diff --git a/.github/workflows/.test-bake.yml b/.github/workflows/.test-bake.yml index 7655a84..33b194d 100644 --- a/.github/workflows/.test-bake.yml +++ b/.github/workflows/.test-bake.yml @@ -447,3 +447,17 @@ jobs: sbom: true sign: ${{ github.event_name != 'pull_request' }} target: hello-cross + + bake-vars: + uses: ./.github/workflows/bake.yml + permissions: + contents: read + id-token: write + with: + setup-qemu: true + artifact-upload: false + context: test + output: local + target: go + vars: | + XX_VERSION=1.9.0 diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 709ebd4..979543a 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -79,6 +79,10 @@ on: description: "Bake target to build" required: true default: default + vars: + type: string + description: "Variables to set in the Bake definition as list of key-value pair" + required: false # docker/metadata-action set-meta-annotations: type: boolean @@ -189,6 +193,7 @@ jobs: INPUT_SET: ${{ inputs.set }} INPUT_SIGN: ${{ inputs.sign }} INPUT_TARGET: ${{ inputs.target }} + INPUT_VARS: ${{ inputs.vars }} INPUT_GITHUB-TOKEN: ${{ secrets.github-token || github.token }} with: script: | @@ -205,6 +210,7 @@ jobs: const inpDistribute = core.getBooleanInput('distribute'); const inpArtifactUpload = core.getBooleanInput('artifact-upload'); const inpContext = core.getInput('context'); + const inpVars = Util.getInputList('vars'); const inpFiles = Util.getInputList('files'); const inpOutput = core.getInput('output'); const inpPush = core.getBooleanInput('push'); @@ -243,6 +249,21 @@ jobs: await core.group(`Set bake source`, async () => { core.info(bakeSource); }); + + const envs = Object.assign({}, + inpVars ? inpVars.reduce((acc, curr) => { + const [key, ...rest] = curr.split('='); + acc[key] = rest.join('='); + return acc; + }, {}) : {}, + { + BUILDKIT_MULTI_PLATFORM: '1', + BUILDX_BAKE_GIT_AUTH_TOKEN: inpGitHubToken + } + ); + await core.group(`Set envs`, async () => { + core.info(JSON.stringify(envs, null, 2)); + }); let def; let target; @@ -254,8 +275,9 @@ jobs: overrides: inpSet, sbom: inpSbom ? `generator=${inpSbomImage}` : 'false', source: bakeSource, - targets: [inpTarget], - githubToken: inpGitHubToken + targets: [inpTarget] + }, { + env: Object.keys(envs).length > 0 ? envs : undefined }); if (!def) { throw new Error('Bake definition not set'); @@ -495,6 +517,7 @@ jobs: INPUT_SBOM: ${{ inputs.sbom }} INPUT_SET: ${{ inputs.set }} INPUT_TARGET: ${{ inputs.target }} + INPUT_VARS: ${{ inputs.vars }} INPUT_META-IMAGES: ${{ inputs.meta-images }} INPUT_SET-META-ANNOTATIONS: ${{ inputs.set-meta-annotations }} INPUT_SET-META-LABELS: ${{ inputs.set-meta-labels }} @@ -526,6 +549,7 @@ jobs: const inpSbom = core.getBooleanInput('sbom'); const inpSet = Util.getInputList('set', {ignoreComma: true, quote: false}); const inpTarget = core.getInput('target'); + const inpVars = Util.getInputList('vars'); const inpMetaImages = core.getMultilineInput('meta-images'); const inpSetMetaAnnotations = core.getBooleanInput('set-meta-annotations'); const inpSetMetaLabels = core.getBooleanInput('set-meta-labels'); @@ -546,6 +570,22 @@ jobs: core.setOutput('sbom', sbom); }); + const envs = Object.assign({}, + inpVars ? inpVars.reduce((acc, curr) => { + const [key, ...rest] = curr.split('='); + acc[key] = rest.join('='); + return acc; + }, {}) : {}, + { + BUILDKIT_MULTI_PLATFORM: '1', + BUILDX_BAKE_GIT_AUTH_TOKEN: inpGitHubToken + } + ); + await core.group(`Set envs`, async () => { + core.info(JSON.stringify(envs, null, 2)); + core.setOutput('envs', JSON.stringify(envs)); + }); + let target; try { await core.group(`Validating definition`, async () => { @@ -555,8 +595,9 @@ jobs: overrides: inpSet, sbom: sbom, source: bakeSource, - targets: [inpTarget], - githubToken: inpGitHubToken + targets: [inpTarget] + }, { + env: Object.keys(envs).length > 0 ? envs : undefined }); if (!def) { throw new Error('Bake definition not set'); @@ -645,9 +686,7 @@ jobs: targets: ${{ steps.prepare.outputs.target }} sbom: ${{ steps.prepare.outputs.sbom }} set: ${{ steps.prepare.outputs.overrides }} - env: - BUILDKIT_MULTI_PLATFORM: 1 - BUILDX_BAKE_GIT_AUTH_TOKEN: ${{ secrets.github-token || github.token }} + env: ${{ fromJson(steps.prepare.outputs.envs) }} - name: Get image digest id: get-image-digest diff --git a/README.md b/README.md index 9a322a0..28c174c 100644 --- a/README.md +++ b/README.md @@ -248,6 +248,7 @@ on: | `sign` | String | `auto` | Sign attestation manifest for `image` output or artifacts for `local` output, can be one of `auto`, `true` or `false`. The `auto` mode will enable signing if `push` is enabled for pushing the `image` or if `artifact-upload` is enabled for uploading the `local` build output as GitHub Artifact | | `target` | String | | Sets the target stage to build | | `ulimit` | List | | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`) | +| `vars` | List | | [Variables](https://docs.docker.com/build/bake/variables/) to set in the Bake definition as list of key-value pair | | `set-meta-annotations` | Bool | `false` | Append OCI Image Format Specification annotations generated by `docker/metadata-action` | | `set-meta-labels` | Bool | `false` | Append OCI Image Format Specification labels generated by `docker/metadata-action` | | `meta-images` | List | | [List of images](https://github.com/docker/metadata-action?tab=readme-ov-file#images-input) to use as base name for tags (required for image output) | diff --git a/test/docker-bake.hcl b/test/docker-bake.hcl index 83c61d4..af453ff 100644 --- a/test/docker-bake.hcl +++ b/test/docker-bake.hcl @@ -11,8 +11,15 @@ group "grp" { targets = ["go", "hello"] } +variable "XX_VERSION" { + default = null +} + target "go" { inherits = ["docker-metadata-action"] + args = { + XX_VERSION = XX_VERSION + } dockerfile = "go.Dockerfile" } diff --git a/test/go.Dockerfile b/test/go.Dockerfile index cd15385..2d8455d 100644 --- a/test/go.Dockerfile +++ b/test/go.Dockerfile @@ -1,9 +1,10 @@ # syntax=docker/dockerfile:1 ARG GO_VERSION="1.25" +ARG XX_VERSION="1.7.0" # xx is a helper for cross-compilation -FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.7.0 AS xx +FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS base COPY --from=xx / /