node_id": "MDQ6VXNlcjE=",
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/octocat",
+    "html_url": "https://github.com/octocat",
+    "followers_url": "https://api.github.com/users/octocat/followers",
+    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+    "organizations_url": "https://api.github.com/users/octocat/orgs",
+    "repos_url": "https://api.github.com/users/octocat/repos",
+    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/octocat/received_events",
+    "type": "User",
+    "site_admin": false
+  },
+  "private": false,
+  "html_url": "https://github.com/octocat/Hello-World",
+  "description": "This your first repo!",
+  "fork": false,
+  "url": "https://api.github.com/repos/octocat/Hello-World",
+  "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
+  "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
+  "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
+  "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
+  "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
+  "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
+  "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
+  "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
+  "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
+  "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
+  "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
+  "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
+  "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
+  "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
+  "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
+  "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
+  "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
+  "git_url": "git:github.com/octocat/Hello-World.git",
+  "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
+  "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
+  "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
+  "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
+  "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
+  "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
+  "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
+  "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
+  "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
+  "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
+  "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
+  "ssh_url": "git@github.com:octocat/Hello-World.git",
+  "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
+  "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
+  "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
+  "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
+  "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
+  "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
+  "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
+  "clone_url": "https://github.com/octocat/Hello-World.git",
+  "mirror_url": "git:git.example.com/octocat/Hello-World",
+  "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
+  "svn_url": "https://svn.github.com/octocat/Hello-World",
+  "homepage": "https://github.com",
+  "language": null,
+  "forks_count": 9,
+  "stargazers_count": 80,
+  "watchers_count": 80,
+  "size": 108,
+  "default_branch": "master",
+  "open_issues_count": 0,
+  "is_template": true,
+  "topics": [
+    "octocat",
+    "atom",
+    "electron",
+    "api"
+  ],
+  "has_issues": true,
+  "has_projects": true,
+  "has_wiki": true,
+  "has_pages": false,
+  "has_downloads": true,
+  "archived": false,
+  "disabled": false,
+  "visibility": "public",
+  "pushed_at": "2011-01-26T19:06:43Z",
+  "created_at": "2011-01-26T19:01:12Z",
+  "updated_at": "2011-01-26T19:14:43Z",
+  "permissions": {
+    "pull": true,
+    "triage": true,
+    "push": false,
+    "maintain": false,
+    "admin": false
+  },
+  "allow_rebase_merge": true,
+  "template_repository": null,
+  "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
+  "allow_squash_merge": true,
+  "delete_branch_on_merge": true,
+  "allow_merge_commit": true,
+  "subscribers_count": 42,
+  "network_count": 0,
+  "license": {
+    "key": "mit",
+    "name": "MIT License",
+    "spdx_id": "MIT",
+    "url": "https://api.github.com/licenses/mit",
+    "node_id": "MDc6TGljZW5zZW1pdA=="
+  },
+  "organization": {
+    "login": "octocat",
+    "id": 1,
+    "node_id": "MDQ6VXNlcjE=",
+    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/octocat",
+    "html_url": "https://github.com/octocat",
+    "followers_url": "https://api.github.com/users/octocat/followers",
+    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+    "organizations_url": "https://api.github.com/users/octocat/orgs",
+    "repos_url": "https://api.github.com/users/octocat/repos",
+    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/octocat/received_events",
+    "type": "Organization",
+    "site_admin": false
+  },
+  "parent": {
+    "id": 1296269,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+    "name": "Hello-World",
+    "full_name": "octocat/Hello-World",
+    "owner": {
+      "login": "octocat",
+      "id": 1,
+      "node_id": "MDQ6VXNlcjE=",
+      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/octocat",
+      "html_url": "https://github.com/octocat",
+      "followers_url": "https://api.github.com/users/octocat/followers",
+      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+      "organizations_url": "https://api.github.com/users/octocat/orgs",
+      "repos_url": "https://api.github.com/users/octocat/repos",
+      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/octocat/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/octocat/Hello-World",
+    "description": "This your first repo!",
+    "fork": false,
+    "url": "https://api.github.com/repos/octocat/Hello-World",
+    "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
+    "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
+    "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
+    "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
+    "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
+    "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
+    "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
+    "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
+    "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
+    "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
+    "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
+    "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
+    "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
+    "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
+    "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
+    "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
+    "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
+    "git_url": "git:github.com/octocat/Hello-World.git",
+    "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
+    "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
+    "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
+    "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
+    "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
+    "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
+    "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
+    "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
+    "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
+    "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
+    "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
+    "ssh_url": "git@github.com:octocat/Hello-World.git",
+    "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
+    "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
+    "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
+    "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
+    "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
+    "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
+    "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
+    "clone_url": "https://github.com/octocat/Hello-World.git",
+    "mirror_url": "git:git.example.com/octocat/Hello-World",
+    "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
+    "svn_url": "https://svn.github.com/octocat/Hello-World",
+    "homepage": "https://github.com",
+    "language": null,
+    "forks_count": 9,
+    "stargazers_count": 80,
+    "watchers_count": 80,
+    "size": 108,
+    "default_branch": "master",
+    "open_issues_count": 0,
+    "is_template": true,
+    "topics": [
+      "octocat",
+      "atom",
+      "electron",
+      "api"
+    ],
+    "has_issues": true,
+    "has_projects": true,
+    "has_wiki": true,
+    "has_pages": false,
+    "has_downloads": true,
+    "archived": false,
+    "disabled": false,
+    "visibility": "public",
+    "pushed_at": "2011-01-26T19:06:43Z",
+    "created_at": "2011-01-26T19:01:12Z",
+    "updated_at": "2011-01-26T19:14:43Z",
+    "permissions": {
+      "admin": false,
+      "push": false,
+      "pull": true
+    },
+    "allow_rebase_merge": true,
+    "template_repository": null,
+    "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
+    "allow_squash_merge": true,
+    "delete_branch_on_merge": true,
+    "allow_merge_commit": true,
+    "subscribers_count": 42,
+    "network_count": 0
+  },
+  "source": {
+    "id": 1296269,
+    "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
+    "name": "Hello-World",
+    "full_name": "octocat/Hello-World",
+    "owner": {
+      "login": "octocat",
+      "id": 1,
+      "node_id": "MDQ6VXNlcjE=",
+      "avatar_url": "https://github.com/images/error/octocat_happy.gif",
+      "gravatar_id": "",
+      "url": "https://api.github.com/users/octocat",
+      "html_url": "https://github.com/octocat",
+      "followers_url": "https://api.github.com/users/octocat/followers",
+      "following_url": "https://api.github.com/users/octocat/following{/other_user}",
+      "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+      "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+      "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+      "organizations_url": "https://api.github.com/users/octocat/orgs",
+      "repos_url": "https://api.github.com/users/octocat/repos",
+      "events_url": "https://api.github.com/users/octocat/events{/privacy}",
+      "received_events_url": "https://api.github.com/users/octocat/received_events",
+      "type": "User",
+      "site_admin": false
+    },
+    "private": false,
+    "html_url": "https://github.com/octocat/Hello-World",
+    "description": "This your first repo!",
+    "fork": false,
+    "url": "https://api.github.com/repos/octocat/Hello-World",
+    "archive_url": "http://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
+    "assignees_url": "http://api.github.com/repos/octocat/Hello-World/assignees{/user}",
+    "blobs_url": "http://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
+    "branches_url": "http://api.github.com/repos/octocat/Hello-World/branches{/branch}",
+    "collaborators_url": "http://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
+    "comments_url": "http://api.github.com/repos/octocat/Hello-World/comments{/number}",
+    "commits_url": "http://api.github.com/repos/octocat/Hello-World/commits{/sha}",
+    "compare_url": "http://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
+    "contents_url": "http://api.github.com/repos/octocat/Hello-World/contents/{+path}",
+    "contributors_url": "http://api.github.com/repos/octocat/Hello-World/contributors",
+    "deployments_url": "http://api.github.com/repos/octocat/Hello-World/deployments",
+    "downloads_url": "http://api.github.com/repos/octocat/Hello-World/downloads",
+    "events_url": "http://api.github.com/repos/octocat/Hello-World/events",
+    "forks_url": "http://api.github.com/repos/octocat/Hello-World/forks",
+    "git_commits_url": "http://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
+    "git_refs_url": "http://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
+    "git_tags_url": "http://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
+    "git_url": "git:github.com/octocat/Hello-World.git",
+    "issue_comment_url": "http://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
+    "issue_events_url": "http://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
+    "issues_url": "http://api.github.com/repos/octocat/Hello-World/issues{/number}",
+    "keys_url": "http://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
+    "labels_url": "http://api.github.com/repos/octocat/Hello-World/labels{/name}",
+    "languages_url": "http://api.github.com/repos/octocat/Hello-World/languages",
+    "merges_url": "http://api.github.com/repos/octocat/Hello-World/merges",
+    "milestones_url": "http://api.github.com/repos/octocat/Hello-World/milestones{/number}",
+    "notifications_url": "http://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
+    "pulls_url": "http://api.github.com/repos/octocat/Hello-World/pulls{/number}",
+    "releases_url": "http://api.github.com/repos/octocat/Hello-World/releases{/id}",
+    "ssh_url": "git@github.com:octocat/Hello-World.git",
+    "stargazers_url": "http://api.github.com/repos/octocat/Hello-World/stargazers",
+    "statuses_url": "http://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
+    "subscribers_url": "http://api.github.com/repos/octocat/Hello-World/subscribers",
+    "subscription_url": "http://api.github.com/repos/octocat/Hello-World/subscription",
+    "tags_url": "http://api.github.com/repos/octocat/Hello-World/tags",
+    "teams_url": "http://api.github.com/repos/octocat/Hello-World/teams",
+    "trees_url": "http://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
+    "clone_url": "https://github.com/octocat/Hello-World.git",
+    "mirror_url": "git:git.example.com/octocat/Hello-World",
+    "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks",
+    "svn_url": "https://svn.github.com/octocat/Hello-World",
+    "homepage": "https://github.com",
+    "language": null,
+    "forks_count": 9,
+    "stargazers_count": 80,
+    "watchers_count": 80,
+    "size": 108,
+    "default_branch": "master",
+    "open_issues_count": 0,
+    "is_template": true,
+    "topics": [
+      "octocat",
+      "atom",
+      "electron",
+      "api"
+    ],
+    "has_issues": true,
+    "has_projects": true,
+    "has_wiki": true,
+    "has_pages": false,
+    "has_downloads": true,
+    "archived": false,
+    "disabled": false,
+    "visibility": "public",
+    "pushed_at": "2011-01-26T19:06:43Z",
+    "created_at": "2011-01-26T19:01:12Z",
+    "updated_at": "2011-01-26T19:14:43Z",
+    "permissions": {
+      "admin": false,
+      "push": false,
+      "pull": true
+    },
+    "allow_rebase_merge": true,
+    "template_repository": null,
+    "temp_clone_token": "ABTLWHOULUVAXGTRYU7OC2876QJ2O",
+    "allow_squash_merge": true,
+    "delete_branch_on_merge": true,
+    "allow_merge_commit": true,
+    "subscribers_count": 42,
+    "network_count": 0
+  }
+}

action.yml

@@ -1,7 +1,7 @@
 # https://help.github.com/en/articles/metadata-syntax-for-github-actions
 name: "Docker Buildx Bake"
 description: "GitHub Action to use Docker Buildx Bake as a high-level build command"
-author: crazy-max
+author: 'docker'
 branding:
   icon: 'anchor'
   color: 'blue'
@@ -10,11 +10,21 @@ inputs:
   builder:
     description: "Builder instance"
     required: false
+  workdir:
+    description: "Working directory of bake execution"
+    required: false
+    default: '.'
+  source:
+    description: "Context to build from. Can be either local or a remote bake definition"
+    required: false
+  allow:
+    description: "Allow build to access specified resources (e.g., network.host)"
+    required: false
+  call:
+    description: "Set method for evaluating build (e.g., check)"
+    required: false
   files:
     description: "List of bake definition files"
-    required: true
-  targets:
-    description: "List of bake targets"
     required: false
   no-cache:
     description: "Do not use cache when building the image"
@@ -28,15 +38,32 @@ inputs:
     description: "Load is a shorthand for --set=*.output=type=docker"
     required: false
     default: 'false'
+  provenance:
+    description: "Provenance is a shorthand for --set=*.attest=type=provenance"
+    required: false
   push:
     description: "Push is a shorthand for --set=*.output=type=registry"
     required: false
     default: 'false'
+  sbom:
+    description: "SBOM is a shorthand for --set=*.attest=type=sbom"
+    required: false
   set:
     description: "List of targets values to override (eg. targetpattern.key=value)"
     required: false
+  targets:
+    description: "List of bake targets"
+    required: false
+  github-token:
+    description: "API token used to authenticate to a Git repository for remote definitions"
+    default: ${{ github.token }}
+    required: false
+
+outputs:
+  metadata:
+    description: 'Build result metadata'
 
 runs:
-  using: 'node12'
+  using: 'node20'
   main: 'dist/index.js'
   post: 'dist/index.js'

codecov.yml

@@ -0,0 +1,3 @@
+comment: false
+github_checks:
+  annotations: false

dev.Dockerfile

@@ -0,0 +1,80 @@
+# syntax=docker/dockerfile:1
+
+ARG NODE_VERSION=20
+
+FROM node:${NODE_VERSION}-alpine AS base
+RUN apk add --no-cache cpio findutils git
+WORKDIR /src
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache <<EOT
+  corepack enable
+  yarn --version
+  yarn config set --home enableTelemetry 0
+EOT
+
+FROM base AS deps
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
+  --mount=type=cache,target=/src/node_modules \
+  yarn install && mkdir /vendor && cp yarn.lock /vendor
+
+FROM scratch AS vendor-update
+COPY --from=deps /vendor /
+
+FROM deps AS vendor-validate
+RUN --mount=type=bind,target=.,rw <<EOT
+  set -e
+  git add -A
+  cp -rf /vendor/* .
+  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+    git status --porcelain -- yarn.lock
+    exit 1
+  fi
+EOT
+
+FROM deps AS build
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run build && mkdir /out && cp -Rf dist /out/
+
+FROM scratch AS build-update
+COPY --from=build /out /
+
+FROM build AS build-validate
+RUN --mount=type=bind,target=.,rw <<EOT
+  set -e
+  git add -A
+  cp -rf /out/* .
+  if [ -n "$(git status --porcelain -- dist)" ]; then
+    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+    git status --porcelain -- dist
+    exit 1
+  fi
+EOT
+
+FROM deps AS format
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run format \
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
+
+FROM scratch AS format-update
+COPY --from=format /out /
+
+FROM deps AS lint
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run lint
+
+FROM deps AS test
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
+  --mount=type=cache,target=/src/node_modules \
+  yarn run test --coverage --coverageDirectory=/tmp/coverage
+
+FROM scratch AS test-coverage
+COPY --from=test /tmp/coverage /

docker-bake.hcl

@@ -1,54 +1,66 @@
+target "_common" {
+  args = {
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
 group "default" {
   targets = ["build"]
 }
 
 group "pre-checkin" {
-  targets = ["update-yarn", "format", "build"]
+  targets = ["vendor", "format", "build"]
 }
 
 group "validate" {
-  targets = ["validate-format", "validate-build", "validate-yarn"]
-}
-
-target "dockerfile" {
-  dockerfile = "Dockerfile.dev"
-}
-
-target "update-yarn" {
-  inherits = ["dockerfile"]
-  target = "update-yarn"
-  output = ["."]
+  targets = ["lint", "build-validate", "vendor-validate"]
 }
 
 target "build" {
-  inherits = ["dockerfile"]
-  target = "dist"
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "build-update"
   output = ["."]
 }
 
-target "test" {
-  inherits = ["dockerfile"]
-  target = "test-coverage"
-  output = ["."]
+target "build-validate" {
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "build-validate"
+  output = ["type=cacheonly"]
 }
 
 target "format" {
-  inherits = ["dockerfile"]
-  target = "format"
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "format-update"
   output = ["."]
 }
 
-target "validate-format" {
-  inherits = ["dockerfile"]
-  target = "validate-format"
+target "lint" {
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "lint"
+  output = ["type=cacheonly"]
 }
 
-target "validate-build" {
-  inherits = ["dockerfile"]
-  target = "validate-build"
+target "vendor" {
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "vendor-update"
+  output = ["."]
 }
 
-target "validate-yarn" {
-  inherits = ["dockerfile"]
-  target = "validate-yarn"
+target "vendor-validate" {
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "vendor-validate"
+  output = ["type=cacheonly"]
+}
+
+target "test" {
+  inherits = ["_common"]
+  dockerfile = "dev.Dockerfile"
+  target = "test-coverage"
+  output = ["./coverage"]
 }

jest.config.js

@@ -1,12 +0,0 @@
-module.exports = {
-  clearMocks: true,
-  moduleFileExtensions: ['js', 'ts'],
-  setupFiles: ["dotenv/config"],
-  testEnvironment: 'node',
-  testMatch: ['**/*.test.ts'],
-  testRunner: 'jest-circus/runner',
-  transform: {
-    '^.+\\.ts$': 'ts-jest'
-  },
-  verbose: false
-}

jest.config.ts

@@ -0,0 +1,30 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-bake-action-'));
+
+process.env = Object.assign({}, process.env, {
+  TEMP: tmpDir,
+  GITHUB_REPOSITORY: 'docker/bake-action',
+  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
+  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
+}) as {
+  [key: string]: string;
+};
+
+module.exports = {
+  clearMocks: true,
+  testEnvironment: 'node',
+  moduleFileExtensions: ['js', 'ts'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  moduleNameMapper: {
+    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
+  },
+  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
+  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
+  verbose: true
+};

package.json

@@ -1,17 +1,20 @@
 {
   "name": "docker-buildx-bake",
   "description": "GitHub Action to use Docker Buildx Bake as a high-level build command",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
   "scripts": {
-    "build": "tsc && ncc build",
-    "format": "prettier --write **/*.ts",
-    "format-check": "prettier --check **/*.ts",
-    "test": "jest --coverage",
-    "pre-checkin": "yarn run format && yarn run build"
+    "build": "ncc build --source-map --minify --license licenses.txt",
+    "lint": "yarn run prettier && yarn run eslint",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
+    "eslint": "eslint --max-warnings=0 .",
+    "eslint:fix": "eslint --fix .",
+    "prettier": "prettier --check \"./**/*.ts\"",
+    "prettier:fix": "prettier --write \"./**/*.ts\"",
+    "test": "jest"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/crazy-max/ghaction-docker-buildx-bake.git"
+    "url": "git+https://github.com/docker/bake-action.git"
   },
   "keywords": [
     "actions",
@@ -19,34 +22,27 @@
     "buildx",
     "bake"
   ],
-  "author": "CrazyMax",
-  "contributors": [
-    {
-      "name": "CrazyMax",
-      "url": "https://crazymax.dev"
-    }
-  ],
+  "author": "Docker Inc.",
   "license": "Apache-2.0",
+  "packageManager": "yarn@4.9.2",
   "dependencies": {
-    "@actions/core": "^1.2.6",
-    "@actions/exec": "^1.0.4",
-    "@actions/github": "^4.0.0",
-    "csv-parse": "^4.14.2",
-    "semver": "^7.3.4",
-    "tmp": "^0.2.1"
+    "@actions/core": "^1.11.1",
+    "@docker/actions-toolkit": "^0.63.0",
+    "handlebars": "^4.7.8"
   },
   "devDependencies": {
-    "@types/jest": "^26.0.3",
-    "@types/node": "^14.0.14",
-    "@types/tmp": "^0.2.0",
-    "@vercel/ncc": "^0.23.0",
-    "dotenv": "^8.2.0",
-    "jest": "^26.1.0",
-    "jest-circus": "^26.1.0",
-    "jest-runtime": "^26.1.0",
-    "prettier": "^2.0.5",
-    "ts-jest": "^26.1.1",
-    "typescript": "^3.9.5",
-    "typescript-formatter": "^7.2.2"
+    "@types/node": "^20.19.9",
+    "@typescript-eslint/eslint-plugin": "^7.18.0",
+    "@typescript-eslint/parser": "^7.18.0",
+    "@vercel/ncc": "^0.38.3",
+    "eslint": "^8.57.1",
+    "eslint-config-prettier": "^9.1.2",
+    "eslint-plugin-jest": "^28.14.0",
+    "eslint-plugin-prettier": "^5.5.4",
+    "jest": "^29.7.0",
+    "prettier": "^3.6.2",
+    "ts-jest": "^29.4.1",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.2"
   }
 }

src/buildx.ts

@@ -1,28 +0,0 @@
-import * as semver from 'semver';
-import * as exec from './exec';
-
-export async function isAvailable(): Promise<Boolean> {
-  return await exec.exec(`docker`, ['buildx'], true).then(res => {
-    if (res.stderr != '' && !res.success) {
-      return false;
-    }
-    return res.success;
-  });
-}
-
-export async function getVersion(): Promise<string> {
-  return await exec.exec(`docker`, ['buildx', 'version'], true).then(res => {
-    if (res.stderr != '' && !res.success) {
-      throw new Error(res.stderr);
-    }
-    return parseVersion(res.stdout);
-  });
-}
-
-export async function parseVersion(stdout: string): Promise<string> {
-  const matches = /\sv?([0-9.]+)/.exec(stdout);
-  if (!matches) {
-    throw new Error(`Cannot parse Buildx version`);
-  }
-  return semver.clean(matches[1]);
-}

src/context.ts

@@ -1,53 +1,117 @@
-import csvparse from 'csv-parse/lib/sync';
-import * as buildx from './buildx';
 import * as core from '@actions/core';
+import * as handlebars from 'handlebars';
+
+import {Bake} from '@docker/actions-toolkit/lib/buildx/bake';
+import {Build} from '@docker/actions-toolkit/lib/buildx/build';
+import {Context} from '@docker/actions-toolkit/lib/context';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {Util} from '@docker/actions-toolkit/lib/util';
+
+import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
 
 export interface Inputs {
   builder: string;
+  workdir: string;
+  source: string;
+  allow: string[];
+  call: string;
   files: string[];
-  targets: string[];
-  noCache: boolean;
+  'no-cache': boolean;
   pull: boolean;
   load: boolean;
+  provenance: string;
   push: boolean;
+  sbom: string;
   set: string[];
+  targets: string[];
+  'github-token': string;
 }
 
 export async function getInputs(): Promise<Inputs> {
   return {
     builder: core.getInput('builder'),
-    files: getInputList('files'),
-    targets: getInputList('targets'),
-    noCache: /true/i.test(core.getInput('no-cache')),
-    pull: /true/i.test(core.getInput('pull')),
-    load: /true/i.test(core.getInput('load')),
-    push: /true/i.test(core.getInput('push')),
-    set: getInputList('set', true)
+    workdir: core.getInput('workdir') || '.',
+    source: getSourceInput('source'),
+    allow: Util.getInputList('allow'),
+    call: core.getInput('call'),
+    files: Util.getInputList('files'),
+    'no-cache': core.getBooleanInput('no-cache'),
+    pull: core.getBooleanInput('pull'),
+    load: core.getBooleanInput('load'),
+    provenance: Build.getProvenanceInput('provenance'),
+    push: core.getBooleanInput('push'),
+    sbom: core.getInput('sbom'),
+    set: Util.getInputList('set', {ignoreComma: true, quote: false}),
+    targets: Util.getInputList('targets'),
+    'github-token': core.getInput('github-token')
   };
 }
 
-export async function getArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = ['buildx'];
-  args.push.apply(args, await getBakeArgs(inputs, buildxVersion));
-  args.push.apply(args, await getCommonArgs(inputs));
-  args.push.apply(args, inputs.targets);
-  return args;
+export async function getArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
+  // prettier-ignore
+  return [
+    ...await getBakeArgs(inputs, definition, toolkit),
+    ...await getCommonArgs(inputs),
+    ...inputs.targets
+  ];
 }
 
-async function getBakeArgs(inputs: Inputs, buildxVersion: string): Promise<Array<string>> {
-  let args: Array<string> = ['bake'];
-  await asyncForEach(inputs.files, async file => {
+async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit: Toolkit): Promise<Array<string>> {
+  const args: Array<string> = ['bake'];
+  if (inputs.source) {
+    args.push(inputs.source);
+  }
+  if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
+    if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
+      // allow filesystem entitlements by default
+      inputs.allow.push('fs=*');
+    }
+    await Util.asyncForEach(inputs.allow, async allow => {
+      args.push('--allow', allow);
+    });
+  }
+  if (inputs.call) {
+    if (!(await toolkit.buildx.versionSatisfies('>=0.16.0'))) {
+      throw new Error(`Buildx >= 0.16.0 is required to use the call flag.`);
+    }
+    args.push('--call', inputs.call);
+  }
+  await Util.asyncForEach(inputs.files, async file => {
     args.push('--file', file);
   });
-  await asyncForEach(inputs.set, async set => {
+  await Util.asyncForEach(inputs.set, async set => {
     args.push('--set', set);
   });
+  if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
+    args.push('--metadata-file', toolkit.buildxBake.getMetadataFilePath());
+  }
+  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
+    if (inputs.provenance) {
+      args.push('--provenance', inputs.provenance);
+    } else if (!noDefaultAttestations() && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Bake.hasDockerExporter(definition, inputs.load)) {
+      // if provenance not specified and BuildKit version compatible for
+      // attestation, set default provenance. Also needs to make sure user
+      // doesn't want to explicitly load the image to docker.
+      if (GitHub.context.payload.repository?.private ?? false) {
+        // if this is a private repository, we set the default provenance
+        // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
+        args.push('--provenance', Build.resolveProvenanceAttrs(`mode=min,inline-only=true`));
+      } else {
+        // for a public repository, we set max provenance mode.
+        args.push('--provenance', Build.resolveProvenanceAttrs(`mode=max`));
+      }
+    }
+    if (inputs.sbom) {
+      args.push('--sbom', inputs.sbom);
+    }
+  }
   return args;
 }
 
 async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
-  let args: Array<string> = [];
-  if (inputs.noCache) {
+  const args: Array<string> = [];
+  if (inputs['no-cache']) {
     args.push('--no-cache');
   }
   if (inputs.builder) {
@@ -65,34 +129,22 @@ async function getCommonArgs(inputs: Inputs): Promise<Array<string>> {
   return args;
 }
 
-export function getInputList(name: string, ignoreComma?: boolean): string[] {
-  let res: Array<string> = [];
-
-  const items = core.getInput(name);
-  if (items == '') {
-    return res;
+function getSourceInput(name: string): string {
+  let source = handlebars.compile(core.getInput(name))({
+    defaultContext: Context.gitContext()
+  });
+  if (!source) {
+    source = Context.gitContext();
   }
-
-  for (let output of csvparse(items, {
-    columns: false,
-    relaxColumnCount: true,
-    skipLinesWithEmptyValues: true
-  }) as Array<string[]>) {
-    if (output.length == 1) {
-      res.push(output[0]);
-      continue;
-    } else if (!ignoreComma) {
-      res.push(...output);
-      continue;
-    }
-    res.push(output.join(','));
+  if (source === '.') {
+    source = '';
   }
-
-  return res.filter(item => item).map(pat => pat.trim());
+  return source;
 }
 
-export const asyncForEach = async (array, callback) => {
-  for (let index = 0; index < array.length; index++) {
-    await callback(array[index], index, array);
+function noDefaultAttestations(): boolean {
+  if (process.env.BUILDX_NO_DEFAULT_ATTESTATIONS) {
+    return Util.parseBool(process.env.BUILDX_NO_DEFAULT_ATTESTATIONS);
   }
-};
+  return false;
+}

src/exec.ts

@@ -1,34 +0,0 @@
-import * as aexec from '@actions/exec';
-import {ExecOptions} from '@actions/exec';
-
-export interface ExecResult {
-  success: boolean;
-  stdout: string;
-  stderr: string;
-}
-
-export const exec = async (command: string, args: string[] = [], silent: boolean): Promise<ExecResult> => {
-  let stdout: string = '';
-  let stderr: string = '';
-
-  const options: ExecOptions = {
-    silent: silent,
-    ignoreReturnCode: true
-  };
-  options.listeners = {
-    stdout: (data: Buffer) => {
-      stdout += data.toString();
-    },
-    stderr: (data: Buffer) => {
-      stderr += data.toString();
-    }
-  };
-
-  const returnCode: number = await aexec.exec(command, args, options);
-
-  return {
-    success: returnCode === 0,
-    stdout: stdout.trim(),
-    stderr: stderr.trim()
-  };
-};

src/main.ts

@@ -1,36 +1,349 @@
-import * as os from 'os';
-import * as buildx from './buildx';
-import * as context from './context';
+import * as fs from 'fs';
+import * as path from 'path';
 import * as core from '@actions/core';
-import * as exec from '@actions/exec';
+import * as actionsToolkit from '@docker/actions-toolkit';
 
-async function run(): Promise<void> {
-  try {
-    if (os.platform() !== 'linux') {
-      core.setFailed('Only supported on linux platform');
+import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
+import {History as BuildxHistory} from '@docker/actions-toolkit/lib/buildx/history';
+import {Context} from '@docker/actions-toolkit/lib/context';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+import {Exec} from '@docker/actions-toolkit/lib/exec';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {Util} from '@docker/actions-toolkit/lib/util';
+
+import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
+import {BuilderInfo} from '@docker/actions-toolkit/lib/types/buildx/builder';
+import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker/docker';
+import {UploadArtifactResponse} from '@docker/actions-toolkit/lib/types/github';
+
+import * as context from './context';
+import * as stateHelper from './state-helper';
+
+actionsToolkit.run(
+  // main
+  async () => {
+    const startedTime = new Date();
+
+    const inputs: context.Inputs = await context.getInputs();
+    stateHelper.setSummaryInputs(inputs);
+    core.debug(`inputs: ${JSON.stringify(inputs)}`);
+
+    const toolkit = new Toolkit();
+    const gitAuthToken = process.env.BUILDX_BAKE_GIT_AUTH_TOKEN ?? inputs['github-token'];
+
+    await core.group(`GitHub Actions runtime token ACs`, async () => {
+      try {
+        await GitHub.printActionsRuntimeTokenACs();
+      } catch (e) {
+        core.warning(e.message);
+      }
+    });
+
+    await core.group(`Docker info`, async () => {
+      try {
+        await Docker.printVersion();
+        await Docker.printInfo();
+      } catch (e) {
+        core.info(e.message);
+      }
+    });
+
+    await core.group(`Proxy configuration`, async () => {
+      let dockerConfig: ConfigFile | undefined;
+      let dockerConfigMalformed = false;
+      try {
+        dockerConfig = await Docker.configFile();
+      } catch (e) {
+        dockerConfigMalformed = true;
+        core.warning(`Unable to parse config file ${path.join(Docker.configDir, 'config.json')}: ${e}`);
+      }
+      if (dockerConfig && dockerConfig.proxies) {
+        for (const host in dockerConfig.proxies) {
+          let prefix = '';
+          if (Object.keys(dockerConfig.proxies).length > 1) {
+            prefix = '  ';
+            core.info(host);
+          }
+          for (const key in dockerConfig.proxies[host]) {
+            core.info(`${prefix}${key}: ${dockerConfig.proxies[host][key]}`);
+          }
+        }
+      } else if (!dockerConfigMalformed) {
+        core.info('No proxy configuration found');
+      }
+    });
+
+    if (!(await toolkit.buildx.isAvailable())) {
+      core.setFailed(`Docker buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
       return;
     }
 
-    if (!(await buildx.isAvailable())) {
-      core.setFailed(`Buildx is required. See https://github.com/docker/setup-buildx-action to set up buildx.`);
-      return;
+    stateHelper.setTmpDir(Context.tmpDir());
+
+    await core.group(`Buildx version`, async () => {
+      await toolkit.buildx.printVersion();
+    });
+
+    let builder: BuilderInfo;
+    await core.group(`Builder info`, async () => {
+      builder = await toolkit.builder.inspect(inputs.builder);
+      stateHelper.setBuilderDriver(builder.driver ?? '');
+      stateHelper.setBuilderEndpoint(builder.nodes?.[0]?.endpoint ?? '');
+      core.info(JSON.stringify(builder, null, 2));
+    });
+
+    let definition: BakeDefinition | undefined;
+    await core.group(`Parsing raw definition`, async () => {
+      definition = await toolkit.buildxBake.getDefinition(
+        {
+          allow: inputs.allow,
+          files: inputs.files,
+          load: inputs.load,
+          noCache: inputs['no-cache'],
+          overrides: inputs.set,
+          provenance: inputs.provenance,
+          push: inputs.push,
+          sbom: inputs.sbom,
+          source: inputs.source,
+          targets: inputs.targets,
+          githubToken: gitAuthToken
+        },
+        {
+          cwd: inputs.workdir
+        }
+      );
+    });
+    if (!definition) {
+      throw new Error('Bake definition not set');
+    }
+    stateHelper.setBakeDefinition(definition);
+
+    const args: string[] = await context.getArgs(inputs, definition, toolkit);
+    const buildCmd = await toolkit.buildx.getCommand(args);
+    const buildEnv = Object.assign({}, process.env, {
+      BUILDX_BAKE_GIT_AUTH_TOKEN: gitAuthToken,
+      BUILDX_METADATA_WARNINGS: 'true'
+    }) as {
+      [key: string]: string;
+    };
+
+    await core.group(`Bake definition`, async () => {
+      await Exec.getExecOutput(buildCmd.command, [...buildCmd.args, '--print'], {
+        cwd: inputs.workdir,
+        env: buildEnv,
+        ignoreReturnCode: true
+      }).then(res => {
+        if (res.stderr.length > 0 && res.exitCode != 0) {
+          throw Error(res.stderr);
+        }
+      });
+    });
+
+    let err: Error | undefined;
+    await Exec.getExecOutput(buildCmd.command, buildCmd.args, {
+      cwd: inputs.workdir,
+      env: buildEnv,
+      ignoreReturnCode: true
+    }).then(res => {
+      if (res.exitCode != 0) {
+        if (inputs.call && inputs.call === 'check' && res.stdout.length > 0) {
+          // checks warnings are printed to stdout: https://github.com/docker/buildx/pull/2647
+          // with bake we can have multiple targets being checked so we need to
+          // count the total number of warnings
+          const totalWarnings = [...res.stdout.matchAll(/^Check complete, (\d+) warnings? (?:has|have) been found!/gm)].reduce((sum, m) => sum + parseInt(m[1], 10), 0);
+          if (totalWarnings > 0) {
+            // https://github.com/docker/buildx/blob/1e50e8ddabe108f009b9925e13a321d7c8f99f26/commands/build.go#L797-L803
+            if (totalWarnings === 1) {
+              err = Error(`Check complete, ${totalWarnings} warning has been found!`);
+            } else {
+              err = Error(`Check complete, ${totalWarnings} warnings have been found!`);
+            }
+          } else {
+            // if there are no warnings found, return the first line of stdout
+            err = Error(res.stdout.split('\n')[0]?.trim());
+          }
+        } else if (res.stderr.length > 0) {
+          err = Error(`buildx bake failed with: ${res.stderr.match(/(.*)\s*$/)?.[0]?.trim() ?? 'unknown error'}`);
+        }
+      }
+    });
+
+    const metadata = toolkit.buildxBake.resolveMetadata();
+    if (metadata) {
+      await core.group(`Metadata`, async () => {
+        const metadatadt = JSON.stringify(metadata, null, 2);
+        core.info(metadatadt);
+        core.setOutput('metadata', metadatadt);
+      });
     }
 
-    const buildxVersion = await buildx.getVersion();
-    core.info(`📣 Buildx version: ${buildxVersion}`);
+    let refs: Array<string> = [];
+    await core.group(`Build references`, async () => {
+      refs = await buildRefs(toolkit, startedTime, inputs.builder);
+      if (refs.length > 0) {
+        for (const ref of refs) {
+          core.info(ref);
+        }
+        stateHelper.setBuildRefs(refs);
+      } else {
+        core.info('No build references found');
+      }
+    });
 
-    let inputs: context.Inputs = await context.getInputs();
-    const args: string[] = await context.getArgs(inputs, buildxVersion);
+    if (buildChecksAnnotationsEnabled()) {
+      const warnings = toolkit.buildxBake.resolveWarnings(metadata);
+      if (refs.length > 0 && warnings && warnings.length > 0) {
+        const annotations = await Buildx.convertWarningsToGitHubAnnotations(warnings, refs);
+        core.debug(`annotations: ${JSON.stringify(annotations, null, 2)}`);
+        if (annotations && annotations.length > 0) {
+          await core.group(`Generating GitHub annotations (${annotations.length} build checks found)`, async () => {
+            for (const annotation of annotations) {
+              core.warning(annotation.message, annotation);
+            }
+          });
+        }
+      }
+    }
 
-    core.startGroup(`💡 Bake definition`);
-    await exec.exec('docker', [...args, '--print']);
-    core.endGroup();
+    await core.group(`Check build summary support`, async () => {
+      if (!buildSummaryEnabled()) {
+        core.info('Build summary disabled');
+      } else if (inputs.call && inputs.call !== 'build') {
+        core.info(`Build summary skipped for ${inputs.call} subrequest`);
+      } else if (GitHub.isGHES) {
+        core.info('Build summary is not yet supported on GHES');
+      } else if (!(await toolkit.buildx.versionSatisfies('>=0.13.0'))) {
+        core.info('Build summary requires Buildx >= 0.13.0');
+      } else if (refs.length == 0) {
+        core.info('Build summary requires at least one build reference');
+      } else {
+        core.info('Build summary supported!');
+        stateHelper.setSummarySupported();
+      }
+    });
 
-    core.info(`🏃 Building...`);
-    await exec.exec('docker', args);
-  } catch (error) {
-    core.setFailed(error.message);
+    if (err) {
+      throw err;
+    }
+  },
+  // post
+  async () => {
+    if (stateHelper.isSummarySupported) {
+      await core.group(`Generating build summary`, async () => {
+        try {
+          const recordUploadEnabled = buildRecordUploadEnabled();
+          let recordRetentionDays: number | undefined;
+          if (recordUploadEnabled) {
+            recordRetentionDays = buildRecordRetentionDays();
+          }
+
+          const buildxHistory = new BuildxHistory();
+          const exportRes = await buildxHistory.export({
+            refs: stateHelper.buildRefs,
+            useContainer: buildExportLegacy()
+          });
+          core.info(`Build records written to ${exportRes.dockerbuildFilename} (${Util.formatFileSize(exportRes.dockerbuildSize)})`);
+
+          let uploadRes: UploadArtifactResponse | undefined;
+          if (recordUploadEnabled) {
+            uploadRes = await GitHub.uploadArtifact({
+              filename: exportRes.dockerbuildFilename,
+              mimeType: 'application/gzip',
+              retentionDays: recordRetentionDays
+            });
+          }
+
+          await GitHub.writeBuildSummary({
+            exportRes: exportRes,
+            uploadRes: uploadRes,
+            inputs: stateHelper.summaryInputs,
+            bakeDefinition: stateHelper.bakeDefinition,
+            driver: stateHelper.builderDriver,
+            endpoint: stateHelper.builderEndpoint
+          });
+        } catch (e) {
+          core.warning(e.message);
+        }
+      });
+    }
+    if (stateHelper.tmpDir.length > 0) {
+      await core.group(`Removing temp folder ${stateHelper.tmpDir}`, async () => {
+        fs.rmSync(stateHelper.tmpDir, {recursive: true});
+      });
+    }
+  }
+);
+
+async function buildRefs(toolkit: Toolkit, since: Date, builder?: string): Promise<Array<string>> {
+  // get refs from metadata file
+  const metaRefs = toolkit.buildxBake.resolveRefs();
+  if (metaRefs) {
+    return metaRefs;
+  }
+  // otherwise, look for the very first build ref since the build has started
+  if (!builder) {
+    const currentBuilder = await toolkit.builder.inspect();
+    builder = currentBuilder.name;
+  }
+  const res = Buildx.refs({
+    dir: Buildx.refsDir,
+    builderName: builder,
+    since: since
+  });
+  const refs: Array<string> = [];
+  for (const ref in res) {
+    if (Object.prototype.hasOwnProperty.call(res, ref)) {
+      refs.push(ref);
+    }
+  }
+  return refs;
+}
+
+function buildChecksAnnotationsEnabled(): boolean {
+  if (process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS) {
+    return Util.parseBool(process.env.DOCKER_BUILD_CHECKS_ANNOTATIONS);
+  }
+  return true;
+}
+
+function buildSummaryEnabled(): boolean {
+  if (process.env.DOCKER_BUILD_NO_SUMMARY) {
+    core.warning('DOCKER_BUILD_NO_SUMMARY is deprecated. Set DOCKER_BUILD_SUMMARY to false instead.');
+    return !Util.parseBool(process.env.DOCKER_BUILD_NO_SUMMARY);
+  } else if (process.env.DOCKER_BUILD_SUMMARY) {
+    return Util.parseBool(process.env.DOCKER_BUILD_SUMMARY);
+  }
+  return true;
+}
+
+function buildRecordUploadEnabled(): boolean {
+  if (process.env.DOCKER_BUILD_RECORD_UPLOAD) {
+    return Util.parseBool(process.env.DOCKER_BUILD_RECORD_UPLOAD);
+  }
+  return true;
+}
+
+function buildRecordRetentionDays(): number | undefined {
+  let val: string | undefined;
+  if (process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS) {
+    core.warning('DOCKER_BUILD_EXPORT_RETENTION_DAYS is deprecated. Use DOCKER_BUILD_RECORD_RETENTION_DAYS instead.');
+    val = process.env.DOCKER_BUILD_EXPORT_RETENTION_DAYS;
+  } else if (process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS) {
+    val = process.env.DOCKER_BUILD_RECORD_RETENTION_DAYS;
+  }
+  if (val) {
+    const res = parseInt(val);
+    if (isNaN(res)) {
+      throw Error(`Invalid build record retention days: ${val}`);
+    }
+    return res;
   }
 }
 
-run();
+function buildExportLegacy(): boolean {
+  if (process.env.DOCKER_BUILD_EXPORT_LEGACY) {
+    return Util.parseBool(process.env.DOCKER_BUILD_EXPORT_LEGACY);
+  }
+  return false;
+}

src/state-helper.ts

@@ -0,0 +1,58 @@
+import * as core from '@actions/core';
+
+import {BakeDefinition} from '@docker/actions-toolkit/lib/types/buildx/bake';
+
+import {Inputs} from './context';
+
+export const tmpDir = process.env['STATE_tmpDir'] || '';
+
+export const builderDriver = process.env['STATE_builderDriver'] || '';
+export const builderEndpoint = process.env['STATE_builderEndpoint'] || '';
+export const summaryInputs = process.env['STATE_summaryInputs'] ? JSON.parse(process.env['STATE_summaryInputs']) : undefined;
+export const bakeDefinition = process.env['STATE_bakeDefinition'] ? <BakeDefinition>JSON.parse(process.env['STATE_bakeDefinition']) : undefined;
+
+export const buildRefs = process.env['STATE_buildRefs'] ? process.env['STATE_buildRefs'].split(',') : [];
+export const isSummarySupported = !!process.env['STATE_isSummarySupported'];
+
+export function setTmpDir(tmpDir: string) {
+  core.saveState('tmpDir', tmpDir);
+}
+
+export function setBuilderDriver(builderDriver: string) {
+  core.saveState('builderDriver', builderDriver);
+}
+
+export function setBuilderEndpoint(builderEndpoint: string) {
+  core.saveState('builderEndpoint', builderEndpoint);
+}
+
+export function setBakeDefinition(bakeDefinition: BakeDefinition) {
+  core.saveState('bakeDefinition', JSON.stringify(bakeDefinition));
+}
+
+export function setBuildRefs(buildRefs: Array<string>) {
+  core.saveState('buildRefs', buildRefs.join(','));
+}
+
+export function setSummarySupported() {
+  core.saveState('isSummarySupported', 'true');
+}
+
+export function setSummaryInputs(inputs: Inputs) {
+  const res = {};
+  for (const key of Object.keys(inputs)) {
+    if (key === 'github-token') {
+      continue;
+    }
+    const value: string | string[] | boolean = inputs[key];
+    if (typeof value === 'boolean' && !value) {
+      continue;
+    } else if (Array.isArray(value) && value.length === 0) {
+      continue;
+    } else if (!value) {
+      continue;
+    }
+    res[key] = value;
+  }
+  core.saveState('summaryInputs', JSON.stringify(res));
+}

subaction/list-targets/README.md

@@ -0,0 +1,86 @@
+> [!WARNING]
+> `docker/bake-action/subaction/list-targets` is deprecated and will be removed
+> in a future release. Please use [`docker/bake-action/subaction/matrix`](../matrix)
+> instead.
+
+## About
+
+This subaction generates a list of Bake targets that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix),
+so you can distribute your builds across multiple runners.
+
+![Screenshot](../../.github/subaction-list-targets.png)
+
+___
+
+* [Usage](#usage)
+* [Customizing](#customizing)
+  * [inputs](#inputs)
+  * [outputs](#outputs)
+
+## Usage
+
+```hcl
+# docker-bake.hcl
+group "validate" {
+  targets = ["lint", "doctoc"]
+}
+
+target "lint" {
+  target = "lint"
+}
+
+target "doctoc" {
+  target = "doctoc"
+}
+```
+
+```yaml
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.generate.outputs.targets }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: List targets
+        id: generate
+        uses: docker/bake-action/subaction/list-targets@v6
+        with:
+          target: validate
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
+      -
+        name: Validate
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
+```
+
+## Customizing
+
+### inputs
+
+| Name         | Type        | Description                                                                                                                                 |
+|--------------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------|
+| `workdir`    | String      | Working directory to use (defaults to `.`)                                                                                                  |
+| `files`      | List/CSV    | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/)                                              |
+| `target`     | String      | The target to use within the bake file                                                                                                      |
+
+### outputs
+
+The following outputs are available
+
+| Name       | Type     | Description               |
+|------------|----------|---------------------------|
+| `targets`  | List/CSV | List of extracted targets |

subaction/list-targets/action.yml

@@ -0,0 +1,72 @@
+# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
+name: 'List Bake targets'
+description: 'Generate a list of Bake targets to help distributing builds in your workflow'
+
+inputs:
+  workdir:
+    description: Working directory
+    default: '.'
+    required: false
+  files:
+    description: Comma separated list of Bake files
+    required: false
+  target:
+    description: Bake target
+    required: false
+
+outputs:
+  targets:
+    description: List of targets
+    value: ${{ steps.generate.outputs.targets }}
+
+runs:
+  using: composite
+  steps:
+    -
+      name: Generate
+      id: generate
+      uses: actions/github-script@v7
+      env:
+        INPUT_WORKDIR: ${{ inputs.workdir }}
+        INPUT_FILES: ${{ inputs.files }}
+        INPUT_TARGET: ${{ inputs.target }}
+      with:
+        script: |
+          core.warning(`docker/bake-action/subaction/list-targets is deprecated and will be removed in a future release. Please use docker/bake-action/subaction/matrix instead.`);
+
+          function getInputList(name) {
+            return core.getInput(name) ? core.getInput(name).split(/[\r?\n,]+/).filter(x => x !== '') : [];
+          }
+
+          const workdir = core.getInput('workdir');
+          const files = getInputList('files');
+          const target = core.getInput('target');
+
+          let def = {};
+          await core.group(`Validating definition`, async () => {
+            let args = ['buildx', 'bake'];
+            for (const file of files) {
+              args.push('--file', file);
+            }
+            if (target) {
+              args.push(target);
+            }
+            args.push('--print');
+
+            const res = await exec.getExecOutput('docker', args, {
+              ignoreReturnCode: true,
+              silent: true,
+              cwd: workdir
+            });
+            if (res.stderr.length > 0 && res.exitCode != 0) {
+              throw new Error(res.stderr);
+            }
+            def = JSON.parse(res.stdout.trim());
+            core.info(JSON.stringify(def, null, 2));
+          });
+
+          await core.group(`Set output`, async () => {
+            const targets = Object.keys(def.target);
+            core.info(`targets: ${JSON.stringify(targets)}`);
+            core.setOutput('targets', JSON.stringify(targets));
+          });

subaction/matrix/README.md

@@ -0,0 +1,140 @@
+## About
+
+This subaction generates a multi-dimension matrix that can be used in a [GitHub matrix](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix)
+through the [`include` property](https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow#expanding-or-adding-matrix-configurations)
+so you can distribute your builds across multiple runners.
+
+![Screenshot](../../.github/subaction-matrix.png)
+
+___
+
+* [Usage](#usage)
+* [Customizing](#customizing)
+  * [inputs](#inputs)
+  * [outputs](#outputs)
+
+## Usage
+
+### List targets
+
+```hcl
+# docker-bake.hcl
+group "validate" {
+  targets = ["lint", "doctoc"]
+}
+
+target "lint" {
+  target = "lint"
+}
+
+target "doctoc" {
+  target = "doctoc"
+}
+```
+
+```yaml
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.generate.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Generate matrix
+        id: generate
+        uses: docker/bake-action/subaction/matrix@v6
+        with:
+          target: validate
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
+    steps:
+      -
+        name: Validate
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
+```
+
+### Platforms split
+
+```hcl
+# docker-bake.hcl
+target "lint" {
+  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
+  output = ["type=cacheonly"]
+  platforms = [
+    "darwin/amd64",
+    "darwin/arm64",
+    "linux/amd64",
+    "linux/arm64",
+    "linux/s390x",
+    "linux/ppc64le",
+    "linux/riscv64",
+    "windows/amd64",
+    "windows/arm64"
+  ]
+}
+```
+
+```yaml
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.generate.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Generate matrix
+        id: generate
+        uses: docker/bake-action/subaction/matrix@v6
+        with:
+          target: lint
+          fields: platforms
+
+  lint:
+    runs-on: ${{ startsWith(matrix.platforms, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
+    steps:
+      -
+        name: Lint
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
+          set: |
+            *.platform=${{ matrix.platforms }}
+```
+
+## Customizing
+
+### inputs
+
+| Name      | Type     | Description                                                                                    |
+|-----------|----------|------------------------------------------------------------------------------------------------|
+| `workdir` | String   | Working directory to use (defaults to `.`)                                                     |
+| `files`   | List/CSV | List of [bake definition files](https://docs.docker.com/build/customize/bake/file-definition/) |
+| `target`  | String   | The target to use within the bake file                                                         |
+| `fields`  | String   | List of extra fields to include in the matrix                                                  |
+
+### outputs
+
+| Name     | Type | Description          |
+|----------|------|----------------------|
+| `matrix` | JSON | Matrix configuration |

subaction/matrix/action.yml

@@ -0,0 +1,101 @@
+# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
+name: 'Matrix'
+description: 'Generate a matrix from a Bake definition to help distributing builds in your workflow'
+
+inputs:
+  workdir:
+    description: Working directory
+    default: '.'
+    required: false
+  files:
+    description: List of Bake files
+    required: false
+  target:
+    description: Bake target
+    required: false
+  fields:
+    description: List of extra fields to include in the matrix
+    required: false
+
+outputs:
+  matrix:
+    description: Matrix configuration
+    value: ${{ steps.generate.outputs.includes }}
+
+runs:
+  using: composite
+  steps:
+    -
+      name: Generate
+      id: generate
+      uses: actions/github-script@v7
+      env:
+        INPUT_WORKDIR: ${{ inputs.workdir }}
+        INPUT_FILES: ${{ inputs.files }}
+        INPUT_TARGET: ${{ inputs.target }}
+        INPUT_FIELDS: ${{ inputs.fields }}
+      with:
+        script: |
+          function getInputList(name) {
+            return core.getInput(name) ? core.getInput(name).split(/[\r?\n,]+/).filter(x => x !== '') : [];
+          }
+
+          const workdir = core.getInput('workdir');
+          const files = getInputList('files');
+          const target = core.getInput('target');
+          const fields = getInputList('fields');
+
+          let def = {};
+          await core.group(`Parsing definition`, async () => {
+            let args = ['buildx', 'bake'];
+            for (const file of files) {
+              args.push('--file', file);
+            }
+            if (target) {
+              args.push(target);
+            }
+            args.push('--print');
+            const res = await exec.getExecOutput('docker', args, {
+              ignoreReturnCode: true,
+              silent: true,
+              cwd: workdir
+            });
+            if (res.stderr.length > 0 && res.exitCode != 0) {
+              throw new Error(res.stderr);
+            }
+            def = JSON.parse(res.stdout.trim());
+            core.info(JSON.stringify(def, null, 2));
+          });
+
+          await core.group(`Generating matrix`, async () => {
+            const result = [];
+            for (const targetName of Object.keys(def.target)) {
+              const target = def.target[targetName];
+              const entry = { target: targetName };
+              if (fields.length === 0) {
+                result.push({ ...entry });
+                continue;
+              }
+              let fieldFound = false;
+              Object.keys(target).forEach(field => {
+                if (fields.includes(field)) {
+                  fieldFound = true;
+                  const value = target[field];
+                  if (Array.isArray(value)) {
+                    value.forEach((v) => {
+                      entry[field] = v;
+                      result.push({ ...entry });
+                    });
+                  } else {
+                    entry[field] = value;
+                    result.push({ ...entry });
+                  }
+                }
+              });
+              if (!fieldFound) {
+                result.push({ ...entry });
+              }
+            }
+            core.info(JSON.stringify(result, null, 2));
+            core.setOutput('includes', JSON.stringify(result));
+          });

test/config.hcl

@@ -37,3 +37,13 @@ target "app-plus" {
     IAMPLUS = "true"
   }
 }
+
+target "app-proxy" {
+  inherits = ["app"]
+  dockerfile = "proxy.Dockerfile"
+}
+
+target "app-entitlements" {
+  inherits = ["app"]
+  entitlements = ["network.host"]
+}

test/go/Dockerfile

@@ -0,0 +1,19 @@
+# syntax=docker/dockerfile:1
+
+FROM golang:alpine AS base
+ENV CGO_ENABLED=0
+RUN apk add --no-cache file git
+WORKDIR /src
+
+FROM base AS build
+RUN --mount=type=bind,target=/src \
+    --mount=type=cache,target=/root/.cache/go-build \
+    go build -ldflags "-s -w" -o /usr/bin/app .
+
+FROM scratch AS binary
+COPY --from=build /usr/bin/app /bin/app
+
+FROM alpine AS image
+COPY --from=build /usr/bin/app /bin/app
+EXPOSE 8080
+ENTRYPOINT ["/bin/app"]

test/go/docker-bake.hcl

@@ -0,0 +1,17 @@
+variable "DESTDIR" {
+  default = "/tmp/bake-build"
+}
+
+group "default" {
+  targets = ["binary"]
+}
+
+target "binary" {
+  target = "binary"
+  output = [DESTDIR]
+}
+
+target "image" {
+  target = "image"
+  tags = ["localhost:5000/name/app:latest"]
+}

test/go/go.mod

@@ -0,0 +1,3 @@
+module github.com/docker/bake-action/test/go
+
+go 1.18

test/go/main.go

@@ -0,0 +1,14 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+)
+
+func main() {
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "Hello, Go!")
+	})
+	log.Fatal(http.ListenAndServe(":8080", nil))
+}

test/group-matrix/docker-bake.hcl

@@ -0,0 +1,31 @@
+group "validate" {
+  targets = ["lint", "validate-vendor", "validate-doctoc"]
+}
+
+target "lint" {
+  name = "lint-${buildtags.name}"
+  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
+  target = buildtags.target
+  output = ["type=cacheonly"]
+  matrix = {
+    buildtags = [
+      { name = "default", tags = "", target = "golangci-lint" },
+      { name = "labs", tags = "dfrunsecurity dfparents", target = "golangci-lint" },
+      { name = "nydus", tags = "nydus", target = "golangci-lint" },
+      { name = "yaml", tags = "", target = "yamllint" },
+      { name = "proto", tags = "", target = "protolint" },
+    ]
+  }
+}
+
+target "validate-vendor" {
+  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "validate-doctoc" {
+  dockerfile = "./hack/dockerfiles/doctoc.Dockerfile"
+  target = "validate-toc"
+  output = ["type=cacheonly"]
+}

test/group-with-platform/docker-bake.hcl

@@ -0,0 +1,36 @@
+group "validate" {
+  targets = ["lint", "lint-gopls", "validate-vendor", "validate-docs"]
+}
+
+target "lint" {
+  dockerfile = "./hack/dockerfiles/lint.Dockerfile"
+  output = ["type=cacheonly"]
+  platforms = [
+    "darwin/amd64",
+    "darwin/arm64",
+    "linux/amd64",
+    "linux/arm64",
+    "linux/s390x",
+    "linux/ppc64le",
+    "linux/riscv64",
+    "windows/amd64",
+    "windows/arm64"
+  ]
+}
+
+target "lint-gopls" {
+  inherits = ["lint"]
+  target = "gopls-analyze"
+}
+
+target "validate-vendor" {
+  dockerfile = "./hack/dockerfiles/vendor.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "validate-docs" {
+  dockerfile = "./hack/dockerfiles/docs.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}

test/group/Dockerfile

@@ -0,0 +1,7 @@
+# syntax=docker/dockerfile:1
+
+FROM busybox AS t1
+RUN echo "Hello t1"
+
+FROM busybox AS t2
+RUN echo "Hello t2"

test/group/docker-bake.hcl

@@ -0,0 +1,11 @@
+group "default" {
+  targets = ["t1", "t2"]
+}
+
+target "t1" {
+  target = "t1"
+}
+
+target "t2" {
+  target = "t2"
+}

test/lint-other.Dockerfile

@@ -0,0 +1,10 @@
+frOM busybox as base
+cOpy lint-other.Dockerfile .
+
+froM busybox aS notused
+COPY lint-other.Dockerfile .
+
+from scratch
+COPy --from=base \
+  /lint-other.Dockerfile \
+  /

test/lint.Dockerfile

@@ -0,0 +1,12 @@
+frOM busybox as base
+cOpy lint.Dockerfile .
+
+from scratch
+MAINTAINER moby@example.com
+COPy --from=base \
+  /lint.Dockerfile \
+  /
+
+CMD [ "echo", "Hello, Norway!" ]
+CMD [ "echo", "Hello, Sweden!" ]
+ENTRYPOINT my-program start

test/lint.hcl

@@ -0,0 +1,12 @@
+group "default" {
+  targets = ["lint", "lint-other", "lint-inline"]
+}
+target "lint" {
+  dockerfile = "lint.Dockerfile"
+}
+target "lint-other" {
+  dockerfile = "lint-other.Dockerfile"
+}
+target "lint-inline" {
+  dockerfile-inline = "FRoM alpine\nENTRYPOINT [\"echo\", \"hello\"]"
+}

test/multi-files/docker-bake.hcl

@@ -0,0 +1,15 @@
+group "default" {
+  targets = ["t3"]
+}
+
+target "t3" {
+  name = "${item.tag}"
+  matrix = {
+    item = t3
+  }
+  args = {
+    VERSION = "${item.version}"
+    DUMMY_ARG = "${item.arg}"
+  }
+  tags = ["${item.tag}"]
+}

test/multi-files/docker-bake.json

@@ -0,0 +1,14 @@
+{
+  "t3": [
+    {
+      "version": "v1",
+      "arg": "v1-value",
+      "tag": "v1-tag"
+    },
+    {
+      "version": "v2",
+      "arg": "v2-value",
+      "tag": "v2-tag"
+    }
+  ]
+}

test/proxy.Dockerfile

@@ -0,0 +1,9 @@
+# syntax=docker/dockerfile:1
+FROM alpine
+RUN apk add --no-cache curl net-tools
+ARG HTTP_PROXY
+ARG HTTPS_PROXY
+RUN printenv HTTP_PROXY
+RUN printenv HTTPS_PROXY
+RUN netstat -aptn
+RUN curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy $HTTP_PROXY -v --insecure --head https://www.google.com

tsconfig.json

@@ -1,21 +1,22 @@
 {
   "compilerOptions": {
+    "esModuleInterop": true,
     "target": "es6",
     "module": "commonjs",
-    "lib": [
-      "es6",
-      "dom"
-    ],
+    "strict": true,
     "newLine": "lf",
     "outDir": "./lib",
     "rootDir": "./src",
-    "strict": true,
+    "forceConsistentCasingInFileNames": true,
     "noImplicitAny": false,
-    "esModuleInterop": true,
-    "sourceMap": true
+    "resolveJsonModule": true,
+    "useUnknownInCatchVariables": false,
   },
   "exclude": [
+    "./__mocks__/**/*",
+    "./__tests__/**/*",
+    "./lib/**/*",
     "node_modules",
-    "**/*.test.ts"
+    "jest.config.ts"
   ]
 }