bake: add unixtimestampparse and formattimestamp functions#3286
Merged
Conversation
sdavids
reviewed
Jul 2, 2025
e70b98b to
7a36d1f
Compare
|
One uses $ SOURCE_DATE_EPOCH=0 docker buildx bake
$ SOURCE_DATE_EPOCH=42 docker buildx bakeDoes this PR support this use case?
— Having this |
sdavids
reviewed
Jul 2, 2025
Member
Author
This is already supported as a standardized environment variable Edit: We only have docs for it in https://docs.docker.com/build/ci/github-actions/reproducible-builds/ but I think we should also have some for build and bake. Maybe in https://docs.docker.com/build/building/variables/#build-tool-configuration-variables. cc @ArthurFlag |
|
Maybe I was not clear enough in #3197: $ SOURCE_DATE_EPOCH=0 docker buildx bakelabels = {
"org.opencontainers.image.created" = "how do I get SOURCE_DATE_EPOCH as an RFC3339-formatted string here"
}The label should look like |
33d0ecb to
ec0bb73
Compare
ec0bb73 to
8df6fc5
Compare
Member
Author
Pushed extra commit to add |
856f62b to
e4913a3
Compare
sdavids
reviewed
Jul 13, 2025
sdavids
reviewed
Jul 13, 2025
sdavids
reviewed
Jul 13, 2025
sdavids
reviewed
Jul 13, 2025
sdavids
reviewed
Jul 13, 2025
tonistiigi
reviewed
Jul 14, 2025
|
|
||
| ```hcl | ||
| # docker-bake.hcl | ||
| variable "BUILD_TIME" { |
Member
There was a problem hiding this comment.
I don't think this is a convention that we would want to promote. Users should set SOURCE_DATE_EPOCH in the env as UNIX timestamp, not BUILD_TIME as string, so that bake uses the same convention as other apps.
Member
Author
There was a problem hiding this comment.
Indeed, this was just for example purpose, renamed SOURCE_DATE_EPOCH to BUILD_TIMESTAMP.
| * `iso_year` (Number) The ISO 8601 year number. | ||
| * `iso_week` (Number) The ISO 8601 week number. | ||
|
|
||
| ```hcl |
Member
There was a problem hiding this comment.
how about
variable "SOURCE_DATE_EPOCH" {
type = number
default = formattimestamp("X", "2015-10-21T00:00:00Z")
}
target "default" {
args = {
SOURCE_DATE_EPOCH = SOURCE_DATE_EPOCH
BUILD_TIME = formattimestamp("YYYY-MM-DD'T'00:00:00Z", SOURCE_DATE_EPOCH)
}
}
I'm also ok for special formatting for rfc3399 for less verbosity.
Member
Author
There was a problem hiding this comment.
I looked at forking FormatDateFunc func as they are not willing to accept timestamp format: zclconf/go-cty#130 (comment) but there's quite a lot to fork and it might be better to be aligned so users are not confused. So that's why I opted for the terraform unix_timestamp_parse function func instead.
Member
Author
There was a problem hiding this comment.
Updated with new formattimestamp func
tonistiigi
reviewed
Jul 14, 2025
tonistiigi
left a comment
Member
There was a problem hiding this comment.
(looks like github skipped my main review message, reposing in case it doesn't appear)
Still somewhat confused about this.
- what is the use case for
rfc4449parse? We would want to theSOURCE_DATE_EPOCHto be the source of truth that is picked up from env as that is the convention and that is already unix. - Is returning a big struct like these new functions do some kind of convention. Can't find anything similar from current stdlib. The current convention seems to be
formatdate. If we don't want to modifyformatdateto have the capability to take date as UNIX timestamp (and maybe to return it) then would it make sense to add a new function, eg.formattimestampthat is the superset of the existing function (and then hide/deprecate the previousformatdate).
e4913a3 to
12d43b2
Compare
12d43b2 to
af6bc87
Compare
Member
Author
Removed
Yes I think as follow-up we could have a |
af6bc87 to
881914b
Compare
881914b to
3009423
Compare
3009423 to
a079c15
Compare
tonistiigi
reviewed
Mar 25, 2026
tonistiigi
left a comment
Member
There was a problem hiding this comment.
It looks like the ability to return unix timestamp from formattimestamp #3286 (comment) is missing. I think if we are adding a new function, we should add that capability as well.
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
a079c15 to
92905a8
Compare
Member
Author
Done, see last commit |
tonistiigi
approved these changes
Mar 25, 2026
eleboucher
pushed a commit
to eleboucher/runner
that referenced
this pull request
May 28, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [buildx](https://github.com/docker/buildx) | minor | `v0.30.0` → `v0.34.1` | --- ### Release Notes <details> <summary>docker/buildx (buildx)</summary> ### [`v0.34.1`](https://github.com/docker/buildx/releases/tag/v0.34.1) [Compare Source](docker/buildx@v0.34.0...v0.34.1) buildx 0.34.1 Welcome to the v0.34.1 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - CrazyMax - Jonathan A. Sternberg - Tõnis Tiigi ##### Notable Changes - Fix regression in Bake command when building from Compose files with empty array value [#​3849](docker/buildx#3849) [#​3852](docker/buildx#3852) - Fix possible panic in Kubernetes driver when using statefulset [#​3853](docker/buildx#3853) ##### Dependency Changes This release has no dependency changes Previous release can be found at [v0.34.0](https://github.com/docker/buildx/releases/tag/v0.34.0) ### [`v0.34.0`](https://github.com/docker/buildx/releases/tag/v0.34.0) [Compare Source](docker/buildx@v0.33.0...v0.34.0) Welcome to the v0.34.0 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - CrazyMax - Tõnis Tiigi - Sebastiaan van Stijn - Jonathan A. Sternberg - Guillaume Lours - Hervé Le Meur - Mateusz Gozdek ##### Notable Changes - Buildx now supports a default source policy for common build pipeline images that are provided by Docker Inc and signed by [Docker GitHub builder](https://github.com/docker/github-builder). These include `docker/dockerfile` frontend (including `docker/dockerfile-upstream` staging area) and `docker/buildkit-syft-scanner` image used for SBOM generation. These images are cryptographically verified to be authentic releases before they are used in builds. This feature is currently opt-in behind the `BUILDX_DEFAULT_POLICY` environment variable, but the intention is to enable it by default in a future release [#​3807](docker/buildx#3807) - Add `--policy` flag to `bake` command to specify global policy evaluation options. [#​3832](docker/buildx#3832) - Kubernetes driver now supports persistent storage options that change the deployment definition to use a StatefulSet and a persistent volume claim. [#​3766](docker/buildx#3766) - Fix issue where progress policy errors may have been lost in progress output. [#​3838](docker/buildx#3838) - Fix stopping `dial-stdio` command when the builder connection closes [#​3790](docker/buildx#3790) - Fix possible panic in `buildx debug` command when solving fails [#​3823](docker/buildx#3823) - Fix handling of Windows paths in local OCI layout definitions [#​3825](docker/buildx#3825) [#​3820](docker/buildx#3820) [#​3812](docker/buildx#3812) - Fix possible incorrect error when using `rm` commands on Docker context based builders [#​3817](docker/buildx#3817) - Fix possible cache miss due to nondeterministic ordering of extra hosts [#​3789](docker/buildx#3789) - Fix mounting of WSL libraries for GPU devices only on local docker-container endpoints [#​3784](docker/buildx#3784) ##### Dependency Changes - **github.com/aws/aws-sdk-go-v2** v1.41.4 -> v1.41.7 - **github.com/aws/aws-sdk-go-v2/config** v1.32.12 -> v1.32.17 - **github.com/aws/aws-sdk-go-v2/credentials** v1.19.12 -> v1.19.16 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.20 -> v1.18.23 - **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.20 -> v1.4.23 - **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.20 -> v2.7.23 - **github.com/aws/aws-sdk-go-v2/internal/v4a** v1.4.24 ***new*** - **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.7 -> v1.13.9 - **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.20 -> v1.13.23 - **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.8 -> v1.0.11 - **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.13 -> v1.30.17 - **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.17 -> v1.35.21 - **github.com/aws/aws-sdk-go-v2/service/sts** v1.41.9 -> v1.42.1 - **github.com/aws/smithy-go** v1.24.2 -> v1.25.1 - **github.com/clipperhouse/uax29/v2** v2.2.0 ***new*** - **github.com/compose-spec/compose-go/v2** v2.9.1 -> v2.10.2 - **github.com/containerd/containerd/v2** v2.2.2 -> v2.2.3 - **github.com/docker/cli** v29.3.1 -> v29.4.3 - **github.com/docker/go-connections** v0.6.0 -> v0.7.0 - **github.com/go-openapi/runtime** v0.29.2 -> v0.29.3 - **github.com/go-openapi/swag** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/cmdutils** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/netutils** v0.25.4 -> v0.25.5 - **github.com/grpc-ecosystem/grpc-gateway/v2** v2.27.7 -> v2.28.0 - **github.com/in-toto/in-toto-golang** v0.10.0 -> v0.11.0 - **github.com/klauspost/compress** v1.18.5 -> v1.18.6 - **github.com/mattn/go-runewidth** v0.0.16 -> v0.0.23 - **github.com/moby/buildkit** v0.29.0 -> v0.30.0 - **github.com/moby/moby/api** v1.54.0 -> v1.54.2 - **github.com/moby/moby/client** v0.3.0 -> v0.4.1 - **github.com/moby/policy-helpers** [`b7c0b99`](docker/buildx@b7c0b994300b) -> [`a39d601`](docker/buildx@a39d60132186) - **github.com/moby/spdystream** v0.5.0 -> v0.5.1 - **github.com/sigstore/sigstore** v1.10.4 -> v1.10.5 - **github.com/sigstore/timestamp-authority/v2** v2.0.3 -> v2.0.6 - **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.63.0 -> v0.68.0 - **go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace** v0.63.0 -> v0.68.0 - **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.63.0 -> v0.68.0 - **go.opentelemetry.io/otel** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/exporters/stdout/stdouttrace** v1.38.0 -> v1.42.0 - **go.opentelemetry.io/otel/metric** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/sdk** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/sdk/metric** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/otel/trace** v1.40.0 -> v1.43.0 - **go.opentelemetry.io/proto/otlp** v1.9.0 -> v1.10.0 - **go.yaml.in/yaml/v4** v4.0.0-rc.4 ***new*** - **golang.org/x/crypto** v0.48.0 -> v0.50.0 - **golang.org/x/mod** v0.33.0 -> v0.34.0 - **golang.org/x/net** v0.51.0 -> v0.53.0 - **golang.org/x/oauth2** v0.34.0 -> v0.36.0 - **golang.org/x/sync** v0.19.0 -> v0.20.0 - **golang.org/x/sys** v0.42.0 -> v0.43.0 - **golang.org/x/term** v0.41.0 -> v0.42.0 - **golang.org/x/text** v0.34.0 -> v0.36.0 - **golang.org/x/time** v0.14.0 -> v0.15.0 - **golang.org/x/tools** v0.41.0 -> v0.43.0 - **google.golang.org/genproto/googleapis/api** [`8636f87`](docker/buildx@8636f8732409) -> [`6f92a3b`](docker/buildx@6f92a3bedf2d) - **google.golang.org/genproto/googleapis/rpc** [`8636f87`](docker/buildx@8636f8732409) -> [`6f92a3b`](docker/buildx@6f92a3bedf2d) - **google.golang.org/grpc** v1.79.3 -> v1.80.0 - **k8s.io/api** v0.35.2 -> v0.35.4 - **k8s.io/apimachinery** v0.35.2 -> v0.35.4 - **k8s.io/client-go** v0.35.2 -> v0.35.4 Previous release can be found at [v0.33.0](https://github.com/docker/buildx/releases/tag/v0.33.0) ### [`v0.33.0`](https://github.com/docker/buildx/releases/tag/v0.33.0) [Compare Source](docker/buildx@v0.32.1...v0.33.0) Welcome to the v0.33.0 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Jonathan A. Sternberg - Sebastiaan van Stijn - rishabh - Akihiro Suda ##### Notable Changes - Imagetools `create` and `inspect` commands now support OCI layout paths as source and destination that can be used together with registry references [#​3721](docker/buildx#3721) - Bake command supports new builtin functions `formattimestamp` and `unixtimestampparse` for better handling of time values [#​3286](docker/buildx#3286) - DAP debugger support is now generally available without the need for the experimental features flag [#​3736](docker/buildx#3736) - Policy evaluation now supports verifying HTTP sources with PGP signatures through the `verify_http_pgp_signature` builtin [#​3677](docker/buildx#3677) - `policy eval` command now supports `--platform` flag to specify the platform for evaluated image sources [#​3738](docker/buildx#3738) - `policy eval` can now read policy from stdin when `-f -` is used [#​3738](docker/buildx#3738) - `policy eval` flag `--filename` has been renamed to `--file` for consistency with other commands. The previous flag is deprecated. [#​3738](docker/buildx#3738) - Fix issue where `imagetools create` could in some cases upload the same (attestation) manifest multiple times, possibly causing `400` error in some registries [#​3731](docker/buildx#3731) - Fix rejecting empty string values for `BUILDKIT_SYNTAX` build argument override [#​3734](docker/buildx#3734) - Fix possible inconsistent build context contents when using remote bake builds with a subdirectory in context path [#​3678](docker/buildx#3678) - Fix possible formatting issue in `imagetools inspect` based on whitespace in input [#​3732](docker/buildx#3732) - Fix possible error when finalizing build history traces in multi-node builders [#​3716](docker/buildx#3716) [#​3717](docker/buildx#3717) - Fix possible build errors when linking Bake multi-platform targets with session attributes like build secrets [#​3696](docker/buildx#3696) - Fix remote Bake git contexts to preserve subdirectory paths [#​3682](docker/buildx#3682) - Fix proxy build-arg override detection when argument casing differs [#​3697](docker/buildx#3697) - Fix DAP breakpoints on the entrypoint line being skipped in some cases [#​3691](docker/buildx#3691) - Fix DAP breakpoint detection on case-insensitive filesystems such as Windows [#​3704](docker/buildx#3704) - Fix DAP source path mapping for Dockerfiles outside the context root or in subdirectories [#​3709](docker/buildx#3709) - Fix DAP stepping by skipping internal build context load steps without source locations [#​3712](docker/buildx#3712) - Fix over-eager DAP input evaluation while stepping through builds [#​3687](docker/buildx#3687) - Fix DAP checks for whether an exec command can run successfully [#​3701](docker/buildx#3701) - Fix DAP debugger exit status reporting and output delivery on session shutdown [#​3735](docker/buildx#3735) ##### Dependency Changes - **github.com/aws/aws-sdk-go-v2** v1.41.1 -> v1.41.4 - **github.com/aws/aws-sdk-go-v2/config** v1.32.7 -> v1.32.12 - **github.com/aws/aws-sdk-go-v2/credentials** v1.19.7 -> v1.19.12 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.17 -> v1.18.20 - **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.17 -> v1.4.20 - **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.17 -> v2.7.20 - **github.com/aws/aws-sdk-go-v2/internal/ini** v1.8.4 -> v1.8.6 - **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.4 -> v1.13.7 - **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.17 -> v1.13.20 - **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.5 -> v1.0.8 - **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.9 -> v1.30.13 - **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.13 -> v1.35.17 - **github.com/aws/aws-sdk-go-v2/service/sts** v1.41.6 -> v1.41.9 - **github.com/aws/smithy-go** v1.24.0 -> v1.24.2 - **github.com/containerd/containerd/v2** v2.2.1 -> v2.2.2 - **github.com/containerd/ttrpc** v1.2.7 -> v1.2.8 - **github.com/docker/cli** v29.2.1 -> v29.3.1 - **github.com/go-openapi/analysis** v0.24.1 -> v0.24.3 - **github.com/go-openapi/errors** v0.22.6 -> v0.22.7 - **github.com/go-openapi/jsonpointer** v0.22.4 -> v0.22.5 - **github.com/go-openapi/jsonreference** v0.21.4 -> v0.21.5 - **github.com/go-openapi/loads** v0.23.2 -> v0.23.3 - **github.com/go-openapi/spec** v0.22.3 -> v0.22.4 - **github.com/go-openapi/strfmt** v0.25.0 -> v0.26.1 - **github.com/go-openapi/swag/conv** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/fileutils** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/jsonname** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/jsonutils** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/loading** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/mangling** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/stringutils** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/typeutils** v0.25.4 -> v0.25.5 - **github.com/go-openapi/swag/yamlutils** v0.25.4 -> v0.25.5 - **github.com/go-openapi/validate** v0.25.1 -> v0.25.2 - **github.com/grpc-ecosystem/grpc-gateway/v2** v2.27.3 -> v2.27.7 - **github.com/klauspost/compress** v1.18.4 -> v1.18.5 - **github.com/moby/buildkit** v0.28.0 -> v0.29.0 - **github.com/moby/moby/api** v1.53.0 -> v1.54.0 - **github.com/moby/moby/client** v0.2.2 -> v0.3.0 - **github.com/moby/patternmatcher** v0.6.0 -> v0.6.1 - **github.com/moby/policy-helpers** [`824747b`](docker/buildx@824747bfdd3c) -> [`b7c0b99`](docker/buildx@b7c0b994300b) - **github.com/oklog/ulid/v2** v2.1.1 ***new*** - **go.opentelemetry.io/otel** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/metric** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/sdk** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/sdk/metric** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/otel/trace** v1.38.0 -> v1.40.0 - **go.opentelemetry.io/proto/otlp** v1.7.1 -> v1.9.0 - **golang.org/x/sys** v0.41.0 -> v0.42.0 - **golang.org/x/term** v0.40.0 -> v0.41.0 - **google.golang.org/genproto/googleapis/api** [`ff82c1b`](docker/buildx@ff82c1b0f217) -> [`8636f87`](docker/buildx@8636f8732409) - **google.golang.org/genproto/googleapis/rpc** [`0a764e5`](docker/buildx@0a764e51fe1b) -> [`8636f87`](docker/buildx@8636f8732409) - **google.golang.org/grpc** v1.78.0 -> v1.79.3 - **k8s.io/api** v0.34.1 -> v0.35.2 - **k8s.io/apimachinery** v0.34.1 -> v0.35.2 - **k8s.io/client-go** v0.34.1 -> v0.35.2 - **k8s.io/kube-openapi** [`f3f2b99`](docker/buildx@f3f2b991d03b) -> [`589584f`](docker/buildx@589584f1c912) - **k8s.io/utils** [`4c0f3b2`](docker/buildx@4c0f3b243397) -> [`bc988d5`](docker/buildx@bc988d571ff4) - **sigs.k8s.io/json** [`cfa47c3`](docker/buildx@cfa47c3a1cc8) -> [`2d32026`](docker/buildx@2d320260d730) Previous release can be found at [v0.32.1](https://github.com/docker/buildx/releases/tag/v0.32.1) ### [`v0.32.1`](https://github.com/docker/buildx/releases/tag/v0.32.1) [Compare Source](docker/buildx@v0.32.0...v0.32.1) buildx 0.32.1 Welcome to the v0.32.1 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - CrazyMax - Tõnis Tiigi ##### Notable Changes - Fix possible error when building private Git repositories with secret credentials directly from remote source [#​3694](docker/buildx#3694) ##### Dependency Changes This release has no dependency changes Previous release can be found at [v0.32.0](https://github.com/docker/buildx/releases/tag/v0.32.0) ### [`v0.32.0`](https://github.com/docker/buildx/releases/tag/v0.32.0) [Compare Source](docker/buildx@v0.31.1...v0.32.0) buildx 0.32.0 Welcome to the v0.32.0 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Sebastiaan van Stijn - Jonathan A. Sternberg - Akhil Manoj - David Karlsson - yzewei ##### Notable Changes - Imagetools now supports `--metadata-file` flag to capture properties like descriptor/digest values for the new image. [#​3638](docker/buildx#3638) - Imagetools auth libraries have now been combined with the ones used in `build` commands, enabling previously missing support for scoped credentials and automatic fallbacks for Docker Hardened Image registries. [#​3627](docker/buildx#3627) - Many commands now support `--timeout` flag to configure the timeout for waiting for responses from remote builders. [#​3665](docker/buildx#3665) - Rego Policy now supports validating builds from remote sources (Git, HTTP) [#​3661](docker/buildx#3661) - Rego Policies now include new builtins for validating signed Sigstore bundle attestations of HTTP source artifacts. Attestations can also be automatically fetched from Github API [#​3657](docker/buildx#3657) - Rego policies can now use `input.image.provenance` to write rules validating specific provenance attestation fields. Materials of provenance can be accessed as policy secondary inputs. Requires BuildKit v0.28+ [#​3652](docker/buildx#3652) [#​3662](docker/buildx#3662) - Builds failing due to policy violations now have better error messages with the failing step clearly marked and the last policy logs shown with the error. [#​3656](docker/buildx#3656) - Fix possible passing of incorrect Git auth token for Bake builds when multiple remotes with different hosts exist. [#​3648](docker/buildx#3648) - Fixed policy filesystem reference lifecycle handling to avoid stale policy filesystem state during builds. [#​3674](docker/buildx#3674) - Normalized default policy filename resolution from environment configuration for more consistent behavior. [#​3675](docker/buildx#3675) - Named contexts used in different projects now get unique "shared keys" (previously based on context name) to avoid overwriting destinations of other projects, with reduced performance. This feature requires Dockerfile 1.22+ [#​3618](docker/buildx#3618) - Fix local subdir named context copied with wrong parent directory for remote Bake builds [#​3678](docker/buildx#3678) - Bake builds now capture the original URL information of named contexts sent as inputs in request metadata [#​3682](docker/buildx#3682) [#​3462](docker/buildx#3462) - Additional metrics associated with DAP debugger have been added [#​3633](docker/buildx#3633) - DAP file explorer now gets a more accurate state of the file system via updated BuildKit API [#​3450](docker/buildx#3450) - DAP file explorer source names have been improved [#​3631](docker/buildx#3631) - Improve the output of `-q` used with `--call` [#​3655](docker/buildx#3655) ##### Dependency Changes - **github.com/aws/aws-sdk-go-v2** v1.39.6 -> v1.41.1 - **github.com/aws/aws-sdk-go-v2/config** v1.31.20 -> v1.32.7 - **github.com/aws/aws-sdk-go-v2/credentials** v1.18.24 -> v1.19.7 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.13 -> v1.18.17 - **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.13 -> v1.4.17 - **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.13 -> v2.7.17 - **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.3 -> v1.13.4 - **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.13 -> v1.13.17 - **github.com/aws/aws-sdk-go-v2/service/signin** v1.0.5 ***new*** - **github.com/aws/aws-sdk-go-v2/service/sso** v1.30.3 -> v1.30.9 - **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.35.7 -> v1.35.13 - **github.com/aws/aws-sdk-go-v2/service/sts** v1.40.2 -> v1.41.6 - **github.com/aws/smithy-go** v1.23.2 -> v1.24.0 - **github.com/cloudflare/circl** v1.6.1 -> v1.6.3 - **github.com/docker/cli** v29.1.5 -> v29.2.1 - **github.com/go-openapi/errors** v0.22.4 -> v0.22.6 - **github.com/go-openapi/jsonpointer** v0.22.1 -> v0.22.4 - **github.com/go-openapi/jsonreference** v0.21.3 -> v0.21.4 - **github.com/go-openapi/spec** v0.22.1 -> v0.22.3 - **github.com/go-openapi/swag** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/cmdutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/conv** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/fileutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/jsonname** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/jsonutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/loading** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/mangling** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/netutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/stringutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/typeutils** v0.25.3 -> v0.25.4 - **github.com/go-openapi/swag/yamlutils** v0.25.3 -> v0.25.4 - **github.com/go-viper/mapstructure/v2** v2.4.0 -> v2.5.0 - **github.com/golang/snappy** v1.0.0 ***new*** - **github.com/google/go-containerregistry** v0.20.6 -> v0.20.7 - **github.com/in-toto/in-toto-golang** v0.9.0 -> v0.10.0 - **github.com/klauspost/compress** v1.18.2 -> v1.18.4 - **github.com/moby/buildkit** v0.27.0 -> v0.28.0 - **github.com/moby/moby/api** v1.52.0 -> v1.53.0 - **github.com/moby/moby/client** v0.2.1 -> v0.2.2 - **github.com/moby/policy-helpers** [`9fcc1a9`](docker/buildx@9fcc1a9ec5c9) -> [`824747b`](docker/buildx@824747bfdd3c) - **github.com/package-url/packageurl-go** v0.1.1 ***new*** - **github.com/pelletier/go-toml/v2** v2.2.4 ***new*** - **github.com/secure-systems-lab/go-securesystemslib** v0.9.1 -> v0.10.0 - **github.com/sigstore/rekor** v1.4.3 -> v1.5.0 - **github.com/sigstore/sigstore** v1.10.0 -> v1.10.4 - **github.com/sigstore/sigstore-go** [`b5fe07a`](docker/buildx@b5fe07a5a7d7) -> v1.1.4 - **github.com/sigstore/timestamp-authority/v2** v2.0.2 -> v2.0.3 - **github.com/theupdateframework/go-tuf/v2** v2.3.0 -> v2.4.1 - **google.golang.org/genproto/googleapis/api** [`f26f940`](docker/buildx@f26f9409b101) -> [`ff82c1b`](docker/buildx@ff82c1b0f217) - **google.golang.org/genproto/googleapis/rpc** [`f26f940`](docker/buildx@f26f9409b101) -> [`0a764e5`](docker/buildx@0a764e51fe1b) - **google.golang.org/grpc** v1.76.0 -> v1.78.0 Previous release can be found at [v0.31.1](https://github.com/docker/buildx/releases/tag/v0.31.1) ### [`v0.31.1`](https://github.com/docker/buildx/releases/tag/v0.31.1) [Compare Source](docker/buildx@v0.31.0...v0.31.1) buildx 0.31.1 Welcome to the v0.31.1 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - Tõnis Tiigi ##### Notable Changes - Fix excessive HTTP requests when using `buildx imagetools create` command [#​3632](docker/buildx#3632) ##### Dependency Changes This release has no dependency changes Previous release can be found at [v0.31.0](https://github.com/docker/buildx/releases/tag/v0.31.0) ### [`v0.31.0`](https://github.com/docker/buildx/releases/tag/v0.31.0) [Compare Source](docker/buildx@v0.30.1...v0.31.0) buildx 0.31.0 Welcome to the v0.31.0 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Sebastiaan van Stijn - Jonathan A. Sternberg - Justin Chadwell - Akihiro Suda - Brian Goff - David Karlsson - Paweł Gronowski - Sergei Khomenkov - guimove ##### Notable Changes - This is a first version of Buildx with signed artifacts built using [Docker Github Builder](https://github.com/docker/github-builder-experimental) - This release comes with new experimental support for source policy enforcement during builds using policies written in [Rego](https://www.openpolicyagent.org/docs/policy-language) language. There are some limitations in this release, for example, only builds from the local build context currently load policies. [#​3593](docker/buildx#3593) [#​3539](docker/buildx#3539) [#​3592](docker/buildx#3592) [#​3611](docker/buildx#3611) [docs](https://docs.docker.com/build/policies/) - Matching policy for Dockerfile is loaded automatically if one exists, e.g., `Dockerfile.rego` or `app.Dockerfile.rego`. - Additional policy configuration can be provided using new `build --policy` flag. - Bake also supports automatic policy loading and a new `policy` key in the target configuration. - New `buildx policy` command includes subcommands `eval` and `test` to help you write and test your policies. - Bake command has a new `--var` flag to set variable values from the command line instead of setting environment variables. [#​3610](docker/buildx#3610) - When creating images in Docker image store, they no longer unpack if export was initialized with `--push` or `-o type=registry` [#​3519](docker/buildx#3519) - Add `semvercmp` helper function to Bake stdlib for easier version comparisons [#​3577](docker/buildx#3577) - Retry transient TLS errors when talking to Kubernetes nodes [#​3493](docker/buildx#3493) - Allow disabling Bake env lookups so `bake` can ignore host environment variables [#​3595](docker/buildx#3595) - Add possibility to load Docker configs scoped to specific repos/scopes for finer credential control [#​3562](docker/buildx#3562) - When building images from Docker Hardened Images (dhi.io) and Docker Scout registries, authentication will now automatically fall back to Docker Hub credentials if no specific credentials are found. [#​3612](docker/buildx#3612) - Fix the `--debug` flag issues in standalone mode [#​3554](docker/buildx#3554) - Fix handling `@` characters inside OCI layout paths passed to build [#​3583](docker/buildx#3583) - Surface policy controls `--policy`, policy eval, custom builtins/Regos/gitsign checks so builds can enforce policies [#​3593](docker/buildx#3593) [#​3549](docker/buildx#3549) - Prevent DAP breakpoint overlaps from triggering false positives [#​3534](docker/buildx#3534) - Fix mount input names in DAP run mounts [#​3579](docker/buildx#3579) - Fix DAP breakpoint reason reporting [#​3581](docker/buildx#3581) ##### Dependency Changes - **github.com/ProtonMail/go-crypto** v1.3.0 ***new*** - **github.com/agnivade/levenshtein** v1.2.1 ***new*** - **github.com/asaskevich/govalidator** [`a9d515a`](docker/buildx@a9d515a09cc2) ***new*** - **github.com/aws/aws-sdk-go-v2** v1.38.1 -> v1.39.6 - **github.com/aws/aws-sdk-go-v2/config** v1.31.3 -> v1.31.20 - **github.com/aws/aws-sdk-go-v2/credentials** v1.18.7 -> v1.18.24 - **github.com/aws/aws-sdk-go-v2/feature/ec2/imds** v1.18.4 -> v1.18.13 - **github.com/aws/aws-sdk-go-v2/internal/configsources** v1.4.4 -> v1.4.13 - **github.com/aws/aws-sdk-go-v2/internal/endpoints/v2** v2.7.4 -> v2.7.13 - **github.com/aws/aws-sdk-go-v2/internal/ini** v1.8.3 -> v1.8.4 - **github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding** v1.13.0 -> v1.13.3 - **github.com/aws/aws-sdk-go-v2/service/internal/presigned-url** v1.13.4 -> v1.13.13 - **github.com/aws/aws-sdk-go-v2/service/sso** v1.28.2 -> v1.30.3 - **github.com/aws/aws-sdk-go-v2/service/ssooidc** v1.34.0 -> v1.35.7 - **github.com/aws/aws-sdk-go-v2/service/sts** v1.38.0 -> v1.40.2 - **github.com/aws/smithy-go** v1.22.5 -> v1.23.2 - **github.com/beorn7/perks** v1.0.1 ***new*** - **github.com/blang/semver** v3.5.1 ***new*** - **github.com/cespare/xxhash/v2** v2.3.0 ***new*** - **github.com/cloudflare/circl** v1.6.1 ***new*** - **github.com/containerd/containerd/v2** [`efd86f2`](docker/buildx@efd86f2b0bc2) -> v2.2.1 - **github.com/cyberphone/json-canonicalization** [`19d51d7`](docker/buildx@19d51d7fe467) ***new*** - **github.com/davecgh/go-spew** v1.1.1 -> [`d8f796a`](docker/buildx@d8f796af33cc) - **github.com/decred/dcrd/dcrec/secp256k1/v4** v4.4.0 ***new*** - **github.com/digitorus/pkcs7** [`3a137a8`](docker/buildx@3a137a874352) ***new*** - **github.com/digitorus/timestamp** [`220c5c2`](docker/buildx@220c5c2851b7) ***new*** - **github.com/docker/cli** v28.5.1 -> v29.1.5 - **github.com/docker/cli-docs-tool** v0.10.0 -> v0.11.0 - **github.com/docker/docker** v28.5.1 -> v28.5.2 - **github.com/docker/docker-credential-helpers** v0.9.3 -> v0.9.5 - **github.com/docker/go-connections** v0.5.0 -> v0.6.0 - **github.com/fvbommel/sortorder** v1.0.1 -> v1.1.0 - **github.com/go-ini/ini** v1.67.0 ***new*** - **github.com/go-openapi/analysis** v0.24.1 ***new*** - **github.com/go-openapi/errors** v0.22.4 ***new*** - **github.com/go-openapi/jsonpointer** v0.21.0 -> v0.22.1 - **github.com/go-openapi/jsonreference** v0.20.2 -> v0.21.3 - **github.com/go-openapi/loads** v0.23.2 ***new*** - **github.com/go-openapi/runtime** v0.29.2 ***new*** - **github.com/go-openapi/spec** v0.22.1 ***new*** - **github.com/go-openapi/strfmt** v0.25.0 ***new*** - **github.com/go-openapi/swag** v0.23.0 -> v0.25.3 - **github.com/go-openapi/swag/cmdutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/conv** v0.25.3 ***new*** - **github.com/go-openapi/swag/fileutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/jsonname** v0.25.3 ***new*** - **github.com/go-openapi/swag/jsonutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/loading** v0.25.3 ***new*** - **github.com/go-openapi/swag/mangling** v0.25.3 ***new*** - **github.com/go-openapi/swag/netutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/stringutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/typeutils** v0.25.3 ***new*** - **github.com/go-openapi/swag/yamlutils** v0.25.3 ***new*** - **github.com/go-openapi/validate** v0.25.1 ***new*** - **github.com/gobwas/glob** v0.2.3 ***new*** - **github.com/goccy/go-json** v0.10.5 ***new*** - **github.com/google/certificate-transparency-go** v1.3.2 ***new*** - **github.com/google/go-containerregistry** v0.20.6 ***new*** - **github.com/google/go-dap** v0.12.0 -> [`d7a2259`](docker/buildx@d7a2259b058b) - **github.com/grpc-ecosystem/grpc-gateway/v2** v2.27.2 -> v2.27.3 - **github.com/hiddeco/sshsig** v0.2.0 ***new*** - **github.com/in-toto/attestation** v1.1.2 ***new*** - **github.com/klauspost/compress** v1.18.1 -> v1.18.2 - **github.com/lestrrat-go/blackmagic** v1.0.4 ***new*** - **github.com/lestrrat-go/dsig** v1.0.0 ***new*** - **github.com/lestrrat-go/dsig-secp256k1** v1.0.0 ***new*** - **github.com/lestrrat-go/httpcc** v1.0.1 ***new*** - **github.com/lestrrat-go/httprc/v3** v3.0.1 ***new*** - **github.com/lestrrat-go/jwx/v3** v3.0.11 ***new*** - **github.com/lestrrat-go/option** v1.0.1 ***new*** - **github.com/lestrrat-go/option/v2** v2.0.0 ***new*** - **github.com/moby/buildkit** v0.26.1 -> v0.27.0 - **github.com/moby/go-archive** v0.1.0 -> v0.2.0 - **github.com/moby/moby/api** v1.52.0 ***new*** - **github.com/moby/moby/client** v0.2.1 ***new*** - **github.com/moby/policy-helpers** [`9fcc1a9`](docker/buildx@9fcc1a9ec5c9) ***new*** - **github.com/morikuni/aec** v1.0.0 -> v1.1.0 - **github.com/oklog/ulid** v1.3.1 ***new*** - **github.com/open-policy-agent/opa** v1.10.1 ***new*** - **github.com/pmezard/go-difflib** v1.0.0 -> [`5d4384e`](docker/buildx@5d4384ee4fb2) - **github.com/prometheus/client\_golang** v1.23.2 ***new*** - **github.com/prometheus/client\_model** v0.6.2 ***new*** - **github.com/prometheus/common** v0.66.1 ***new*** - **github.com/prometheus/procfs** v0.17.0 ***new*** - **github.com/rcrowley/go-metrics** [`65e299d`](docker/buildx@65e299d6c5c9) ***new*** - **github.com/rivo/uniseg** v0.2.0 -> v0.4.7 - **github.com/segmentio/asm** v1.2.0 ***new*** - **github.com/sigstore/protobuf-specs** v0.5.0 ***new*** - **github.com/sigstore/rekor** v1.4.3 ***new*** - **github.com/sigstore/rekor-tiles/v2** v2.0.1 ***new*** - **github.com/sigstore/sigstore** v1.10.0 ***new*** - **github.com/sigstore/sigstore-go** [`b5fe07a`](docker/buildx@b5fe07a5a7d7) ***new*** - **github.com/sigstore/timestamp-authority/v2** v2.0.2 ***new*** - **github.com/sirupsen/logrus** v1.9.3 -> v1.9.4 - **github.com/spf13/cobra** v1.10.1 -> v1.10.2 - **github.com/tchap/go-patricia/v2** v2.3.3 ***new*** - **github.com/theupdateframework/go-tuf/v2** v2.3.0 ***new*** - **github.com/tonistiigi/fsutil** [`586307a`](docker/buildx@586307ad452f) -> [`a2aa163`](docker/buildx@a2aa163d723f) - **github.com/transparency-dev/formats** [`404c0d5`](docker/buildx@404c0d5b696c) ***new*** - **github.com/transparency-dev/merkle** v0.0.2 ***new*** - **github.com/valyala/fastjson** v1.6.4 ***new*** - **github.com/vektah/gqlparser/v2** v2.5.30 ***new*** - **github.com/xeipuuv/gojsonpointer** [`02993c4`](docker/buildx@02993c407bfb) ***new*** - **github.com/xeipuuv/gojsonreference** [`bd5ef7b`](docker/buildx@bd5ef7bd5415) ***new*** - **github.com/yashtewari/glob-intersection** v0.2.0 ***new*** - **go.mongodb.org/mongo-driver** v1.17.6 ***new*** - **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.61.0 -> v0.63.0 - **go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace** v0.61.0 -> v0.63.0 - **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.61.0 -> v0.63.0 - **go.opentelemetry.io/otel/exporters/stdout/stdouttrace** v1.31.0 -> v1.38.0 - **go.yaml.in/yaml/v2** v2.4.2 -> v2.4.3 - **google.golang.org/genproto/googleapis/api** [`c5933d9`](docker/buildx@c5933d9347a5) -> [`f26f940`](docker/buildx@f26f9409b101) - **google.golang.org/genproto/googleapis/rpc** [`c5933d9`](docker/buildx@c5933d9347a5) -> [`f26f940`](docker/buildx@f26f9409b101) Previous release can be found at [v0.30.1](https://github.com/docker/buildx/releases/tag/v0.30.1) ### [`v0.30.1`](https://github.com/docker/buildx/releases/tag/v0.30.1) [Compare Source](docker/buildx@v0.30.0...v0.30.1) Welcome to the v0.30.1 release of buildx! Please try out the release binaries and report any issues at <https://github.com/docker/buildx/issues>. ##### Contributors - Tõnis Tiigi - CrazyMax - Jonathan A. Sternberg ##### Notable Changes - Fix concurrent map write panic. [#​3524](docker/buildx#3524) - Fix possible excessive chunking when fetching blobs. [#​3529](docker/buildx#3529) ##### Dependency Changes - **github.com/containerd/containerd/v2** v2.2.0 -> [`efd86f2`](docker/buildx@efd86f2b0bc2) - **github.com/moby/buildkit** v0.26.0 -> v0.26.1 Previous release can be found at [v0.30.0](https://github.com/docker/buildx/releases/tag/v0.30.0) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`) - Automerge - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5NS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJLaW5kL0RlcGVuZGVuY3lVcGRhdGUiLCJydW4tZW5kLXRvLWVuZC10ZXN0cyJdfQ==--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/1533 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.code.forgejo.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes #3197
Adds
unixtimestampparsesimilar to terraformunix_timestamp_parsefunction. Also addsformattimestampas a superset offormatdateso timestamps can be formatted from either an RFC3339 string or a unix timestamp integer. Keepsformatdatefor compatibility and marks it as deprecated for new usage.cc @sdavids