starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-26 01:15:51 +03:00

buildkit from 0.10.6 to 0.11.0 #2005

New issue

Closed

opened 2026-03-01 21:53:37 +03:00 by kerem · 0 comments

kerem commented

2026-03-01 21:53:37 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/nektos/act/pull/1563
Author: @dependabot[bot]
Created: 1/16/2023
Status: ✅ Merged
Merged: 1/16/2023
Merged by: @mergify[bot]

Base: master ← Head: dependabot/go_modules/github.com/moby/buildkit-0.11.0

📝 Commits (4)

2a99745 build(deps): bump github.com/moby/buildkit from 0.10.6 to 0.11.0
50758f1 chore: use new patternmatcher.Matches
8fbc9b5 Merge branch 'master' into dependabot/go_modules/github.com/moby/buildkit-0.11.0
625b9f5 Merge branch 'master' into dependabot/go_modules/github.com/moby/buildkit-0.11.0

📊 Changes

3 files changed (+64 additions, -959 deletions)

View changed files

📝 go.mod (+19 -21)
📝 go.sum (+42 -935)
📝 pkg/container/docker_build.go (+3 -3)

📄 Description

Bumps github.com/moby/buildkit from 0.10.6 to 0.11.0.

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.11.0

Welcome to the 0.11.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

Builtin Dockerfile frontend has been updated to v1.5.0 https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0

BuildKit and compatible frontends can now produce SBOM (Software Bill of Materials) attestations for the build results to show the dependencies of the build. These attestations can be added to images and locally exported files. Using Dockerfiles, SBOM information can be configured to be produced also based on files in intermediate build stages or build context, or run processes that manually define the SBOM dependencies. When exporting an image, layer mapping is also produced that allows tracing a SBOM package to a specific build step. #3258 #3290 #3249 #2983 #3358 #3312 #3407 #3408 #3410 #3414 #3422 Read documentation

BuildKit can now produce a Provenance attestation for the build result in SLSA format. Provenance attestations describe how a build was produced, and what sources/parameters were used. In addition to fields part of the SLSA specification, Buildkit's provenance also exports BuildKit-specific metadata like LLB steps with their source- and layer mapping. Provenance attestation will capture all the build sources visible to BuildKit, for example, not only the Git repository where the project's source is coming from but also the digests of all the container images used during the build. #3240 #3428 #3428 #3462 Read documentation

BuildKit now supports reproducible builds by setting SOURCE_DATE_EPOCH build argument or source-date-epoch exporter attribute. This deterministic date will be used in image metadata instead of the current time. #2918 #3262 #3152 Read documentation

OCI annotations can now be set to build results exported as images or OCI layouts. Annotations can be set on both image manifests and indexes, as well as descriptors to them. #3283 #3061 #2975 #2879 Read documentation

New Build History API allows listening to events about builds starting and completing, and streaming progress of active builds. New commands buildctl debug monitor, buildctl debug logs and buildctl debug get have been added to use this API. Build records also keep OpenTelemetry traces, provenance attestations, and image manifests if they were created by the build. #3294 #3339 #3440

Build results exported with image, local or tar exporters now support attestations. In addition to builtin SBOM and Provenance attestations, frontends can produce custom attestations in in-toto format #3197 #3070 #3129 #3073 #3063 #2935 #3289 #3389 #3321 #3342 #3461 Read documentation

New Source type oci-layout:// allows builds to import images from OCI directory structure on the client side. This allows using local versions of the image. #3112 #3300 #3122 #3034 #2971 #2827 #3397

Build requests now support sending a Source policy definition. A policy can be used to deny access to specific sources (e.g. images or URLs) or only allow access to specific image namespaces. Policies can also be used to modify sources when they are requested by the build, for example, pin a tag requested by the build to a specific digest even if it has already changed in the registry. #3332

New remote cache backend: Azure Blob Storage #3010

New remote cache backend: S3 #2824 #3065

BuildKit now supports Nydus compression type #2581

OCI exporter now supports attribute tar=false to export OCI layout into a directory instead of downloading a tarball. #3162

Setting multiple cache exporters for a single build is now supported #3024 #3271

Cache exporters can now be configured to ignore exporting errors #3430

Remote cache import/export to client-side local files now supports tag parameter for scoping cache #3111

CNI network namespaces are now provisioned from a pool for increased performance #3107

New Info service has been added to control API for asking BuildKit daemon's version #2725

Gateway API now has a new Evaluate method to control the lazy solve behavior #3137

Allow mounting secrets with empty contents #3081

New RemoveMountStubsRecursive option has been added to LLB ExecOp to control the cleanup behavior of mounts. By default, empty mount stubs are now cleaned up recursively in new frontends. #3314

... (truncated)

Commits

830288a Merge pull request #3483 from tonistiigi/v0.11-grpc-path-err
c5143c0 [v0.11] make tracing socket forward error non-fatal
96a7478 Merge pull request #3481 from tonistiigi/v0.11-picks-2
fe02a41 azblob_test: pin busybox to avoid "Illegal instruction" error
b2f4b2c github: update CI to buildkit version
b3bc97c exporter: ensure spdx order prioritizes primary sbom
d83d496 Merge pull request #3463 from tonistiigi/v0.11-picks
4cbc411 testutil: pin busybox and alpine used in releases
09a94ed exporter: allow configuring inline attestations for image exporters
0901e93 exporter: force enabling inline attestations for image export
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/nektos/act/pull/1563 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 1/16/2023 **Status:** ✅ Merged **Merged:** 1/16/2023 **Merged by:** [@mergify[bot]](https://github.com/apps/mergify) **Base:** `master` ← **Head:** `dependabot/go_modules/github.com/moby/buildkit-0.11.0` --- ### 📝 Commits (4) - [`2a99745`](https://github.com/nektos/act/commit/2a99745d66f3cc79d6f7dd9f8f698c1e7fae52bc) build(deps): bump github.com/moby/buildkit from 0.10.6 to 0.11.0 - [`50758f1`](https://github.com/nektos/act/commit/50758f19d244c3f818690a9172541fea6b28d69f) chore: use new patternmatcher.Matches - [`8fbc9b5`](https://github.com/nektos/act/commit/8fbc9b52cbbcaf7e84385a967b503f4e3bf26c34) Merge branch 'master' into dependabot/go_modules/github.com/moby/buildkit-0.11.0 - [`625b9f5`](https://github.com/nektos/act/commit/625b9f55f9fd77981417fad15ccf3f9c22a00a17) Merge branch 'master' into dependabot/go_modules/github.com/moby/buildkit-0.11.0 ### 📊 Changes **3 files changed** (+64 additions, -959 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+19 -21) 📝 `go.sum` (+42 -935) 📝 `pkg/container/docker_build.go` (+3 -3) </details> ### 📄 Description Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.10.6 to 0.11.0. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/moby/buildkit/releases">github.com/moby/buildkit's releases</a>. <blockquote> <h2>v0.11.0</h2> Welcome to the 0.11.0 release of buildkit! Please try out the release binaries and report any issues at <a href="https://github.com/moby/buildkit/issues">https://github.com/moby/buildkit/issues</a>. <h3>Notable Changes</h3> <ul> <li> Builtin Dockerfile frontend has been updated to v1.5.0 <a href="https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0">https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.5.0</a> </li> <li> BuildKit and compatible frontends can now produce SBOM (Software Bill of Materials) attestations for the build results to show the dependencies of the build. These attestations can be added to images and locally exported files. Using Dockerfiles, SBOM information can be configured to be produced also based on files in intermediate build stages or build context, or run processes that manually define the SBOM dependencies. When exporting an image, layer mapping is also produced that allows tracing a SBOM package to a specific build step. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3258">#3258</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3290">#3290</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3249">#3249</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2983">#2983</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3358">#3358</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3312">#3312</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3407">#3407</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3408">#3408</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3410">#3410</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3414">#3414</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3422">#3422</a> <a href="https://github.com/moby/buildkit/blob/v0.11.0/docs/attestations/sbom.md">Read documentation</a> </li> <li> BuildKit can now produce a Provenance attestation for the build result in <a href="https://slsa.dev/provenance/v0.2">SLSA</a> format. Provenance attestations describe how a build was produced, and what sources/parameters were used. In addition to fields part of the SLSA specification, Buildkit's provenance also exports BuildKit-specific metadata like LLB steps with their source- and layer mapping. Provenance attestation will capture all the build sources visible to BuildKit, for example, not only the Git repository where the project's source is coming from but also the digests of all the container images used during the build. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3240">#3240</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3428">#3428</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3428">#3428</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3462">#3462</a> <a href="https://github.com/moby/buildkit/blob/v0.11.0/docs/attestations/slsa-definitions.md">Read documentation</a> </li> <li> BuildKit now supports reproducible builds by setting <code>SOURCE_DATE_EPOCH</code> build argument or <code>source-date-epoch</code> exporter attribute. This deterministic date will be used in image metadata instead of the current time. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2918">#2918</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3262">#3262</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3152">#3152</a> <a href="https://github.com/moby/buildkit/blob/918b19a77f985676ffa2390e14dc0c001fd70f0c/docs/build-repro.md#source_date_epoch">Read documentation</a> </li> <li> OCI annotations can now be set to build results exported as images or OCI layouts. Annotations can be set on both image manifests and indexes, as well as descriptors to them. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3283">#3283</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3061">#3061</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2975">#2975</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2879">#2879</a> <a href="https://github.com/moby/buildkit/blob/v0.11.0/docs/annotations.md">Read documentation</a> </li> <li> New Build History API allows listening to events about builds starting and completing, and streaming progress of active builds. New commands <code>buildctl debug monitor</code>, <code>buildctl debug logs</code> and <code>buildctl debug get</code> have been added to use this API. Build records also keep OpenTelemetry traces, provenance attestations, and image manifests if they were created by the build. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3294">#3294</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3339">#3339</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3440">#3440</a> </li> <li> Build results exported with image, local or tar exporters now support attestations. In addition to builtin SBOM and Provenance attestations, frontends can produce custom attestations in in-toto format <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3197">#3197</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3070">#3070</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3129">#3129</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3073">#3073</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3063">#3063</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2935">#2935</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3289">#3289</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3389">#3389</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3321">#3321</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3342">#3342</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3461">#3461</a> <a href="https://github.com/moby/buildkit/blob/v0.11.0/docs/attestations/attestation-storage.md">Read documentation</a> </li> <li> New Source type <code>oci-layout://</code> allows builds to import images from OCI directory structure on the client side. This allows using local versions of the image. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3112">#3112</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3300">#3300</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3122">#3122</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3034">#3034</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2971">#2971</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2827">#2827</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3397">#3397</a> </li> <li> Build requests now support sending a Source policy definition. A policy can be used to deny access to specific sources (e.g. images or URLs) or only allow access to specific image namespaces. Policies can also be used to modify sources when they are requested by the build, for example, pin a tag requested by the build to a specific digest even if it has already changed in the registry. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3332">#3332</a> </li> <li> New remote cache backend: Azure Blob Storage <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3010">#3010</a> </li> <li> New remote cache backend: S3 <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2824">#2824</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3065">#3065</a> </li> <li> BuildKit now supports Nydus compression type <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2581">#2581</a> </li> <li> OCI exporter now supports attribute <code>tar=false</code> to export OCI layout into a directory instead of downloading a tarball. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3162">#3162</a> </li> <li> Setting multiple cache exporters for a single build is now supported <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3024">#3024</a> <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3271">#3271</a> </li> <li> Cache exporters can now be configured to ignore exporting errors <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3430">#3430</a> </li> <li> Remote cache import/export to client-side local files now supports tag parameter for scoping cache <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3111">#3111</a> </li> <li> CNI network namespaces are now provisioned from a pool for increased performance <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3107">#3107</a> </li> <li> New Info service has been added to control API for asking BuildKit daemon's version <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/2725">#2725</a> </li> <li> Gateway API now has a new <code>Evaluate</code> method to control the lazy solve behavior <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3137">#3137</a> </li> <li> Allow mounting secrets with empty contents <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3081">#3081</a> </li> <li> New RemoveMountStubsRecursive option has been added to LLB ExecOp to control the cleanup behavior of mounts. By default, empty mount stubs are now cleaned up recursively in new frontends. <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3314">#3314</a> </li> </ul>  </blockquote> ... (truncated) </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/buildkit/commit/830288a71f447b46ad44ad5f7bd45148ec450d44"><code>830288a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3483">#3483</a> from tonistiigi/v0.11-grpc-path-err</li> <li><a href="https://github.com/moby/buildkit/commit/c5143c000ba7fdd66eb66a515b973fb3800ab602"><code>c5143c0</code></a> [v0.11] make tracing socket forward error non-fatal</li> <li><a href="https://github.com/moby/buildkit/commit/96a747895a0d82d2d95348b0c7e2f7cd97147ac0"><code>96a7478</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3481">#3481</a> from tonistiigi/v0.11-picks-2</li> <li><a href="https://github.com/moby/buildkit/commit/fe02a41fb89c6b5bf79ee50ba9305e546b144ee6"><code>fe02a41</code></a> azblob_test: pin busybox to avoid "Illegal instruction" error</li> <li><a href="https://github.com/moby/buildkit/commit/b2f4b2c6e52434d418f028fd612763c93871e43f"><code>b2f4b2c</code></a> github: update CI to buildkit version</li> <li><a href="https://github.com/moby/buildkit/commit/b3bc97c3b9cae913eb004c5b2746b436d17ef2bf"><code>b3bc97c</code></a> exporter: ensure spdx order prioritizes primary sbom</li> <li><a href="https://github.com/moby/buildkit/commit/d83d496f44069c78c65747aae520e54fe0785deb"><code>d83d496</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/moby/buildkit/issues/3463">#3463</a> from tonistiigi/v0.11-picks</li> <li><a href="https://github.com/moby/buildkit/commit/4cbc41174fceac32ab48748838b1932b232715f0"><code>4cbc411</code></a> testutil: pin busybox and alpine used in releases</li> <li><a href="https://github.com/moby/buildkit/commit/09a94ed8a7d1d945dd13bf08e9190597552ad44d"><code>09a94ed</code></a> exporter: allow configuring inline attestations for image exporters</li> <li><a href="https://github.com/moby/buildkit/commit/0901e9373d8a25bcfd1bcc0e83f336b11bd2d95d"><code>0901e93</code></a> exporter: force enabling inline attestations for image export</li> <li>Additional commits viewable in <a href="https://github.com/moby/buildkit/compare/v0.10.6...v0.11.0">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/moby/buildkit&package-manager=go_modules&previous-version=0.10.6&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- 🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

kerem

2026-03-01 21:53:37 +03:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#2005

No description provided.

Rows
Columns