Merge pull request #388 from docker/bot/docker-releases-json

Update `.github/docker-releases.json`

.github/docker-releases.json

@@ -1,8 +1,20 @@
 {
   "latest": {
-    "id": 159031384,
-    "tag_name": "v26.1.4",
-    "html_url": "https://github.com/moby/moby/releases/tag/v26.1.4",
+    "id": 162600493,
+    "tag_name": "v27.0.2",
+    "html_url": "https://github.com/moby/moby/releases/tag/v27.0.2",
+    "assets": []
+  },
+  "v27.0.2": {
+    "id": 162600493,
+    "tag_name": "v27.0.2",
+    "html_url": "https://github.com/moby/moby/releases/tag/v27.0.2",
+    "assets": []
+  },
+  "v27.0.1": {
+    "id": 162009909,
+    "tag_name": "v27.0.1",
+    "html_url": "https://github.com/moby/moby/releases/tag/v27.0.1",
     "assets": []
   },
   "v27.0.1-rc.1": {

.github/workflows/test.yml

@@ -15,7 +15,8 @@ on:
 
 env:
   NODE_VERSION: "20"
-  BUILDX_VERSION: "v0.15.1"
+  BUILDX_VERSION: "https://github.com/docker/buildx.git#d8c9ebde1fdcf659f1fa3efa6ccc27a28b0f1564"  # https://github.com/docker/buildx/pull/2551
+  BUILDKIT_IMAGE: "moby/buildkit:v0.14.1"
 
 jobs:
   test:
@@ -138,6 +139,7 @@ jobs:
         uses: docker/setup-buildx-action@v3
         with:
           version: ${{ env.BUILDX_VERSION }}
+          driver-opts: image=${{ env.BUILDKIT_IMAGE }}
           use: false
       -
         name: Install

__tests__/buildx/build.test.ts

@@ -80,6 +80,16 @@ describe('resolveProvenance', () => {
   });
 });
 
+describe('resolveWarnings', () => {
+  it('matches', async () => {
+    const build = new Build();
+    fs.writeFileSync(build.getMetadataFilePath(), JSON.stringify(metadata));
+    const warnings = build.resolveWarnings();
+    expect(warnings).toBeDefined();
+    expect(warnings?.length).toEqual(3);
+  });
+});
+
 describe('resolveDigest', () => {
   it('matches', async () => {
     const build = new Build();

__tests__/fixtures/lint.Dockerfile

@@ -0,0 +1,28 @@
+# syntax=docker/dockerfile-upstream:master
+
+# Copyright 2024 actions-toolkit authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+frOM busybox as base
+cOpy lint.Dockerfile .
+
+from scratch
+MAINTAINER moby@example.com
+COPy --from=base \
+  /lint.Dockerfile \
+  /
+
+CMD [ "echo", "Hello, Norway!" ]
+CMD [ "echo", "Hello, Sweden!" ]
+ENTRYPOINT my-program start

__tests__/fixtures/metadata.json

@@ -40,6 +40,189 @@
     }
   },
   "buildx.build.ref": "default/default/n6ibcp9b2pw108rrz7ywdznvo",
+  "buildx.build.warnings": [
+    {
+      "vertex": "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0",
+      "level": 1,
+      "short": "Q29uc2lzdGVudEluc3RydWN0aW9uQ2FzaW5nOiBDb21tYW5kICdmck9NJyBzaG91bGQgYmUgY29uc2lzdGVudGx5IGNhc2VkIChsaW5lIDIp",
+      "detail": [
+        "SW5zdHJ1Y3Rpb25zIHNob3VsZCBiZSBpbiBjb25zaXN0ZW50IGNhc2luZyAoYWxsIGxvd2VyIG9yIGFsbCB1cHBlcik="
+      ],
+      "url": "https://docs.docker.com/go/dockerfile/rule/consistent-instruction-casing/",
+      "sourceInfo": {
+        "filename": "Dockerfile",
+        "data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGUtdXBzdHJlYW06bWFzdGVyCmZyT00gYnVzeWJveCBhcyBiYXNlCmNPcHkgRG9ja2VyZmlsZSAuCgpmcm9tIHNjcmF0Y2gKQ09QeSAtLWZyb209YmFzZSBcCiAgL0RvY2tlcmZpbGUgXAogIC8K",
+        "definition": {
+          "def": [
+            "GsUBChJsb2NhbDovL2RvY2tlcmZpbGUSFAoMbG9jYWwuZGlmZmVyEgRub25lEkoKEWxvY2FsLmZvbGxvd3BhdGhzEjVbIkRvY2tlcmZpbGUiLCJEb2NrZXJmaWxlLmRvY2tlcmlnbm9yZSIsImRvY2tlcmZpbGUiXRIqCg1sb2NhbC5zZXNzaW9uEhkwN3A3MzJ6aGR4NXV1NnVsZDNzOGpteWo2EiEKE2xvY2FsLnNoYXJlZGtleWhpbnQSCmRvY2tlcmZpbGVaAA==",
+            "CkkKR3NoYTI1Njo3YjQ3N2FjNWRkM2E0YzRkMjUyM2Y3ZjdmMjA0MDZiNjI2Mzk1ZGUwODJmNDRmZDVmZjk5NjMyM2VjODI1N2Qw"
+          ],
+          "metadata": {
+            "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {
+              "description": {
+                "llb.customname": "[internal] load build definition from Dockerfile"
+              },
+              "caps": {
+                "source.local": true,
+                "source.local.followpaths": true,
+                "source.local.sessionid": true,
+                "source.local.sharedkeyhint": true
+              }
+            },
+            "sha256:a06279dbe062a3b181c9b918abfaf37ca8106f1f9745b9d42356b3195b205cd1": {
+              "caps": {
+                "constraints": true,
+                "meta.description": true,
+                "platform": true
+              }
+            }
+          },
+          "Source": {
+            "locations": {
+              "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {}
+            }
+          }
+        },
+        "language": "Dockerfile"
+      },
+      "range": [
+        {
+          "start": {
+            "line": 2
+          },
+          "end": {
+            "line": 2
+          }
+        }
+      ]
+    },
+    {
+      "vertex": "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0",
+      "level": 1,
+      "short": "Q29uc2lzdGVudEluc3RydWN0aW9uQ2FzaW5nOiBDb21tYW5kICdjT3B5JyBzaG91bGQgYmUgY29uc2lzdGVudGx5IGNhc2VkIChsaW5lIDMp",
+      "detail": [
+        "SW5zdHJ1Y3Rpb25zIHNob3VsZCBiZSBpbiBjb25zaXN0ZW50IGNhc2luZyAoYWxsIGxvd2VyIG9yIGFsbCB1cHBlcik="
+      ],
+      "url": "https://docs.docker.com/go/dockerfile/rule/consistent-instruction-casing/",
+      "sourceInfo": {
+        "filename": "Dockerfile",
+        "data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGUtdXBzdHJlYW06bWFzdGVyCmZyT00gYnVzeWJveCBhcyBiYXNlCmNPcHkgRG9ja2VyZmlsZSAuCgpmcm9tIHNjcmF0Y2gKQ09QeSAtLWZyb209YmFzZSBcCiAgL0RvY2tlcmZpbGUgXAogIC8K",
+        "definition": {
+          "def": [
+            "GsUBChJsb2NhbDovL2RvY2tlcmZpbGUSFAoMbG9jYWwuZGlmZmVyEgRub25lEkoKEWxvY2FsLmZvbGxvd3BhdGhzEjVbIkRvY2tlcmZpbGUiLCJEb2NrZXJmaWxlLmRvY2tlcmlnbm9yZSIsImRvY2tlcmZpbGUiXRIqCg1sb2NhbC5zZXNzaW9uEhkwN3A3MzJ6aGR4NXV1NnVsZDNzOGpteWo2EiEKE2xvY2FsLnNoYXJlZGtleWhpbnQSCmRvY2tlcmZpbGVaAA==",
+            "CkkKR3NoYTI1Njo3YjQ3N2FjNWRkM2E0YzRkMjUyM2Y3ZjdmMjA0MDZiNjI2Mzk1ZGUwODJmNDRmZDVmZjk5NjMyM2VjODI1N2Qw"
+          ],
+          "metadata": {
+            "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {
+              "description": {
+                "llb.customname": "[internal] load build definition from Dockerfile"
+              },
+              "caps": {
+                "source.local": true,
+                "source.local.followpaths": true,
+                "source.local.sessionid": true,
+                "source.local.sharedkeyhint": true
+              }
+            },
+            "sha256:a06279dbe062a3b181c9b918abfaf37ca8106f1f9745b9d42356b3195b205cd1": {
+              "caps": {
+                "constraints": true,
+                "meta.description": true,
+                "platform": true
+              }
+            }
+          },
+          "Source": {
+            "locations": {
+              "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {}
+            }
+          }
+        },
+        "language": "Dockerfile"
+      },
+      "range": [
+        {
+          "start": {
+            "line": 3
+          },
+          "end": {
+            "line": 3
+          }
+        }
+      ]
+    },
+    {
+      "vertex": "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0",
+      "level": 1,
+      "short": "Q29uc2lzdGVudEluc3RydWN0aW9uQ2FzaW5nOiBDb21tYW5kICdDT1B5JyBzaG91bGQgYmUgY29uc2lzdGVudGx5IGNhc2VkIChsaW5lIDYp",
+      "detail": [
+        "SW5zdHJ1Y3Rpb25zIHNob3VsZCBiZSBpbiBjb25zaXN0ZW50IGNhc2luZyAoYWxsIGxvd2VyIG9yIGFsbCB1cHBlcik="
+      ],
+      "url": "https://docs.docker.com/go/dockerfile/rule/consistent-instruction-casing/",
+      "sourceInfo": {
+        "filename": "Dockerfile",
+        "data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGUtdXBzdHJlYW06bWFzdGVyCmZyT00gYnVzeWJveCBhcyBiYXNlCmNPcHkgRG9ja2VyZmlsZSAuCgpmcm9tIHNjcmF0Y2gKQ09QeSAtLWZyb209YmFzZSBcCiAgL0RvY2tlcmZpbGUgXAogIC8K",
+        "definition": {
+          "def": [
+            "GsUBChJsb2NhbDovL2RvY2tlcmZpbGUSFAoMbG9jYWwuZGlmZmVyEgRub25lEkoKEWxvY2FsLmZvbGxvd3BhdGhzEjVbIkRvY2tlcmZpbGUiLCJEb2NrZXJmaWxlLmRvY2tlcmlnbm9yZSIsImRvY2tlcmZpbGUiXRIqCg1sb2NhbC5zZXNzaW9uEhkwN3A3MzJ6aGR4NXV1NnVsZDNzOGpteWo2EiEKE2xvY2FsLnNoYXJlZGtleWhpbnQSCmRvY2tlcmZpbGVaAA==",
+            "CkkKR3NoYTI1Njo3YjQ3N2FjNWRkM2E0YzRkMjUyM2Y3ZjdmMjA0MDZiNjI2Mzk1ZGUwODJmNDRmZDVmZjk5NjMyM2VjODI1N2Qw"
+          ],
+          "metadata": {
+            "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {
+              "description": {
+                "llb.customname": "[internal] load build definition from Dockerfile"
+              },
+              "caps": {
+                "source.local": true,
+                "source.local.followpaths": true,
+                "source.local.sessionid": true,
+                "source.local.sharedkeyhint": true
+              }
+            },
+            "sha256:a06279dbe062a3b181c9b918abfaf37ca8106f1f9745b9d42356b3195b205cd1": {
+              "caps": {
+                "constraints": true,
+                "meta.description": true,
+                "platform": true
+              }
+            }
+          },
+          "Source": {
+            "locations": {
+              "sha256:7b477ac5dd3a4c4d2523f7f7f20406b626395de082f44fd5ff996323ec8257d0": {}
+            }
+          }
+        },
+        "language": "Dockerfile"
+      },
+      "range": [
+        {
+          "start": {
+            "line": 6
+          },
+          "end": {
+            "line": 6
+          }
+        },
+        {
+          "start": {
+            "line": 7
+          },
+          "end": {
+            "line": 7
+          }
+        },
+        {
+          "start": {
+            "line": 8
+          },
+          "end": {
+            "line": 8
+          }
+        }
+      ]
+    }
+  ],
   "containerimage.config.digest": "sha256:059b68a595b22564a1cbc167f369349fdc2ecc1f7bc092c2235cbf601a795fd",
   "containerimage.digest": "sha256:b09b9482c72371486bb2c1d2c2a2633ed1d0b8389e12c8d52b9e052725c0c83c"
 }

__tests__/github.test.itg.ts

@@ -249,3 +249,40 @@ maybe('writeBuildSummary', () => {
     });
   });
 });
+
+maybe('annotateBuildWarnings', () => {
+  it('annoate lint issues', async () => {
+    const buildx = new Buildx();
+    const build = new Build({buildx: buildx});
+
+    fs.mkdirSync(tmpDir, {recursive: true});
+    await expect(
+      (async () => {
+        // prettier-ignore
+        const buildCmd = await buildx.getCommand([
+          '--builder', process.env.CTN_BUILDER_NAME ?? 'default',
+          'build',
+          '-f', path.join(fixturesDir, 'lint.Dockerfile'),
+          fixturesDir,
+          '--metadata-file', build.getMetadataFilePath()
+        ]);
+        await Exec.exec(buildCmd.command, buildCmd.args, {
+          env: Object.assign({}, process.env, {
+            BUILDX_METADATA_WARNINGS: 'true'
+          }) as {
+            [key: string]: string;
+          }
+        });
+      })()
+    ).resolves.not.toThrow();
+
+    const metadata = build.resolveMetadata();
+    expect(metadata).toBeDefined();
+    const buildRef = build.resolveRef(metadata);
+    expect(buildRef).toBeDefined();
+    const buildWarnings = build.resolveWarnings(metadata);
+    expect(buildWarnings).toBeDefined();
+
+    await GitHub.annotateBuildWarnings(path.join(fixturesDir, 'lint.Dockerfile'), buildWarnings);
+  });
+});

src/buildx/build.ts

@@ -25,6 +25,7 @@ import {GitHub} from '../github';
 import {Util} from '../util';
 
 import {BuildMetadata} from '../types/buildx/build';
+import {VertexWarning} from '../types/buildkit/client';
 import {ProvenancePredicate} from '../types/intoto/slsa_provenance/v0.2/provenance';
 
 export interface BuildOpts {
@@ -96,6 +97,19 @@ export class Build {
     return undefined;
   }
 
+  public resolveWarnings(metadata?: BuildMetadata): Array<VertexWarning> | undefined {
+    if (!metadata) {
+      metadata = this.resolveMetadata();
+      if (!metadata) {
+        return undefined;
+      }
+    }
+    if ('buildx.build.warnings' in metadata) {
+      return metadata['buildx.build.warnings'] as Array<VertexWarning>;
+    }
+    return undefined;
+  }
+
   public resolveDigest(metadata?: BuildMetadata): string | undefined {
     if (!metadata) {
       metadata = this.resolveMetadata();

src/github.ts

@@ -37,6 +37,7 @@ import {jwtDecode, JwtPayload} from 'jwt-decode';
 
 import {Util} from './util';
 
+import {VertexWarning} from './types/buildkit/client';
 import {BuildSummaryOpts, GitHubActionsRuntimeToken, GitHubActionsRuntimeTokenAC, GitHubRepo, UploadArtifactOpts, UploadArtifactResponse} from './types/github';
 
 export interface GitHubOpts {
@@ -240,12 +241,10 @@ export class GitHub {
         .addRaw(`For a detailed look at the build, download the following build record archive and import it into Docker Desktop's Builds view. `)
         .addBreak()
         .addRaw(`Build records include details such as timing, dependencies, results, logs, traces, and other information about a build. `)
-        .addRaw(addLink('Learn more', 'https://docs.docker.com/go/build-summary/'))
+        .addRaw(addLink('Learn more', 'https://www.docker.com/blog/new-beta-feature-deep-dive-into-github-actions-docker-builds-with-docker-desktop/?utm_source=github&utm_medium=actions'))
       .addRaw('</p>')
       .addRaw(`<p>`)
-        .addRaw(`:arrow_down: ${addLink(`<strong>${Util.stringToUnicodeEntities(opts.uploadRes.filename)}</strong>`, artifactRelativeURL)} (${Util.formatFileSize(opts.uploadRes.size)})`)
-        .addBreak()
-        .addRaw(`This file includes <strong>${refsSize} build record${refsSize > 1 ? 's' : ''}</strong>.`)
+        .addRaw(`:arrow_down: ${addLink(`<strong>${Util.stringToUnicodeEntities(opts.uploadRes.filename)}</strong>`, artifactRelativeURL)} (${Util.formatFileSize(opts.uploadRes.size)} - includes <strong>${refsSize} build record${refsSize > 1 ? 's' : ''}</strong>)`)
       .addRaw(`</p>`)
       .addRaw(`<p>`)
         .addRaw(`Find this useful? `)
@@ -253,7 +252,7 @@ export class GitHub {
       .addRaw('</p>');
 
     // Preview
-    sum.addRaw(`<strong>Preview</strong>`).addBreak().addRaw('<p>');
+    sum.addRaw('<p>');
     const summaryTableData: Array<Array<SummaryTableCell>> = [
       [
         {header: true, data: 'ID'},
@@ -328,4 +327,39 @@ export class GitHub {
     core.info(`Writing summary`);
     await sum.addSeparator().write();
   }
+
+  public static async annotateBuildWarnings(source: string, warnings?: Array<VertexWarning>): Promise<void> {
+    (warnings ?? []).forEach(warning => {
+      if (!warning.detail || !warning.short) {
+        return;
+      }
+      const title = warning.detail.map(encoded => atob(encoded)).join(' ');
+      let message = atob(warning.short).replace(/\s\(line \d+\)$/, '');
+      if (warning.url) {
+        // https://github.com/docker/buildx/blob/d8c9ebde1fdcf659f1fa3efa6ccc27a28b0f1564/commands/build.go#L854
+        message += `\nMore info: ${warning.url}`;
+      }
+
+      // GitHub annotations don't clearly show ranges of lines, so we'll just
+      // show the first line
+      const startLine = warning.range && warning.range.length > 0 ? warning.range[0]?.start.line : undefined;
+
+      // TODO: When GitHub annotations support showing ranges properly, we can use this code
+      // let startLine: number | undefined, endLine: number | undefined;
+      // for (const range of warning.range ?? []) {
+      //   if (range.start.line && (!startLine || range.start.line < startLine)) {
+      //     startLine = range.start.line;
+      //   }
+      //   if (range.end.line && (!endLine || range.end.line > endLine)) {
+      //     endLine = range.end.line;
+      //   }
+      // }
+
+      core.warning(message, {
+        title: title,
+        file: source,
+        startLine: startLine
+      });
+    });
+  }
 }