dockerfile/1.2.0

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.2.0

Notable changes

• RUN --mount syntax for creating secret, ssh, bind, and cache mounts have been moved to mainline channel #1717

• Metadata load errors are now handled as fatal to avoid incorrect build results #1395

• ARG command now supports defining multiple build args on the same line similarly to ENV #1692

• --chown flag in ADD now allows parameter expansion #1473

• Allow lowercase Dockerfile name #1816

• ENTRYPOINT requires at least one argument to avoid creating broken images #1862

v0.8.0-rc3

Notable changes

• Fix possible panic in the previous RC builds #1825
• Fix storage leak regression on cancellation that could lead to certain cache mount locking up the builder #1838
• Dockerfile: Allow lowercase Dockerfile name for compatibility #1816

v0.8.0-rc2

Notable changes

• Fix corrupt helper binaries in non-x86s release images for rc1 #1810

• Change default Seccomp profile to the one provided by Docker #1807

v0.8.0-rc1

Welcome to the 0.8.0-rc1 release of buildkit!
This is a pre-release of buildkit

Notable Changes

• Builtin Dockerfile frontend defaults to v1.2.0 including support for RUN --mount among other features. Dockerfile changelog

• Gateway API now allows running interactive container processes that can mount previous build results #1627 #1731

• API: Build errors now contain state for debugging the failure location including the snapshots' data when the error happened #1732

• Image layers used by the build are now only pulled when their content is being used by subsequent build steps or exporter. BuildKit can now make cache decisions about the data while it remains in the remote registry. #1475

• Fetching authorization tokens has been moved to client-side (if the client supports it). Passwords do not leak into the build daemon anymore and users can see from build output when credentials or tokens are accessed. #1660

• Support stargz/eStargz for pulling image layers incrementally based on what files are accessed https://github.com/moby/buildkit/blob/master/docs/stargz-estargz.md #1402

• Buildkit can now build for multiple architectures with QEMU without binfmt_misc handlers loaded to the kernel. moby/buildkit image comes with the emulator images. #1516

• Build errors now track the error location in the original source files #1494

• Frontend API now supports subrequests for implementing supplementary tasks like describing build stages or arguments. #1724

• Connection errors while communicating with the registry for push and pull now trigger a retry #1791

• Git source now supports token authentication via build secrets #1533

• Building from git source now supports forwarding SSH socket for authentication #1782

• Allow passing secrets to the build with environmental variables #1534

• Increase registry communication performance and stability with custom connection pool and authenticator #1636

• Running commands do not leak empty stub files to image layers anymore (for example for mounted secrets) #1739

• Allow better handling client sessions dropping while it is being shared by multiple builds #1551

• Allow (and default to) using OCI mediatypes on exporting manifests for remote cache #1746

• Only add manifest descriptor annotations to OCI type manifests and not Docker manifests. This fixes an issue with GCR validation. #1730

• Avoid builds that generate excessive logs to cause a crash or slow down the build. Clipping is performed if needed. #1754

• Fix race on creating CNI sandboxes for containers #1775

• Execution steps now allow overriding the hostname for the build container #1339

• Always use correct mediatypes on exporting objects, not considering the object's original mediatype #1541

• Content-based checksums are now calculated in parallel for the build step with multiple mounts #1744

• Reenable setting insecure-registry config while exporting to a registry #1601

• Fix synchronization issues on pushing multi-platform images that share layers #1548

• Cache load errors are now handled gracefully #1498

• Disable truncating by default when using --progress=plain #1435

• Official image moby/buildkit now contains pigz for better extraction performance #1799

• Support for exposing SSH agent socket on Windows has been improved #1695

• LLB client library now supports using asynchronous callbacks when building the LLB graph #1426

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Cory Bennett
• Paul "TBBle" Hampson
• Sebastiaan van Stijn
• Edgar Lee
• Tibor Vass
• Erik Sipsma
• Kohei Tokunaga
• Alex Couture-Beil
• Vlad A. Ionescu
• Lu Jingxiao
• Simon Ferquel
• Anders F Björklund
• Andrea Luzzardi
• Andrey Smirnov
• Anurag Goel
• Chanhun Jeong
• Chen Bin
• Ilya Dmitrichenko
• Jon Zeolla
• Jonathan Azoff
• Jörg Franke
• Kees Cook
• Miguel Ángel Jimeno
• Nick Santos
• Sam Whited
• Shingo Omura
• Wang Yumu
• Wei Fu
• Xiaofan Zhang
• Ximo Guanter
• 岁丰

dockerfile/1.2.0-rc1-labs

Usage

# syntax=docker/dockerfile-upstream:1.2.0-rc1-labs

Notable changes

• Experimental channel has been renamed to labs #1805

dockerfile/1.2.0-rc1

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.2.0-rc1

Notable changes

• RUN --mount syntax for creating secret, ssh, bind, and cache mounts have been moved to mainline channel #1717

• Metadata load errors are now handled as fatal to avoid incorrect build results #1395

• ARG command now supports defining multiple build args on the same line similarly to ENV #1692

• --chown flag in ADD now allows parameter expansion #1473

v0.7.2

Fixes:

• solver: gracefully handle cache loading errors #1498
• remotecache: only visit each item once when walking results #1577
• cache: avoid possible nil dereference on error handling #1511
• contenthash: allow security.capability in cache checksum #1526
• contenthash: treat unix sockets as regular files #1581
• push: fix race condition on pushing the same layers in parallel #1548
• inline cache: fix handling of duplicate blobs in same image #1568
• gateway: fix metadata getting lost on subsolve in external frontend #1449
• filesync: avoid ignoring close error #1478
• runc: update runc binary to v1.0.0-rc91 #1553
• buildctl-daemonless: allow max retries on socket connect for buildctl #1493
• buildctl-daemonless: fix shell args expansion #1504
• buildctl-daemonless: show log on startup timeout #1565

v0.7.1

Fixes:

• git: use --force flag on fetch #1416
• tar exporter: handle symlinks properly #1418
• resolver: disable http2 for pushing #1420

dockerfile/1.1.7

Fixes:

• dockerfile: forward FrontendInputs to the gateway #1415

v0.7.0

Images

https://hub.docker.com/r/moby/buildkit/tags/

• docker.io/moby/buildkit:v0.7.0
  sha256:68f03dba7fe0fa40d43ce62bc292ae42a11efe4f2dee64c196e1ff266a5ea507

• docker.io/moby/buildkit:v0.7.0-rootless
  sha256:6e7687bc3409812f7e6c6cee87166a0df376ca172e7a24e7f1d477ab1b3116b3

Important

• This release breaks compatibility with containerd 1.2 when containerd worker is used. This is to support the lease based resource tracking in containerd 1.3. Note that default configurations of buildkit use the OCI worker and are not affected. If you use containerd worker make sure to upgrade to containerd 1.3 . #1176

• This release migrates the internal state files used for resource tracking to containerd leases on the first start and doesn't support downgrades back to v0.6.0 . #1176

• Solve requests made from frontends or gateway API are now nonblocking and return a promise of a result. The change should be functionally invisible to old frontends but may change the timing of different requests #1356

Notable Changes

• LLB: Previous solve results can now be reused in new requests #1286

• Allow frontends to take LLB states or previous results as inputs #1361

• Support for insecure TLS registries and custom TLS config #1397 #1410

• Support for fallbacks to origin server when mirror doesn't have requested repository #1397

• Resource tracking has been moved to new containerd leases API from previously used root labels, fixing possible races. #1176

• Support for cross-repo pushes for images and remote cache #1147

• SSH sockets do not hold FD open until the end of the build #1150

• Handle missing Etags in http responses #1159

• LLB FileOp now supports wildcards #1233

• Support for choosing compression for layer data #1277

• Rootless mode supports fuse-overlayfs snapshotter #1384

• Updates to supported platforms (eg. enabling binfmt) do not require BuildKit restart anymore #1381

• Insecure security mode now supports access to common devices like fuse and loopback #1351

• Rootless mode is now out of experimental #1400

• Many bugfixes

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Edgar Lee
• Tibor Vass
• Andy Caldwell
• Paul "TBBle" Hampson
• Nikhil Pandeti
• Sebastiaan van Stijn
• Sam Whited
• Wei Fu
• Derek McGowan
• Jeffrey Huang
• Robert Estelle
• Tomohiro Kusumoto
• Troels Liebe Bentsen
• Zach Badgett
• Anca Iordache
• ChaosGramer
• Cory Bennett
• Darren Shepherd
• HowJMay
• Michael Crosby
• Oliver Bristow
• Pablo Chico de Guzman
• Pratik Raj
• Lu Jingxiao
• 岁丰