v0.13.0-rc2

buildkit 0.13.0-rc2

Welcome to the 0.13.0-rc2 release of buildkit!
This is a pre-release of buildkit

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable changes since v0.13.0-rc1

• Default Dockerfile frontend has been updated to v1.7.0-rc1
• Windows release artifacts now also contain the buildkitd.exe binary #4670
• SOURCE_DATE_EPOCH in now not applied to the layer records of base image to keep them immutable #4663
• Build secrets can now avoid noexec mount restrictions if file mode set execution bit #4670
• Empty OnBuild value is now omitted from image config #4648
• Fix possible regression in RC1 when Windows client is transferring context files #4683
• Fixes for bridge networking on Rootless mode #4655

Dependency Changes

• github.com/containerd/continuity v0.4.2 -> v0.4.3
• github.com/containerd/nydus-snapshotter v0.13.1 -> v0.13.7
• github.com/containerd/stargz-snapshotter v0.14.3 -> v0.15.1
• github.com/containerd/stargz-snapshotter/estargz v0.14.3 -> v0.15.1
• github.com/hanwen/go-fuse/v2 v2.2.0 -> v2.4.0
• github.com/hashicorp/go-retryablehttp v0.7.2 -> v0.7.5
• github.com/moby/docker-image-spec v1.3.1 new
• github.com/prometheus/client_golang v1.16.0 -> v1.17.0
• github.com/prometheus/client_model v0.4.0 -> v0.5.0
• github.com/prometheus/common v0.42.0 -> v0.44.0
• github.com/prometheus/procfs v0.10.1 -> v0.12.0
• github.com/tonistiigi/fsutil f09800878302 -> 7a889f53dbf6
• github.com/urfave/cli v1.22.12 -> v1.22.14
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0 -> v0.46.1
• go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.45.0 -> v0.46.1
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 -> v0.46.1
• go.opentelemetry.io/otel v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/metric v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/sdk v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/sdk/metric v1.19.0 -> v1.21.0
• go.opentelemetry.io/otel/trace v1.19.0 -> v1.21.0
• google.golang.org/genproto 782d3b101e98 -> 49dd2c1f3d0b
• google.golang.org/genproto/googleapis/api 782d3b101e98 -> 49dd2c1f3d0b
• google.golang.org/genproto/googleapis/rpc 782d3b101e98 -> 49dd2c1f3d0b
• google.golang.org/grpc v1.58.3 -> v1.59.0

Previous release can be found at v0.13.0-rc1

dockerfile/1.7.0-rc1-labs

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.7.0-rc1-labs

Notable changes

• New --parents flag has been added to COPY for copying files while keeping the parent directory structure #4598 #3001

• New --exclude flag can be used in COPY and ADD commands to apply filter to copied files #4561

dockerfile/1.7.0-rc1

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.7.0-rc1

Notable changes

• Variable expansion now allows string substitutions and trimming #4427 #4287

• Named contexts with local sources now correctly transfer only the files used in the Dockerfile instead of the full source directory #4161

• Dockerfile now better validates the order of stages and returns nice errors with stacktraces if stages are in incorrect order #4568 #4567

• History commit messages now contain flags that were used with COPY/ADD steps #4597

• Progress messages for ADD commands from Git or HTTP sources have been improved #4408

v0.13.0-rc1

buildkit 0.13.0-rc1

Welcome to the 0.13.0-rc1 release of buildkit!
This is a pre-release of buildkit

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• Justin Chadwell
• CrazyMax
• Sebastiaan van Stijn
• Akihiro Suda
• Jonathan A. Sternberg
• Kohei Tokunaga
• David Karlsson
• Gabriel Adrian Samfira
• Chris Goller
• Erik Sipsma
• Jakub Ciolek
• Paul "TBBle" Hampson
• Anthony Nandaa
• Paweł Gronowski
• Adrien Delorme
• Artem Khramov
• Brian Goff
• Leandro Santiago
• Nguyễn Đức Chiến
• Aaron Lehmann
• Dan Duvall
• Mark Yen
• Milas Bowman
• Tristan Stenner
• Yan Song
• Ahmon Dancy
• Alex Couture-Beil
• Alex Suraci
• Arnaldo Garcia Rincon
• Austin Vazquez
• Bjorn Neergaard
• Brennan Kinney
• Bunyamin Dokmetas
• Burt Holzman
• Derek McGowan
• Erik McKelvey
• Frank Villaro-Dixon
• Grégoire Payen de La Garanderie
• Guilhem Charles
• James Carnegie
• Kazuyoshi Kato
• Reshen
• Tibor Vass
• Zhizhen He
• fanjiyun.fjy
• frankyang
• guangwu
• liulanzheng
• njucjc
• omahs
• retornam
• x893675
• yumemio
• 蝦米

Notable changes

• Experimental Windows Containers support is now available with containerd worker #3518 #3517 #4494 #4479 #4432 #4387 #4364

• Multiple exporters(outputs) can now be specified with a single build request #4134

• New option rewrite-timestamps is available when exporting images that with convert files in exported layers according to the epoch time for reproducible builds #4057

• There is a new bridge network mode --oci-worker-net=bridge that can be used to set up CNI bridge networking with no external dependencies for better network isolation of build containers. It is expected that v0.14.0 release will enable this network mode by default. #4352 #4650 #4539

• Gateway API has a new method ResolveSourceMeta that will replace the previous ResolveImageConfig method. The new method works with all LLB source types, not just images, and correctly handles policy conversions between sources. #4563 #4647

• When using host networking, local host DNS routes can also be used instead of the default #4524

• Changing cache mount's ID property does not invalidate cache for the build step anymore #4585

• Basic metrics support has been added via OpenTelemetry and Prometheus #4460

• Token cache is no longer shared between parallel push requests #3592

• Update insecure registry fallback logic to only fallback with previous host #4613

• GRPC socket for OpenTelemetry tracing now defaults to runtime directory path #4078 #4619

• LLB API now has new options to directly control how different mounts for container steps are cached #4624

• Cancellation and timeout errors should now contain better stacktraces on --debug mode #4587 #4457

• Edge case of empty multiplatform build result does not generate errors anymore #4526

• Prune command now avoids taking database lock for a long time if deletion takes too much time #4413

• Healthcheck service has been added to Control API #4145

• Buildctl has new quiet and rawjson progress mode #4213 #4113

• Buildctl has new --debug-json-cache-metrics debug option #4464

• Buildctl now supports --registry-auth-tlscontext flag for controlling the client authentication requests #4420 #4211

• Buildctl now propagates SOURCE_DATE_EPOCH to build arg automatically if it is defined #4231

• LLB client now allows exposing local sources via FS interface instead of local path #4094

• Ensure only one platform is pulled on resolving image config, even if multiple match #4311

• Rootless version supports new --detach-netns mode #4546

• Update default CNI config path for rootless mode to ~/.config/buildkit/cni.json #4547

• Ensure correct pinned commit is checked out if tags that have same path components #4473

• Exporting caches for results with no layers is now skipped in OCI structures #4336

• New debugging options have been added to the scheduler component #4410

• Improve error messages on StatFile requests #4321

• Daemon logs can now be exported in JSON format #4044

• Number of log lines per build step on TTY mode can now be configured with BUILDKIT_TTY_LOG_LINES #4284

• Fix possible "missing lease requirement" error on canceling one of parallel exports #4529

• Fixes for merging parallel build steps that generate the same cache keys #4559 #4285

• Fix processing result map in LLB API if the evaluate option is set to true #4544

• Fix hardlink issue with whiteout deletes in the merge snapshotter #4516

• Fix issue with caching multiple mounts originating from the same source #4270 #4281

• Fix possible panic condition on deleting history records #4451

• Fix issue where same source image layer chains could end up in the provenance attestation multiple times #4433

• Fix possible pull error caused by previous cache #4428

• Fix issues where session messages could grow bigger than maximum message size when transferring SBOM to client #4313

• Fix issue where specific build steps could drop progress messages #4347

• Fix possible wrong usage statitics in merged snapshotters #4389

• Fix possible storage leak for compression variants #4353

• Fix handling of certain SSH Git URLs #4326

• Fix possible missing blob error on mapping files to SBOM packages #4210

• Fix diffing layers when custom Gzip compression level is set #4275

• Fix possible panic with stargz snapshotter #4187

• Fix generation of cache checksums for Merge and Diff operations #4192

• Fix possible negative pull time in progressbar on parallel pulls #4183

• Fix handling of missing files in LLB File remove API #4051

Updates to builtin Dockerfile frontend

• COPY now support --parents flag for copying files while keeping the parent directory structure #4598 #3001

• Variable expansion now allows string substitutions and trimming #4427 #4287

• Named contexts with local sources now correctly transfer only the files used in the Dockerfile instead of the full source directory #4161

• Dockerfile now better validates the order of stages and returns nice errors with stacktraces if stages are in incorrect order #4568 #4567

• History commit messages now contain flags that were used with COPY/ADD steps #4597

Dependency Changes

• github.com/AdaLogics/go-fuzz-headers 43070de90fa1 -> ced1acdcaa24
• github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
• github.com/Microsoft/hcsshim v0.10.0-rc.8 -> v0.11.4
• github.com/aws/aws-sdk-go-v2 v1.17.6 -> v1.24.1
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 -> v1.5.4
• github.com/aws/aws-sdk-go-v2/config v1.18.16 -> v1.26.6
• github.com/aws/aws-sdk-go-v2/credentials v1.13.16 -> v1.16.16
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.24 -> v1.14.11
• github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.56 -> v1.15.15
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.30 -> v1.2.10
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.24 -> v2.5.10
• github.com/aws/aws-sdk-go-v2/internal/ini v1.3.31 -> v1.7.3
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.22 -> v1.2.10
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 -> v1.10.4
• github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.25 -> v1.2.10
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.24 -> v1.10.10
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.24 -> v1.16.10
• github.com/aws/aws-sdk-go-v2/service/s3 v1.30.6 -> v1.48.1
• github.com/aws/aws-sdk-go-v2/service/sso v1.12.5 -> v1.18.7
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.5 -> v1.21.7
• github.com/aws/aws-sdk-go-v2/service/sts v1.18.6 -> v1.26.7
• github.com/aws/smithy-go v1.13.5 -> v1.19.0
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/containerd/console v1.0.3 -> v1.0.4
• github.com/containerd/containerd v1.7.2 -> v1.7.13
• github.com/containerd/continuity v0.4.1 -> v0.4.2
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nydus-snapshotter v0.8.2 -> v0.13.1
• github.com/containernetworking/plugins v1.4.0 new
• github.com/distribution/reference v0.5.0 new
• github.com/docker/cli v24.0.4 -> v25.0.3
• github.com/docker/docker 8e51b8b59cb8 -> v25.0.3
• github.com/docker/docker-credential-helpers v0.7.0 -> v0.8.0
• github.com/docker/go-connections v0.4.0...

v0.13.0-beta3

v0.13.0-beta3

v0.12.5

https://hub.docker.com/r/moby/buildkit

Notable changes:

This release contains following security fixes:

• Runc has been updated to v1.1.12 addressing GHSA-xr7r-f8xq-vfvv

• Fix possible race condition with accessing subpaths from cache mounts GHSA-m3r6-h7wv-7xxv

• Fix possible host system access from mount stub cleaner GHSA-4v98-7qmw-rqr8

• Fix interactive containers API validation against entitlements GHSA-wr6v-9f75-vh2g

• Fix possible panic when incorrect parameters sent from frontend GHSA-9p26-698r-w4hx

v0.13.0-beta2

v0.13.0-beta2

v0.12.4

Welcome to the 0.12.4 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable changes

• Fix possible concurrent map access on remote cache export #4346
• Fix hang on debug server listener #4361
• Fix possible deadlock in History API under high number of parallel builds #4362
• Fix possible panic on handling deleted records in History API #4451
• Fix possible data corruption in zstd library #4372

v0.12.3

Welcome to the 0.12.3 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Notable changes

• Fix possible duplicate source files in provenance attestation for chained builds #4190
• Fix possible negative step time in progressbar for step shared with other build request #4183
• Fix properly closing history and cache DB on shutdown to avoid corruption #4185 #4189
• Fix incorrect error handling for invalid HTTP source URLs #4201
• Fix fallback cases for ambiguous insecure configuration provided for registry used as push target. #4299
• Fix possible data race with parallel image config resolves #4157
• Fix regression in v0.12 for clients waiting on buildkitd to become available #4200
• Fix Cgroup NS handling for hosts supporting only CgroupV1 #4308

v0.13.0-beta1

v0.13.0-beta1