Merge pull request #1024 from crazy-max/subdir-dot

buildx(build): ignore dot git context subdir
2026-03-18 09:59:13 +01:00 · 2026-03-18 09:53:58 +01:00 · 2026-03-18 09:24:44 +01:00 · 2026-03-18 09:24:22 +01:00 · 2026-03-18 09:15:22 +01:00 · 2026-03-18 09:00:41 +01:00
6 changed files with 92 additions and 29 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -53,7 +53,7 @@ jobs:
          npm publish --provenance --access public
      -
        name: Create Release
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b  # v2.5.0
+        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe  # v2.6.1
        with:
          draft: true
          generate_release_notes: true
--- a/tests/buildx/build.test.ts
+++ b/tests/buildx/build.test.ts
@@ -64,6 +64,9 @@ describe('gitContext', () => {
    prHeadRef: boolean;
    sendGitQueryAsInput: boolean;
    buildxQuerySupport: boolean;
+    subdir?: string;
+    keepGitDir?: boolean;
+    submodules?: boolean;
  };

  // prettier-ignore
@@ -79,28 +82,49 @@ describe('gitContext', () => {
    [{ref: 'refs/pull/15/merge', format: undefined, prHeadRef: false, sendGitQueryAsInput: true, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/merge&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/pull/15/merge', format: undefined, prHeadRef: true, sendGitQueryAsInput: true, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/head&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: true, buildxQuerySupport: false}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
+    [{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, keepGitDir: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&keep-git-dir=true'],
+    [{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: false, keepGitDir: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&keep-git-dir=true'],
+    [{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, submodules: false}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=false'],
+    [{ref: 'refs/heads/master', format: undefined, prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: false, submodules: false}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=false'],
    // query format
    [{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/pull/15/merge', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/merge&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/tags/v1.0.0', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/tags/v1.0.0&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/pull/15/merge', format: 'query', prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/pull/15/head&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
+    [{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir'}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&subdir=subdir'],
+    [{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: '.'}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37'],
+    [{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir', keepGitDir: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&subdir=subdir&keep-git-dir=true'],
+    [{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, submodules: true}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=true'],
+    [{ref: 'refs/heads/master', format: 'query', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, submodules: false}, 'https://github.com/docker/actions-toolkit.git?ref=refs/heads/master&checksum=860c1904a1ce19322e91ac35af1ab07466440c37&submodules=false'],
    // fragment format
    [{ref: 'refs/heads/master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/pull/15/merge', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/merge'],
    [{ref: 'refs/tags/v1.0.0', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
    [{ref: 'refs/pull/15/merge', format: 'fragment', prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/head'],
+    [{ref: 'refs/heads/master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir'}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37:subdir'],
+    [{ref: 'refs/heads/master', format: 'fragment', prHeadRef: false, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: '.'}, 'https://github.com/docker/actions-toolkit.git#860c1904a1ce19322e91ac35af1ab07466440c37'],
+    [{ref: 'refs/pull/15/merge', format: 'fragment', prHeadRef: true, sendGitQueryAsInput: false, buildxQuerySupport: true, subdir: 'subdir'}, 'https://github.com/docker/actions-toolkit.git#refs/pull/15/head:subdir'],
  ];

  test.each(gitContextCases)('given %o should return %o', async (input: GitContextTestCase, expected: string) => {
-    const {ref, format, prHeadRef, sendGitQueryAsInput, buildxQuerySupport} = input;
+    const {ref, format, prHeadRef, sendGitQueryAsInput, buildxQuerySupport, subdir, keepGitDir, submodules} = input;
    process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF = prHeadRef ? 'true' : '';
    process.env.BUILDX_SEND_GIT_QUERY_AS_INPUT = sendGitQueryAsInput ? 'true' : '';
    const buildx = new Buildx();
    vi.spyOn(buildx, 'versionSatisfies').mockResolvedValue(buildxQuerySupport);
    const build = new Build({buildx});
-    expect(await build.gitContext(ref, '860c1904a1ce19322e91ac35af1ab07466440c37', format)).toEqual(expected);
+    expect(
+      await build.gitContext({
+        ref,
+        checksum: '860c1904a1ce19322e91ac35af1ab07466440c37',
+        format,
+        subdir,
+        keepGitDir,
+        submodules
+      })
+    ).toEqual(expected);
  });
 });

--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
    "@sigstore/tuf": "^4.0.1",
    "@sigstore/verify": "^3.1.0",
    "async-retry": "^1.3.3",
-    "csv-parse": "^6.1.0",
+    "csv-parse": "^6.2.0",
    "gunzip-maybe": "^1.4.2",
    "handlebars": "^4.7.8",
    "he": "^1.2.0",
--- a/src/buildx/bake.ts
+++ b/src/buildx/bake.ts
@@ -44,6 +44,7 @@ export interface BakeCmdOpts {
  sbom?: string;
  source?: string;
  targets?: Array<string>;
+  vars?: Array<string>;

  githubToken?: string; // for auth with remote definitions on private repos
 }
@@ -138,6 +139,11 @@ export class Bake {
        args.push('--set', override);
      }
    }
+    if (cmdOpts.vars) {
+      for (const v of cmdOpts.vars) {
+        args.push('--var', v);
+      }
+    }
    if (cmdOpts.allow) {
      for (const allow of cmdOpts.allow) {
        args.push('--allow', allow);
--- a/src/buildx/build.ts
+++ b/src/buildx/build.ts
@@ -38,6 +38,15 @@ export interface ResolveSecretsOpts {
  redact?: boolean;
 }

+export interface GitContextOpts {
+  ref?: string;
+  checksum?: string;
+  subdir?: string;
+  keepGitDir?: boolean;
+  submodules?: boolean;
+  format?: GitContextFormat;
+}
+
 export class Build {
  private readonly buildx: Buildx;
  private readonly iidFilename: string;
@@ -49,31 +58,45 @@ export class Build {
    this.metadataFilename = `build-metadata-${Util.generateRandomString()}.json`;
  }

-  public async gitContext(ref?: string, sha?: string, format?: GitContextFormat): Promise<string> {
+  public async gitContext(opts?: GitContextOpts): Promise<string> {
    const setPullRequestHeadRef = Util.parseBoolOrDefault(process.env.DOCKER_DEFAULT_GIT_CONTEXT_PR_HEAD_REF);
-    ref = ref || github.context.ref;
-    sha = sha || github.context.sha;
+    const gitChecksum = opts?.checksum || github.context.sha;
+    let ref = opts?.ref || github.context.ref;
    if (!ref.startsWith('refs/')) {
      ref = `refs/heads/${ref}`;
    } else if (ref.startsWith(`refs/pull/`) && setPullRequestHeadRef) {
      ref = ref.replace(/\/merge$/g, '/head');
    }
    const baseURL = `${GitHub.serverURL}/${github.context.repo.owner}/${github.context.repo.repo}.git`;
+    let format = opts?.format;
    if (!format) {
      const sendGitQueryAsInput = Util.parseBoolOrDefault(process.env.BUILDX_SEND_GIT_QUERY_AS_INPUT);
-      if (sendGitQueryAsInput && (await this.buildx.versionSatisfies('>=0.29.0'))) {
+      if (opts?.keepGitDir || typeof opts?.submodules !== 'undefined') {
+        format = 'query';
+      } else if (sendGitQueryAsInput && (await this.buildx.versionSatisfies('>=0.29.0'))) {
        format = 'query';
      } else {
        format = 'fragment';
      }
    }
    if (format === 'query') {
-      return `${baseURL}?ref=${ref}${sha ? `&checksum=${sha}` : ''}`;
+      const query = [`ref=${ref}`];
+      if (gitChecksum) {
+        query.push(`checksum=${gitChecksum}`);
+      }
+      if (opts?.subdir && opts.subdir !== '.') {
+        query.push(`subdir=${opts.subdir}`);
+      }
+      if (typeof opts?.keepGitDir !== 'undefined') {
+        query.push(`keep-git-dir=${opts.keepGitDir}`);
+      }
+      if (typeof opts?.submodules !== 'undefined') {
+        query.push(`submodules=${opts.submodules}`);
+      }
+      return `${baseURL}?${query.join('&')}`;
    }
-    if (sha && !ref.startsWith(`refs/pull/`)) {
-      return `${baseURL}#${sha}`;
-    }
-    return `${baseURL}#${ref}`;
+    const fragmentRef = gitChecksum && !ref.startsWith(`refs/pull/`) ? gitChecksum : ref;
+    return `${baseURL}#${fragmentRef}${opts?.subdir && opts.subdir !== '.' ? `:${opts.subdir}` : ''}`;
  }

  public getImageIDFilePath(): string {
--- a/yarn.lock
+++ b/yarn.lock
@@ -395,7 +395,7 @@ __metadata:
    "@vitest/coverage-v8": "npm:^4.0.18"
    "@vitest/eslint-plugin": "npm:^1.6.9"
    async-retry: "npm:^1.3.3"
-    csv-parse: "npm:^6.1.0"
+    csv-parse: "npm:^6.2.0"
    eslint: "npm:^9.39.3"
    eslint-config-prettier: "npm:^10.1.8"
    eslint-plugin-prettier: "npm:^5.5.5"
@@ -2178,10 +2178,10 @@ __metadata:
  languageName: node
  linkType: hard

-"csv-parse@npm:^6.1.0":
-  version: 6.1.0
-  resolution: "csv-parse@npm:6.1.0"
-  checksum: 10/607d92611435fdfb7631242644a2582bfb218fad8c6c6d6416db31647c2e63a3110f16c9837de6baaa3edf318212765cfc6e72d672d99690fd7f565d6c93d6f4
+"csv-parse@npm:^6.2.0":
+  version: 6.2.0
+  resolution: "csv-parse@npm:6.2.0"
+  checksum: 10/45d0659e11bf2126a2e9b63c2b4206ebaef6ffcaad9b0b98bf4863ad1d94656ad6e00c4cf87c6b0767b5edc1d1dd133d906f7181e689e62fd84b3a9947643eff
  languageName: node
  linkType: hard

@@ -2655,22 +2655,25 @@ __metadata:
  languageName: node
  linkType: hard

-"fast-xml-builder@npm:^1.0.0":
-  version: 1.0.0
-  resolution: "fast-xml-builder@npm:1.0.0"
-  checksum: 10/06c04d80545e5c9f4d1d6cca00567b5cc09953a92c6328fa48cfb4d7f42630313b8c2bb62e9cb81accee7bb5e1c5312fcae06c3d20dbe52d969a5938233316da
+"fast-xml-builder@npm:^1.1.4":
+  version: 1.1.4
+  resolution: "fast-xml-builder@npm:1.1.4"
+  dependencies:
+    path-expression-matcher: "npm:^1.1.3"
+  checksum: 10/32937866aaf5a90e69d1f4ee6e15e875248d5b5d2afd70277e9e8323074de4980cef24575a591b8e43c29f405d5f12377b3bad3842dc412b0c5c17a3eaee4b6b
  languageName: node
  linkType: hard

 "fast-xml-parser@npm:^5.0.7":
-  version: 5.4.1
-  resolution: "fast-xml-parser@npm:5.4.1"
+  version: 5.5.6
+  resolution: "fast-xml-parser@npm:5.5.6"
  dependencies:
-    fast-xml-builder: "npm:^1.0.0"
+    fast-xml-builder: "npm:^1.1.4"
+    path-expression-matcher: "npm:^1.1.3"
    strnum: "npm:^2.1.2"
  bin:
    fxparser: src/cli/cli.js
-  checksum: 10/2b40067c3ad3542ca197d1353bcb0416cd5db20d5c66d74ac176b99af6ff9bd55a6182d36856a2fd477c95b8fc1f07405475f1662a31185480130ba7076c702a
+  checksum: 10/91a42a0cf99c83b0e721ceef9c189509e96c91c1875901c6ce6017f78ad25284f646a77a541e96ee45a15c2f13b7780d090c906c3ec3f262db03e7feb1e62315
  languageName: node
  linkType: hard

@@ -3897,6 +3900,13 @@ __metadata:
  languageName: node
  linkType: hard

+"path-expression-matcher@npm:^1.1.3":
+  version: 1.1.3
+  resolution: "path-expression-matcher@npm:1.1.3"
+  checksum: 10/9a607d0bf9807cf86b0a29fb4263f0c00285c13bedafb6ad3efc8bc87ae878da2faf657a9138ac918726cb19f147235a0ca695aec3e4ea1ee04641b6520e6c9e
+  languageName: node
+  linkType: hard
+
 "path-is-absolute@npm:^1.0.0":
  version: 1.0.1
  resolution: "path-is-absolute@npm:1.0.1"
@@ -4789,9 +4799,9 @@ __metadata:
  linkType: hard

 "undici@npm:^6.23.0":
-  version: 6.23.0
-  resolution: "undici@npm:6.23.0"
-  checksum: 10/56950995e7b628e62c996430445d17995ca9b70f6f2afe760a63da54205660d968bd08f0741b6f4fb008f40aa35c69cce979cd96ced399585d8c897a76a4f1d1
+  version: 6.24.1
+  resolution: "undici@npm:6.24.1"
+  checksum: 10/4f84e6045520eef9ba8eabb96360b50c759f59905c1703b12187c2dbcc6d1584c5d7ecddeb45b0ed6cac84ca2d132b21bfd8a38f77fa30378b1ac5d2ae390fd9
  languageName: node
  linkType: hard
Author	SHA1	Message	Date
CrazyMax	29efe4d6a8	Merge pull request #1024 from crazy-max/subdir-dot Some checks failed publish / publish (push) Has been cancelled Details buildx(build): ignore dot git context subdir	2026-03-18 09:59:13 +01:00
CrazyMax	aacbc67b8d	buildx(build): ignore dot git context subdir Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-03-18 09:53:58 +01:00
CrazyMax	d71b84aad5	Merge pull request #1020 from crazy-max/build-git-context-opts Some checks failed publish / publish (push) Has been cancelled Details buildx(build): support git context subdir and other query options	2026-03-18 09:24:44 +01:00
CrazyMax	ea05649ce1	Merge pull request #1023 from crazy-max/bake-vars bake: var cmd opt support	2026-03-18 09:24:22 +01:00
CrazyMax	012ae0603d	bake: var cmd opt support Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-03-18 09:15:22 +01:00
CrazyMax	6194cf96c1	Merge pull request #1022 from docker/dependabot/npm_and_yarn/fast-xml-parser-5.5.6 build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6	2026-03-18 09:00:41 +01:00
CrazyMax	e804b694a2	Merge pull request #1021 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0 build(deps): bump csv-parse from 6.1.0 to 6.2.0	2026-03-18 09:00:07 +01:00
dependabot[bot]	d2a882884d	build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.4.1 to 5.5.6. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.1...v5.5.6) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-18 01:53:33 +00:00
dependabot[bot]	d820ad4123	build(deps): bump csv-parse from 6.1.0 to 6.2.0 Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 6.1.0 to 6.2.0. - [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md) - [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.0/packages/csv-parse) --- updated-dependencies: - dependency-name: csv-parse dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-17 22:53:46 +00:00
CrazyMax	a5d905690f	Merge pull request #1019 from docker/dependabot/github_actions/softprops/action-gh-release-2.6.1 build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1	2026-03-17 15:42:31 +01:00
CrazyMax	6233293ae6	buildx(build): support git context subdir and other query options Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-03-17 13:09:33 +01:00
dependabot[bot]	9d10fe0e06	build(deps): bump softprops/action-gh-release from 2.5.0 to 2.6.1 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 2.6.1. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](`a06a81a03e...153bb8e044`) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-16 22:53:05 +00:00
CrazyMax	a8dc8088d4	Merge pull request #1018 from docker/dependabot/npm_and_yarn/undici-6.24.1 build(deps): bump undici from 6.23.0 to 6.24.1	2026-03-14 12:51:58 +01:00
dependabot[bot]	4bc2c14908	build(deps): bump undici from 6.23.0 to 6.24.1 Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.1. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1) --- updated-dependencies: - dependency-name: undici dependency-version: 6.24.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-14 09:18:22 +00:00