Apply the oci-mediatypes default at export time so the Docker tar exporter
does not treat variant=docker as implicit oci-mediatypes=false.
Keep Docker tar manifest.json output for legacy compatibility, and preserve
explicit oci-mediatypes=false behavior with test coverage.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Add compatibility-version 30 for the new OCI media type default while keeping
version 20 pinned to the historical image exporter behavior through v0.31.x.
Track omitted oci-mediatypes separately from explicit false, add v30
compatibility goldens, and document the supported compatibility versions.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Allow annotation and attestation exports with OCI media types enabled, fix
the zstd media type map, and update integration tests for the new default.
Keep Docker media types explicit where legacy behavior is under test.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This matches the documentation, which never specified behavior for
empty/unknown (non-boolean) strings.
We can also remove the parseBoolWithDefault helper, as this was the last
consumer.
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
To facilitate this change, we now fail when there is an exporter option
conflict instead of implicitly setting oci-mediatypes=true.
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
Use the existing in-toto-golang JSON statement types for attestation export
and set the statement type URI to in-toto v1. Remove the local protojson
compatibility wrapper so this patch only changes the emitted statement type.
Update in-toto-golang to v0.11.0 and refresh vendored module metadata.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Ensure the local exporter closes the progress writer after copying files so
progress readers are released when the transfer exits before a final callback.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Update non-generated code for the newer lint recommendations by using typed
atomic values, strings.Cut, and slices.Backward where applicable.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Add solve-wide compatibility-version support for image and oci
exports, with historical goldens and release compatibility tests.
Backfill version 10 for v0.13-v0.14 git artifact behavior, keep
version 20 as current, and reject unsupported zstd on v10.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Resolve SOURCE_DATE_EPOCH=context in the Dockerfile frontend from the
main build context and pass the resolved numeric epoch through normal
ARG handling and exporter metadata.
Use git commit time for git contexts, HTTP Last-Modified when present,
and newest archive entry mtime for HTTP archives. Leave local contexts
unset.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Propagate Dockerfile-defined SOURCE_DATE_EPOCH through frontend result
metadata so exporters can consume it, including per-platform export
paths and rewrite-timestamp handling.
Refactor Dockerfile2LLB to return a structured result, preserve exporter
reset semantics, and cover the exporter-facing behavior with Dockerfile
integration tests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Use ApplyLayers instead of per-layer ApplyLayer loop to
allow recursive parent rebuild when GC collects a parent
snapshot between Stat and Prepare calls.
Pre-lease the top chain ID snapshot before calling
ApplyLayers so that GC cannot collect it during the Stat
shortcut path which does not add snapshots to the lease.
Fixes#6521
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
When image was (externally or in parallel build request) created
in between Update and Create calls, Create can fail.
Handle this case by running Update again.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Split image export into two phases to enable parallel execution:
1. Export creates artifacts (layers, manifests) in the content store
2. FinalizeFunc pushes artifacts to the registry
This allows image push to run in parallel with cache export, reducing
overall build time when both image and cache exports are configured.
The cache exporters run after image Export completes, ensuring they can
see and reuse the layers in the content store.
Signed-off-by: Amr Mahdi <amrmahdi@meta.com>
Currently it is not possible to update to more
recent version as modernize causes errors in generated code.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
When receiving a remote error due to an unexpected status code, read the
body and try to decode either a docker.Error or a simpler {"details"...}
payload. If those succeed, decode and format them appropriately. Otherwise,
fallback to displaying the raw response body which might contain valuable
information to indicate why authentication failed.
Signed-off-by: Alberto Garcia Hierro <damaso.hierro@docker.com>
Currently the option only worked when platform-split=false was
set for multi-platform build but not for setting single platform
build to use platform-split=true.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The PATH is very critical during container runs on
Windows. Windows stores the PATH details in its
registry hive, while in unix, this is often
stored in the image's config. See further details
at #5445
Setting a default path like we do on Linux
(which is mostly not used since the PATH is
already set in the configs), works against
the expected build experience, especially when
it comes to installers and commands like `setx`.
Therefore, we skip setting the default PATH on
Windows, and leave it for the OS to load it
from its registry hive.
This also further supports backward compatibilitiy
with the current experience with docker classic
builder.
Users wishing to explicitly store this in the
configs can opt-in by using the ENV PATH= ..
in the Dockerfile, etc.
See also the same practices on Docker Engine
and Containerd:
- da3b31fb2c/oci/defaults.go (L24-L33)
- 041743e8af/pkg/oci/spec_opts_windows.go (L66-L69)closes#5445
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
Convert usages of `github.com/docker/docker/pkg/idtools` to
`github.com/moby/sys/user` in order to break the dependency between
buildkit and docker.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
Modifies the containerd exporter to create dangling images by default. A
new exporter key has been added to keep the previous behavior where a
dangling image is only created when no image name is provided.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
I came across a number of calls to `platforms.DefaultSpec()`
that were not necessary. That prompted me to take a look
various other similar places.
At least on Windows, the call is a has some cost till
doing a sycall `RtlGetNtVersionNumbers()`.
Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
When `--call=lint` or `--call=outline` were used, the intention wasn't
to run this check because the result doesn't have a platform. When those
checks are run, there is no exporter platforms key.
We would check `Request` from the request operations, but this wasn't a
reliable way to determine whether the result was from a lint because it
is possible for subrequests to have different frontend attributes than
the primary request and the primary request would sometimes not have the
`requestid` attribute set.
Instead of detecting a subrequest with that method, the check has been
updated to exit if there are no references and if there is no exporter
key.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This allows platforms following the new `platforms.FormatAll` function,
which allows for setting the `OSVersion` field of the platform with
`<os>(<ver>)/<arch>`.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
