Skip to content

chore: merge v0.13.0#12

Draft
janishorsts wants to merge 497 commits intomainfrom
chore-merge-v0.13.0
Draft

chore: merge v0.13.0#12
janishorsts wants to merge 497 commits intomainfrom
chore-merge-v0.13.0

Conversation

@janishorsts
Copy link
Copy Markdown

@janishorsts janishorsts commented Mar 15, 2026

EXPERIMENTAL (GEMINI FLASH 3.0)

Walkthrough: Buildkit v0.13.0 Merge Resolution

Successfully merged moby/buildkit version v0.13.0 into EarthBuild/buildkit, resolving all conflicts and restoring cross-platform build compatibility.

Key Accomplishments

1. API Alignment for v0.13.0

Aligned Earthly-specific components with the updated core Buildkit APIs:

  • Updated FrontendLLBBridge to use sourceresolver.Opt and content.InfoReaderProvider.
  • Refactored provenanceBridge in solver/llbsolver/provenance.go to use the new provenancetypes package and method signatures.
  • Standardized filesync calls in exporter/earthlyoutputs/export.go to include the new exporter ID requirement.

2. Restoration of Earthly-Specific Features

Ensured that critical Earthly additions were not lost during the merge:

  • Restored the ExporterInlineCache constant in exporter/containerimage/exptypes/types.go.
  • Maintained Earthly's contentCache and SockOpt fields in solver/pb/ops.proto.
  • Preserved Earthly's session health monitoring and idle timeout logic.

3. macOS Build Compatibility Fixes

Addressed several regressions in v0.13.0 that broke the native Darwin build:

  • snapshot/stat_darwin.go: Introduced platform-specific Stat_t field accessors for Darwin.
  • snapshot/diffapply_unix.go: Refactored to use the new stat helpers and provided a UTIME_OMIT constant.
  • executor/oci/spec_others.go: Added dummy OCI spec generation functions for non-Linux platforms.
  • util/archutil/check_others.go: Provided a fallback for architecture detection on Darwin.

Verification Results

Build Verification

  • Linux: Build succeeded for both buildctl and buildkitd (GOOS=linux).
  • macOS: Native build succeeded for both buildctl and buildkitd after platform-specific refactoring.

Git Merge Status

The merge was finalized using git merge --continue. All conflicts in source code, protocol buffers, and vendor dependencies have been resolved and committed.

[chore-merge-v0.13.0 082581ca4] Merge tag 'v0.13.0' into chore-merge-v0.13.0

tonistiigi and others added 30 commits January 24, 2024 11:14
@tonistiigi
Merge pull request #4580 from crazy-max/hack-enforce-context
89bbb62 
use local context and disable image push if not upstream repo
@tonistiigi
oci: fix error handling on submount calls
42d866e 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@jedevc
solver: use errors.Is when checking context.Cause()
51aca40 
Since the change to replace uses of context.WithCancel with
WithCancelCause, we've also begun wrapping all cancellations using
errors.WithStack. This means that these would not directly match
context.Canceled, so we need to make sure to use errors.Is.

Signed-off-by: Justin Chadwell <me@jedevc.com>
@jedevc
chore: remove noisy rootlesskit cni log
ca6cc00 
Signed-off-by: Justin Chadwell <me@jedevc.com>
@dvdksn
docs: tiny improvements
2471c5b 
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
@cpuguy83
Do not include a cache mount's ID in the ExecOp's cachemap
584ec40 
A cache ID should not have any impact on whether or not a step should be
re-run any more than the content of that cache does (or rather,
doesn't).

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
@jedevc
chore: remove unused cachechains parent link
cb82eb9 
Signed-off-by: Justin Chadwell <me@jedevc.com>
@jedevc
chore: update CacheExporterTarget docs
8d6199a 
Signed-off-by: Justin Chadwell <me@jedevc.com>
@jedevc
chore: add some doc-comments in remotecache
c379e84 
Signed-off-by: Justin Chadwell <me@jedevc.com>
@jedevc
chore: refactor item.validate for readability
39ad6e0 
Signed-off-by: Justin Chadwell <me@jedevc.com>
@jedevc
chore: document CacheChains.Marshal
f5ddaef 
Signed-off-by: Justin Chadwell <me@jedevc.com>
@AkihiroSuda
Merge pull request #4588 from jedevc/remove-debug-rootlesskit
36cc4d9 
chore: remove noisy rootlesskit cni log
@tonistiigi
Merge pull request #4590 from dvdksn/docs-fixups
a2f9383 
docs: tiny improvements
@tonistiigi
Merge pull request #4587 from jedevc/use-errors-is
c1a9bdb 
solver: use errors.Is when checking context.Cause()
@tonistiigi
Merge pull request #4584 from tonistiigi/submount-errors
5092e0f 
oci: fix error handling on submount calls
@thaJeztah
vendor: github.com/docker/docker v25.0.1
22b78ef 
- pkg/system: return even richer xattr errors

full diff: moby/moby@v25.0.0...v25.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
vendor: github.com/docker/cli v25.0.1
01bd30e 
No changes in vendored code

full diff: docker/cli@v25.0.0...v25.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@crazy-max
Merge pull request #4591 from thaJeztah/docker_25.0.1
6bd8137 
vendor: update docker/docker and docker/cli to v25.0.1
@crazy-max
vendor: bump github.com/aws/aws-sdk-go-v2 deps
d5a5df5 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
@crazy-max
s3: rely on aws sdk v2 error types
73862d1 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
@crazy-max
s3: fix deprecated EndpointResolver
ba7b949 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
@jedevc
chore: close solver resources on shutdown
6337e81 
The solver has a Close method to shutdown the scheduler, which releases
a goroutine. We should call it on shutdown.

While in the area, we can also close the sysSampler.

Signed-off-by: Justin Chadwell <me@jedevc.com>
@tonistiigi
Merge pull request #4592 from jedevc/close-solver
23b9dd8 
chore: close solver resources on shutdown
@tonistiigi
Merge pull request #4585 from cpuguy83/exclude_cachemount_id_from_cac…
4438f4f 
…hemap

Do not include a cache mount's ID in the ExecOp's cachemap
@tonistiigi
Merge pull request #4589 from jedevc/cachechains-readability
0fecf46 
chore: start to improve cachechains readability
@leandrosansilva
Integration tests: use LocalMounts instead of deprecated LocalDirs
447b4e1 
Signed-off-by: Leandro Santiago <leandrosansilva@gmail.com>
@leandrosansilva
Replace usage of LocalDirs with LocalMounts in buildctl and examples
b3d99d6 
Signed-off-by: Leandro Santiago <leandrosansilva@gmail.com>
@leandrosansilva
Add test to check that client.SolveOpt.LocalDirs still works
704268a 
It will need to be removed in a follow up PR.

Signed-off-by: Leandro Santiago <leandrosansilva@gmail.com>
@tonistiigi
Merge pull request #4529 from tonistiigi/lease-flightcontrol-fix
2d608c3 
fix lease management with flightcontrol
@tonistiigi
update runc to v1.1.11
8445651 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
crazy-max and others added 25 commits February 28, 2024 11:31
@crazy-max
Merge pull request #4709 from davhdavh/patch-1
e302efd 
docs: typo in windows.md
@tonistiigi
Merge pull request #4688 from dvdksn/docs-dockerfile-addcopy-flags-re…
aae0abb 
…factor

docs: restructure descriptions for add, copy, run flags
@tonistiigi
file: use best-effort xattr behavior on unpacking
e91834d 
Default changed in Moby25 archive package. Setting this
bool restores the previous behavior.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@tonistiigi
file: fix idmap passed to unpack when userns enabled
a7d1cca 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@AkihiroSuda
Merge pull request #4711 from tonistiigi/xattrs-besteffort
b7432ce 
file: use best-effort xattr behavior on unpacking
@AkihiroSuda
Merge pull request #4712 from tonistiigi/idmap-unpack
4a93674 
file: fix idmap passed to unpack when userns enabled
@tonistiigi
gateway: mount metadata with nodev
8255f65 
On some systems this causes permission error if userns enabled.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@crazy-max
vendor: update github.com/Masterminds/semver to v3.2.1
2a69497 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
move network sample to resources types
c50447e 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
Merge pull request #4716 from crazy-max/update-semver
3135152 
vendor: update github.com/Masterminds/semver to v3.2.1
@crazy-max
test: switch to golang.org/x/mod to check containerd version constraint
ed7451b 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
Merge pull request #4718 from crazy-max/test-switch-x-go-mod
9b97031 
test: switch to golang.org/x/mod to check containerd version constraint
@crazy-max
Merge pull request #4717 from crazy-max/move-network-sample
5df020b 
move network sample to resources types
@tonistiigi
Merge pull request #4714 from tonistiigi/userns-perm-err
7de5894 
gateway: mount metadata with nodev
@tonistiigi
dockerfile: don't silently ignore --parents if not labs
95b9c4f 
Instead of ignoring the flag and copying wrong files
the build should error if labs is not enabled.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@tonistiigi
Merge pull request #4720 from tonistiigi/parents-labs-handle-err
5872120 
dockerfile: don't silently ignore --parents if not labs
@yzewei @tonistiigi
add loongarch support for buildkit archutil
ca1215b 
Signed-off-by: yzewei <yangzewei@loongson.cn>
(cherry picked from commit 736c35ad3561f709876bfcb52e2644f71b05c805)
@crazy-max @tonistiigi
ci(validate): temporarily disable archutil-arm64 job
262e626 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
(cherry picked from commit 0356194de0e1a32082c08519e23ae7b6b6e0ea0e)
@crazy-max @tonistiigi
vendor: update github.com/tonistiigi/fsutil to 7525a1af2bb5
0567a81 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
(cherry picked from commit 9944a5c47598dda0fc293920d693a1adb7b29cc7)
@tonistiigi
util: typo fix
9195a11 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit c35d98cef913769483043b465d6b42b5ab1198c2)
@tonistiigi
dockerfile: allow pivot point for --parents flag
d959049 
This replicates similar functionality in rsync.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 6f8bd4cb0e7ccf773d692beb9bc89032099881b2)
@tonistiigi
dockerfile: add docs for --parents
acaf4cd 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit d1446a4748e692c99a388a2372cd1b7e79f760b5)
@profnandaa @tonistiigi
fix: windows getting started guide for uniformity
b9e1581 
This adds `ContainerAdministrator` as the default user to
guarantee a uniform experience on all the platforms.
The previous guide would fail on WS2022 but work
on WS2019 and Windows 11. The issue is being
investigated here #4731

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
(cherry picked from commit 2aa80d749c9c6e750b4a6e66df38e0fc8443183b)
@AkihiroSuda
Merge pull request #4735 from moby/v0.13.0-picks
2afc050 
[v0.13] cherry-picks for v0.13.0
@janishorsts
Merge tag 'v0.13.0' into chore-merge-v0.13.0
082581c
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 15, 2026

⚠️ Are we earthbuild yet?

Warning: "earthly" occurrences have increased by 2 (0.92%)

📈 Overall Progress

Branch Total Count
main 217
This PR 219
Difference +2 (0.92%)

📁 Changes by file type:

File Type Change
Go files (.go) ❌ +2
Documentation (.md) ➖ No change
Earthfiles ➖ No change

Keep up the great work migrating from Earthly to Earthbuild! 🚀

💡 Tips for finding more occurrences

Run locally to see detailed breakdown:

./.github/scripts/count-earthly.sh

Note that the goal is not to reach 0.
There is anticipated to be at least some occurences of earthly in the source code due to backwards compatibility with config files and language constructs.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 15, 2026
View reviewed changes
.github/workflows/test-os.yml
Comment on lines +27 to +69
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
os:
# - ubuntu-22.04
# - macOS-11
- windows-2022
platform:
- windows/amd64
- freebsd/amd64
steps:
-
name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build
uses: docker/bake-action@v4
with:
provenance: false
targets: binaries-for-test
set: |
*.platform=${{ matrix.platform }}
*.cache-from=type=gha,scope=binaries-for-test-${{ env.PLATFORM_PAIR }}
*.cache-to=type=gha,scope=binaries-for-test-${{ env.PLATFORM_PAIR }}
-
name: List artifacts
run: |
tree -nh ${{ env.DESTDIR }}
-
name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: buildkit-${{ env.PLATFORM_PAIR }}
path: ${{ env.DESTDIR }}/*
if-no-files-found: error
retention-days: 1

test-windows-amd64:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium test

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 13 days ago

In general, to fix this problem you add a permissions section either at the top (workflow-wide) or per job, granting only the scopes actually needed. For a typical CI workflow that just reads code, builds, tests, and uploads artifacts, a minimal safe starting point is contents: read. Additional scopes (like id-token: write or packages: read) are only added if clearly necessary.

For this specific workflow (.github/workflows/test-os.yml), nothing in the shown snippet writes to the repository or manipulates issues/PRs; it only checks out code, uses Docker/buildx, runs tests on different OSes, and uploads artifacts. Those operations work with the default GITHUB_TOKEN plus contents: read. Therefore, the best fix without altering behavior is to define a workflow-level permissions block directly under the name field, setting contents: read. This applies to all jobs (build, test-windows-amd64, test-freebsd-amd64, etc.) that don’t define their own permissions and satisfies CodeQL’s recommendation.

Concretely: in .github/workflows/test-os.yml, insert

permissions:
  contents: read

between lines 1 and 3 (after name: test-os and before concurrency:). No additional imports or external definitions are required.

Suggested changeset 1
.github/workflows/test-os.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/test-os.yml b/.github/workflows/test-os.yml
--- a/.github/workflows/test-os.yml
+++ b/.github/workflows/test-os.yml
@@ -1,5 +1,8 @@
 name: test-os
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
EOF
@@ -1,5 +1,8 @@
name: test-os

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/validate.yml
Comment on lines +65 to +89
runs-on: ubuntu-22.04
# TODO: enable when binutils-loongarch64-linux-gnu pkg is available for aarch64 arch
# https://github.com/moby/buildkit/pull/4392#issuecomment-1938223235
if: false
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Validate
uses: docker/bake-action@v4
with:
targets: validate-archutil
set: |
*.platform=linux/arm64

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 13 days ago

In general, to fix this issue you add an explicit permissions block either at the root of the workflow (so it applies to all jobs that don’t override it) or on the specific job flagged. The block should grant only the minimal scopes required, typically contents: read for build/CI jobs that just check out code and run tools.

For this workflow, the safest and simplest fix that preserves existing behavior is to add a top-level permissions block with contents: read. All shown jobs only need to read the repository (for actions/checkout) and then run Docker-related actions; none of them appears to need to write to the repository or other GitHub resources. Adding this block right after the name: validate line (and before concurrency:) makes it clear and keeps the structure clean. No additional imports or code constructs are necessary; this is purely a YAML configuration change.

Concretely:

  • Edit .github/workflows/validate.yml.

  • Insert:

    permissions:
  contents: read

    directly under the workflow name: key.

  • Leave the rest of the jobs unchanged; they will now inherit this least-privilege permission set automatically.

Suggested changeset 1
.github/workflows/validate.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,5 +1,8 @@
 name: validate
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
EOF
@@ -1,5 +1,8 @@
name: validate

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
Copilot is powered by AI and may make mistakes. Always verify output.
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 15, 2026
View reviewed changes
session/filesync/filesync.go
if err != nil {
return 0
}
return int(id)

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
Loading
to a lower bit size type int without an upper bound check.

Copilot Autofix

AI 13 days ago

In general, when parsing integers from strings, you should either parse them directly to the exact target type/bit‑size or enforce explicit upper/lower bounds before converting to a smaller type. Here, we parse with bit size 64 and then convert to int; on 32‑bit systems this can truncate. The safest fix is to constrain the parsed value to the range of int before conversion, using constants from the math package.

Concretely, in session/filesync/filesync.go, in fsSyncAttachable.chooser, after strconv.ParseInt(values[0], 10, 64) succeeds, add a range check that ensures id lies between math.MinInt and math.MaxInt. If it does not, treat it as invalid metadata and return 0 (the same sentinel used when parsing fails or metadata is missing). This preserves existing semantics for all valid, in‑range IDs while preventing truncation on 32‑bit builds. To implement this, we need to import "math" at the top of the file and add the conditional before return int(id).

Suggested changeset 1
session/filesync/filesync.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/session/filesync/filesync.go b/session/filesync/filesync.go
--- a/session/filesync/filesync.go
+++ b/session/filesync/filesync.go
@@ -9,6 +9,7 @@
 	"strconv"
 	"strings"
 	"unicode"
+	"math"
 
 	"github.com/moby/buildkit/session"
 	"github.com/moby/buildkit/util/bklog"
@@ -328,6 +329,9 @@
 	if err != nil {
 		return 0
 	}
+	if id < int64(math.MinInt) || id > int64(math.MaxInt) {
+		return 0
+	}
 	return int(id)
 }
 
EOF
@@ -9,6 +9,7 @@
"strconv"
"strings"
"unicode"
"math"

"github.com/moby/buildkit/session"
"github.com/moby/buildkit/util/bklog"
@@ -328,6 +329,9 @@
if err != nil {
return 0
}
if id < int64(math.MinInt) || id > int64(math.MaxInt) {
return 0
}
return int(id)
}

Copilot is powered by AI and may make mistakes. Always verify output.
@gemini-code-assist
Copy link
Copy Markdown

gemini-code-assist bot commented Mar 15, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates version v0.13.0 of moby/buildkit, focusing on enhancing cross-platform compatibility and refining core functionalities. Key efforts included adapting Earthly-specific components to the updated Buildkit APIs, ensuring the persistence of custom Earthly features, and resolving macOS build issues. The changes also introduce support for multiple exporters in a single build, improve context management for cancellations and timeouts, and enhance Dockerfile parsing capabilities. These updates collectively contribute to a more robust and versatile build system, verified for both Linux and macOS environments.

Highlights

  • API Alignment for v0.13.0: Updated FrontendLLBBridge to use sourceresolver.Opt and content.InfoReaderProvider, refactored provenanceBridge to use the new provenancetypes package, and standardized filesync calls to include the new exporter ID requirement.
  • Restoration of Earthly-Specific Features: Ensured critical Earthly additions were maintained, including the ExporterInlineCache constant, contentCache and SockOpt fields in solver/pb/ops.proto, and session health monitoring and idle timeout logic.
  • macOS Build Compatibility Fixes: Addressed regressions by introducing platform-specific Stat_t field accessors, refactoring diffapply_unix.go to use new stat helpers and UTIME_OMIT, adding dummy OCI spec generation for non-Linux platforms, and providing a fallback for architecture detection on Darwin.
  • Multiple Exporters Support: The SolveRequest API now supports multiple exporters, allowing for diverse output formats and destinations in a single build operation.
  • Improved Context Handling: Updated context usage across the codebase to leverage context.WithCancelCause and context.WithTimeoutCause for better error propagation and cancellation management.
  • Enhanced Dockerfile Parsing: Added support for --exclude patterns in COPY and ADD commands, and improved handling of shell parameter expansions in Dockerfiles.
  • Refined Cache Pruning: Implemented batch pruning for cache records and improved metadata handling during cleanup to prevent data loss on crashes.
Changelog
  • .github/SECURITY.md
    • Added a link to the BuildKit security boundary explanation.
  • .github/dependabot.yml
    • Added an ignore rule for the docker/docs dependency.
  • .github/issue_reporting_guide.md
    • Added a new comprehensive guide for reporting issues.
  • .github/issue_template.md
    • Added a new issue template with a link to the reporting guide.
  • .golangci.yml
    • Increased the linter timeout to 30m.
    • Added new forbid rules for context.WithCancel, context.WithTimeout, context.WithDeadline, and ctx.Err to encourage using context.WithCancelCause and context.Cause.
  • .vscode/settings.json
    • Added a setting to disable format on save.
  • Dockerfile
    • Updated various dependency versions including containerd, registry, rootlesskit, stargz-snapshotter, nydus, and xx.
    • Modified build steps for runc, buildctl, and buildkitd to include version checks and retry logic for buildkitd --version.
    • Added stages for building and exporting CNI plugins (dnsname).
    • Updated the dind entrypoint script source.
    • Consolidated and updated COPY commands for binaries in integration tests.
  • MAINTAINERS
    • Added gabriel-samfira as a maintainer.
  • Makefile
    • Added validate-archutil and archutil targets to the validation and generation processes.
  • PROJECT.md
    • Added a new project process guide covering issue categorization, release milestones, project scope, and security boundary.
  • README.md
    • Updated references for Dockerfile features.
    • Expanded quick start section with Linux, Windows, and macOS setup guides.
    • Added build from source instructions.
    • Added timeout options for GHA cache.
  • api/services/control/control.pb.go
    • Deprecated Exporter and ExporterAttrs fields in SolveRequest in favor of a new Exporters repeated field.
    • Deprecated Result in BuildResultInfo in favor of a new Results map.
  • api/services/control/control.proto
    • Deprecated Exporter and ExporterAttrs fields in SolveRequest in favor of a new Exporters repeated field.
    • Deprecated Result in BuildResultInfo in favor of a new Results map.
  • cache/blobs.go
    • Changed flightcontrol.Group type to *leaseutil.LeaseRef.
    • Updated error returns to nil, err or nil, nil instead of struct{}{}, err.
    • Introduced temporary leases for blob computation.
  • cache/blobs_linux.go
    • Added logic to abort content ingest and truncate writer on error in tryComputeOverlayBlob.
  • cache/compression.go
    • Removed.
  • cache/compression_nydus.go
    • Removed needsForceCompression function.
  • cache/manager.go
    • Added maxPruneBatch constant.
    • Modified prune function to handle batch pruning and ensure metadata is marked as deleted before cleanup.
    • Added released field to deleteRecord.
    • Changed ctx.Err() to context.Cause(ctx).
  • cache/refs.go
    • Changed flightcontrol.Group type to *leaseutil.LeaseRef.
    • Updated error returns to nil, err or nil, nil instead of struct{}{}, err in prepareRemoteSnapshotsStargzMode and unlazy.
  • cache/remote.go
    • Changed appendRemote to accept content.InfoReaderProvider.
    • Removed needsForceCompression check, relying on refCfg.Compression.Force.
    • Added Info method to lazyMultiProvider and lazyRefProvider.
  • cache/remotecache/azblob/exporter.go
    • Updated context handling to use context.WithCancelCause and context.WithTimeoutCause.
  • cache/remotecache/azblob/utils.go
    • Updated context handling to use context.WithCancelCause and context.WithTimeoutCause.
    • Updated isNotFound to use s3types.NotFound and s3types.NoSuchKey.
  • cache/remotecache/gha/gha.go
    • Added attrTimeout and defaultTimeout constants.
    • Added Timeout field to Config and integrated it into actionscache.New.
  • cache/remotecache/local/local.go
    • Updated context handling to use context.WithCancelCause and context.WithTimeoutCause.
  • cache/remotecache/s3/s3.go
    • Updated newS3Client to use options.BaseEndpoint instead of options.EndpointResolver.
    • Updated isNotFound to use s3types.NotFound and s3types.NoSuchKey.
  • cache/remotecache/v1/chains.go
    • Added solver.CacheExporterTarget interface implementation.
    • Added comments for item and link structs.
    • Modified item.validate logic for more robust invalidation.
  • cache/remotecache/v1/doc.go
    • Removed optional output index from cache config example.
  • cache/remotecache/v1/parse.go
    • Changed mp.Add to accept DescriptorProviderPair instead of content.Provider.
  • client/build.go
    • Added ResolveSourceMeta method to gatewayClientForBuild.
  • client/build_test.go
    • Updated integration tests to use integration.Tmpdir(t) instead of t.TempDir().
    • Changed LocalDirs to LocalMounts in SolveOpt.
    • Updated context handling to use context.WithTimeoutCause and context.WithCancelCause.
    • Split testClientGatewayContainerSecurityMode into testClientGatewayContainerSecurityModeCaps and testClientGatewayContainerSecurityModeValidation.
    • Split testClientGatewayContainerHostNetworking into testClientGatewayContainerHostNetworkingAccess and testClientGatewayContainerHostNetworkingValidation.
    • Added expectFail parameter to security and networking tests for validation.
    • Added integration.SkipOnPlatform(t, "windows") to testClientGatewayEmptyImageExec.
  • client/client.go
    • Removed WithFailFast client option.
    • Updated otelgrpc interceptor calls to ignore SA1019.
    • Changed ctx.Err() to context.Cause(ctx).
  • client/client_nydus_test.go
    • Removed strconv import.
    • Changed nydusify import to converter.
    • Modified testBuildExportNydusWithHybrid to always force compression and updated annotation checks to use converter.LayerAnnotationNydusBlob and converter.LayerAnnotationNydusBootstrap.
  • client/client_test.go
    • Added sourceresolver and filesync imports.
    • Updated integration tests to use integration.Tmpdir(t) instead of t.TempDir().
    • Changed LocalDirs to LocalMounts in SolveOpt.
    • Updated context handling to use context.WithTimeoutCause and context.WithCancelCause.
    • Added integration.SkipOnPlatform(t, "windows") to many tests for Windows platform compatibility.
    • Added testMultipleExporters to verify multiple exporters work correctly.
    • Updated testSourceDateEpochImageExporter to check containerd version using semver.Compare.
    • Updated testSBOMScan and testSBOMSupplements to set img.Platform.
    • Added testSolverOptLocalDirsStillWorks for deprecated LocalDirs option.
  • client/llb/async.go
    • Changed ctx.Err() to context.Cause(ctx).
  • client/llb/exec.go
    • Added contentCache field to mount struct and MountContentCache type.
    • Added ContentCache option for mounts.
  • client/llb/fileop.go
    • Added excludeOnCopyAction struct and WithExcludePatterns function for copy operations.
  • client/llb/imagemetaresolver/resolver.go
    • Changed ResolveImageConfig to use sourceresolver.Opt and removed ref from resolveResult.
  • client/llb/marshal.go
    • Modified MarshalConstraints to handle OSFeatures in pb.Platform.
  • client/llb/resolver.go
    • Replaced ImageMetaResolver interface and ResolveImageConfigOpt struct with sourceresolver.ImageMetaResolver.
  • client/llb/resolver_test.go
    • Updated testResolver.ResolveImageConfig to use sourceresolver.Opt.
  • client/llb/source.go
    • Added sourceresolver import.
    • Updated Image function to use sourceresolver.Opt for ResolveImageConfig calls.
  • client/llb/sourceresolver/imageresolver.go
    • Added new file defining ImageMetaResolver interface and imageMetaResolver struct for resolving image config metadata.
  • client/llb/sourceresolver/types.go
    • Added new file defining ResolverType, MetaResolver, Opt, MetaResponse, ResolveImageOpt, ResolveImageResponse, ResolveOCILayoutOpt, and ResolveImageConfigOptStore types.
  • client/llb/state.go
    • Corrected comment for WithOutput.
    • Modified WithImageConfig to handle OSFeatures and OSVersion in ocispecs.Platform.
  • client/mergediff_nolinux_test.go
    • Removed mknod function.
  • client/mergediff_test.go
    • Added TestDiffDeleteFilesAfterMerge to test deleting files after a merge.
  • client/solve.go
    • Changed ExportEntry.Output type to filesync.FileOutputFunc.
    • Updated context handling to use context.WithCancelCause.
    • Removed logic for single Exports entry and iterated over opt.Exports to create controlapi.Exporter slice.
    • Updated controlapi.SolveRequest to use Exporters and deprecated fields.
  • client/validation_test.go
    • Added new file validation_test.go with tests for validating image config, platforms, and source policies.
  • cmd/buildctl/build.go
    • Added debug-json-cache-metrics flag.
    • Added openCacheMetricsFile function.
    • Added startTime and cacheMetricsFile variables.
    • Changed LocalDirs to LocalMounts.
    • Added logic to output cache metrics.
  • cmd/buildctl/build/local.go
    • Modified ParseLocal to return map[string]fsutil.FS instead of map[string]string.
  • cmd/buildctl/build/output.go
    • Changed resolveExporterDest to return filesync.FileOutputFunc.
  • cmd/buildctl/build/registryauthtlscontext.go
    • Added Insecure field to authTLSConfig and updated parsing logic.
  • cmd/buildctl/build_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
  • cmd/buildctl/buildctl_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testUsage.
  • cmd/buildctl/cachemetrics.go
    • Added new file defining vtxInfo struct and functions tailVTXInfo and outputCacheMetrics for collecting and outputting cache metrics.
  • cmd/buildctl/common/common.go
    • Removed client.WithFailFast() option.
    • Changed detect.Exporter() to return two values.
    • Updated context handling to use context.WithCancelCause.
  • cmd/buildctl/debug/monitor.go
    • Modified monitor to display multiple results from BuildResultInfo.Results and fallback to ResultDeprecated.
  • cmd/buildctl/diskusage_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testDiskUsage.
  • cmd/buildctl/prune_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testPrune.
  • cmd/buildkitd/config/config.go
    • Added BridgeName and BridgeSubnet fields to NetworkConfig.
    • Added Path field to ContainerdRuntime.
  • cmd/buildkitd/config/load_test.go
    • Added path field to worker.containerd.runtime in test config.
  • cmd/buildkitd/debug.go
    • Added promhttp.Handler() for /metrics endpoint.
  • cmd/buildkitd/main.go
    • Updated context handling to use context.WithCancelCause.
    • Updated otelgrpc interceptor calls to include WithMeterProvider.
    • Moved newGRPCListeners call before newController.
    • Changed serveGRPC to accept listeners directly.
    • Changed ctx.Err() to context.Cause(ctx).
    • Updated setDefaultNetworkConfig to set CNI config path based on rootless mode and set default bridge name/subnet.
  • cmd/buildkitd/main_containerd_worker.go
    • Updated containerd-worker-net usage string.
    • Added BridgeName and BridgeSubnet to CNI config.
    • Added Path to containerd.RuntimeInfo.
    • Changed socketScheme for validContainerdSocket.
  • cmd/buildkitd/main_oci_worker.go
    • Updated oci-worker-net usage string.
    • Added BridgeName and BridgeSubnet to CNI config.
  • cmd/buildkitd/main_unix.go
    • Added socketScheme constant.
  • cmd/buildkitd/main_windows.go
    • Added socketScheme constant.
  • cmd/buildkitd/service_windows.go
    • Changed error formatting to use errors.Errorf and errors.Wrapf.
  • cmd/buildkitd/util_unsupported.go
    • Removed.
  • control/control.go
    • Added c.solver.Close() to Close method.
    • Added logic to translate single exporter to a slice in translateLegacySolveRequest.
    • Updated SOURCE_DATE_EPOCH handling for multiple exporters.
    • Added nil check for cacheImports entries.
    • Changed llbsolver.ExporterRequest to use Exporters slice.
  • control/gateway/gateway.go
    • Updated context handling to use context.WithCancelCause and context.WithTimeoutCause.
    • Added ResolveSourceMeta method.
  • docker-bake.hcl
    • Added GOLANGCI_LINT_MULTIPLATFORM variable.
    • Added binaries-for-test target.
    • Added validate-archutil to validate group.
    • Added archutil target.
    • Updated golangci-lint matrix to include dfexcludepatterns.
  • docs/attestations/sbom-protocol.md
    • Updated link to sbom.go.
  • docs/buildkitd.toml.md
    • Added trace = true to example config.
    • Added path to worker.containerd.runtime example.
  • docs/nydus.md
    • Updated buildctl command for nydus export to include force-compression=true.
    • Clarified that force-compression=true must be enabled.
  • docs/reference/buildctl.md
    • Updated registry-auth-tlscontext usage.
    • Added debug-json-cache-metrics flag.
    • Updated local sources and frontend options links.
    • Updated context examples to use local: and oci-layout:// prefixes.
    • Corrected gateway.v0 frontend option description.
  • docs/rootless.md
    • Removed "Distribution-specific hint" and "Troubleshooting" sections, moving them to the end.
  • docs/windows.md
    • Added new file with experimental Windows containers support guide.
  • examples/build-using-dockerfile/main.go
    • Removed client.WithFailFast().
    • Changed localDirs to LocalMounts and used fsutil.NewFS.
  • examples/buildkit0/buildkit.go
    • Updated golang base image to 1.21-alpine.
  • examples/buildkit1/buildkit.go
    • Updated golang base image to 1.21-alpine.
  • examples/buildkit2/buildkit.go
    • Updated golang base image to 1.21-alpine.
  • examples/buildkit3/buildkit.go
    • Updated golang base image to 1.21-alpine.
  • examples/buildkit4/buildkit.go
    • Updated golang base image to 1.21-alpine.
  • examples/dockerfile2llb/main.go
    • Changed partialMetadataFile to baseImageConfigFile.
    • Added baseImg return value from Dockerfile2LLB and wrote it to file.
  • examples/eksctl/bottlerocket.yaml
    • Corrected user.max_user_namespace to user.max_user_namespaces.
  • examples/nested-llb/main.go
    • Updated golang base image to 1.21-alpine.
  • executor/containerdexecutor/executor.go
    • Added Path field to RuntimeInfo.
    • Added meta.NetMode check and network provider lookup.
    • Updated createOCISpec call with meta.NetMode.
    • Added w.runtime.Path to containerd.WithRuntimePath.
    • Changed getTaskOpts to return slice.
    • Changed ctx.Err() to context.Cause(ctx).
    • Updated context handling to use context.WithCancelCause.
  • executor/containerdexecutor/executor_unix.go
    • Updated prepareExecutionEnv to accept pb.NetMode.
    • Changed GetResolvConf call with meta.NetMode.
    • Changed getTaskOpts to return slice.
  • executor/containerdexecutor/executor_windows.go
    • Changed prepareExecutionEnv to accept pb.NetMode.
    • Changed getTaskOpts to return slice.
  • executor/executor.go
    • Replaced snapshot.Mountable with MountableRef interface.
    • Added MountableRef interface.
  • executor/oci/mounts.go
    • Removed withROBind, withCGroup, removeMountsWithPrefix, and withBoundProc functions.
  • executor/oci/resolvconf.go
    • Updated GetResolvConf to accept pb.NetMode.
    • Modified logic to handle pb.NetMode_HOST for resolv.conf path and filtering.
  • executor/oci/resolvconf_test.go
    • Expanded TestResolvConf to include various network modes and scenarios.
  • executor/oci/spec.go
    • Added subRefs map to mountRef.
    • Modified subMount to handle sub-references and use sub function.
    • Updated cleanup to unmount sub-references.
    • Removed specMapping function.
  • executor/oci/spec_freebsd.go
    • Added mount and fs imports.
    • Added sub function.
  • executor/oci/spec_linux.go
    • Added strconv, mount, fs, snapshot, unix imports.
    • Added specMapping, withROBind, withCGroup, withBoundProc, and removeMountsWithPrefix functions.
    • Added sub function.
  • executor/oci/spec_others.go
    • Added new file with dummy OCI spec generation functions for non-Linux, non-FreeBSD, non-Windows platforms.
  • executor/oci/spec_windows.go
    • Added mount and fs imports.
    • Added sub function.
  • executor/resources/cpu.go
    • Changed types.CPUStat and types.Pressure to resourcestypes.CPUStat and resourcestypes.Pressure.
  • executor/resources/cpu_test.go
    • Changed types.CPUStat and types.Pressure to resourcestypes.CPUStat and resourcestypes.Pressure.
  • executor/resources/io.go
    • Changed types.IOStat to resourcestypes.IOStat.
  • executor/resources/io_test.go
    • Changed types.IOStat and types.Pressure to resourcestypes.IOStat and resourcestypes.Pressure.
  • executor/resources/memory.go
    • Changed types.MemoryStat to resourcestypes.MemoryStat.
  • executor/resources/memory_test.go
    • Changed types.MemoryStat and types.Pressure to resourcestypes.MemoryStat and resourcestypes.Pressure.
  • executor/resources/monitor.go
    • Changed types.Sample, types.Samples, types.SysCPUStat, types.Recorder, and network.Sample to resourcestypes.Sample, resourcestypes.Samples, resourcestypes.SysCPUStat, resourcestypes.Recorder, and resourcestypes.NetworkSample.
  • executor/resources/pids.go
    • Changed types.PIDsStat to resourcestypes.PIDsStat.
  • executor/resources/pids_test.go
    • Changed types.PIDsStat to resourcestypes.PIDsStat.
  • executor/resources/sys.go
    • Changed types.SysSample to resourcestypes.SysSample.
  • executor/resources/sys_linux.go
    • Changed types.SysSample, types.SysCPUStat, types.ProcStat, and types.SysMemoryStat to resourcestypes.SysSample, resourcestypes.SysCPUStat, resourcestypes.ProcStat, and resourcestypes.SysMemoryStat.
  • executor/resources/sys_nolinux.go
    • Changed types.SysSample to resourcestypes.SysSample.
  • executor/resources/types/types.go
    • Removed network import.
    • Changed network.Sample to NetworkSample struct.
    • Added NetworkSample struct.
  • executor/runcexecutor/executor.go
    • Removed meta variable.
    • Added meta.NetMode check and network provider lookup.
    • Changed GetResolvConf call with meta.NetMode.
    • Changed ctx.Err() to context.Cause(ctx).
    • Updated context handling to use context.WithCancelCause.
    • Changed procHandle.shutdown type.
  • executor/runcexecutor/executor_common.go
    • Changed unsupportedConsoleError to errUnsupportedConsole.
  • executor/stubs.go
    • Added strings import.
    • Modified MountStubsCleaner to handle parent directory cleanup and restore timestamps.
  • exporter/containerimage/export.go
    • Added id field to imageExporterInstance.
    • Modified Resolve to accept id.
    • Added ID() method.
    • Modified Export to accept inlineCache and clone src.
    • Updated ImageWriter.Commit call with inlineCache.
  • exporter/containerimage/exptypes/parse.go
    • Added validation for platforms and image config.
    • Modified ParseKey to accept *Platform.
  • exporter/containerimage/exptypes/types.go
    • Added context and result imports.
    • Added ExporterImageBaseConfigKey constant.
    • Added InlineCacheEntry struct and InlineCache type.
  • exporter/containerimage/image/docker_image.go
    • Deprecated HealthConfig, ImageConfig, and Image types in favor of moby/docker-image-spec/specs-go/v1.
  • exporter/containerimage/opts.go
    • Removed c.RefCfg.Compression.Type.NeedsForceCompression() check.
  • exporter/containerimage/writer.go
    • Added reflect and dockerspec imports.
    • Modified Commit to accept inlineCache.
    • Updated exportLayers call.
    • Modified rewriteRemoteWithEpoch to accept baseImg.
    • Updated commitDistributionManifest call with inlineCache and baseImg.
    • Added OSVersion and OSFeatures to defaultImageConfig.
    • Modified patchImageConfig to accept baseImg and *exptypes.InlineCacheEntry, added validation for image config, and preserved base image history timestamps.
  • exporter/earthlyoutputs/export.go
    • Added id field to imageExporterInstance.
    • Modified Resolve to accept id.
    • Added ID() method.
    • Modified Export to accept inlineCache.
    • Updated ImageWriter.Commit call with inlineCache.
    • Updated filesync.CopyFileWriter and exportDirFunc calls with id.
  • exporter/earthlyoutputs/registry/eodriver/multimultiprovider.go
    • Changed content.Provider to content.InfoReaderProvider.
  • exporter/exporter.go
    • Modified Resolve to accept id.
    • Added ID() method to ExporterInstance.
    • Modified Export to accept inlineCache.
  • exporter/local/export.go
    • Added id field to localExporterInstance.
    • Modified Resolve to accept id.
    • Added ID() method.
    • Modified Export to accept inlineCache.
    • Updated context handling to use context.WithCancelCause.
    • Updated filesync.CopyToCaller call with id.
  • exporter/oci/export.go
    • Added id field to imageExporterInstance.
    • Modified Resolve to accept id.
    • Added ID() method.
    • Modified Export to accept inlineCache and clone src.
    • Updated ImageWriter.Commit call with inlineCache.
    • Updated context handling to use context.WithCancelCause.
    • Updated filesync.CopyFileWriter call with id.
  • exporter/tar/export.go
    • Added id field to localExporterInstance.
    • Modified Resolve to accept id.
    • Added ID() method.
    • Modified Export to accept inlineCache.
    • Updated context handling to use context.WithCancelCause.
    • Updated filesync.CopyFileWriter call with id.
  • frontend/attestations/sbom/sbom.go
    • Added sourceresolver import.
    • Modified CreateSBOMScanner to use sourceresolver.MetaResolver and sourceresolver.Opt.
  • frontend/dockerfile/builder/build.go
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Modified BuildFunc signature to return baseImg.
    • Updated Dockerfile2LLB call with baseImg.
    • Added baseConfig to metadata.
  • frontend/dockerfile/cmd/dockerfile-frontend/Dockerfile
    • Updated alpine version and xx version.
  • frontend/dockerfile/dockerfile2llb/convert.go
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Modified Dockerfile2LLB signature to return baseImg.
    • Modified namedContext to return dockerspec.DockerOCIImage.
    • Updated namedContext calls with AsyncLocalOpts.
    • Added baseImg field to dispatchState.
    • Modified dispatchState.image to be dockerspec.DockerOCIImage.
    • Added paths field to dispatchState.
    • Added asyncLocalOpts method.
    • Modified hasCircularDependency to validateCircularDependency and improved error reporting.
    • Added filterPaths function.
  • frontend/dockerfile/dockerfile2llb/convert_runmount.go
    • Added paths field to dispatchState.
    • Added check for src.noinit in dispatchRunMounts.
    • Added logic to update source.paths.
  • frontend/dockerfile/dockerfile2llb/convert_test.go
    • Modified Dockerfile2LLB calls to match new signature.
    • Added TestBaseImageConfig.
  • frontend/dockerfile/dockerfile2llb/exclude_patterns_test.go
    • Added new file with tests for COPY --exclude and ADD --exclude with various patterns.
  • frontend/dockerfile/dockerfile2llb/image.go
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Added cloneX function.
    • Added OSVersion and OSFeatures to emptyImage.
  • frontend/dockerfile/dockerfile_addchecksum_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testAddChecksum.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_addgit_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testAddGit.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_heredoc_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_mount_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
    • Added testMountDuplicate.
  • frontend/dockerfile/dockerfile_outline_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_parents_test.go
    • Added testCopyRelativeParents.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_provenance_test.go
    • Changed provenance.ProvenancePredicate to provenancetypes.ProvenancePredicate.
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
    • Changed runShell to use dir.Name.
    • Added testDuplicateLayersProvenance.
  • frontend/dockerfile/dockerfile_runnetwork_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_runsecurity_test.go
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_secrets_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_ssh_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_targets_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/dockerfile_test.go
    • Added math, regexp, fsutil, errgroup imports.
    • Added integration.SkipOnPlatform(t, "windows") to many tests.
    • Changed LocalDirs to LocalMounts.
    • Updated runShell to use dir.Name.
    • Added testOutOfOrderStage.
    • Added testNamedFilteredContext.
  • frontend/dockerfile/errors_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testErrorsSourceMap.
    • Changed LocalDirs to LocalMounts.
  • frontend/dockerfile/exclude_patterns_test.go
    • Added new file with tests for COPY --exclude and ADD --exclude with various patterns.
  • frontend/dockerfile/instructions/commands.go
    • Added ExcludePatterns field to AddCommand and CopyCommand.
  • frontend/dockerfile/instructions/exclude_pattern_feature.go
    • Added new file to enable excludePatternsEnabled.
  • frontend/dockerfile/instructions/parse.go
    • Added excludePatternsEnabled variable.
    • Modified parseAdd and parseCopy to handle exclude and parents flags.
  • frontend/dockerfile/parser/errors.go
    • Changed ErrorLocation.Location to ErrorLocation.Locations (slice of slices).
    • Modified WithLocation to append to Locations.
  • frontend/dockerfile/release/labs/tags
    • Added dfexcludepatterns tag.
  • frontend/dockerfile/shell/lex.go
    • Added regexp import.
    • Modified processStopOn to accept rawEscapes.
    • Modified processDollar to handle pattern matching (%, #) and substitution (/).
    • Added convertShellPatternToRegex, trimPrefix, reversePattern, reverseString, and trimSuffix functions.
  • frontend/dockerfile/shell/lex_test.go
    • Added tests for convertShellPatternToRegex, reverseString, reversePattern.
    • Added new test cases for processDollar with pattern matching and substitution.
  • frontend/dockerui/build.go
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Modified BuildFunc signature to return baseImg.
    • Updated Dockerfile2LLB call with baseImg.
    • Added baseConfig to metadata.
  • frontend/dockerui/config.go
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Modified NamedContext to use asyncLocalOutput for local sources.
  • frontend/dockerui/namedcontext.go
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Modified namedContextRecursive to use asyncLocalOutput for local sources.
  • frontend/frontend.go
    • Added sourceresolver and executor imports.
    • Modified Solve signature to accept exec executor.Executor.
    • Added sourceresolver.MetaResolver interface to FrontendLLBBridge.
    • Changed ResolveImageConfig to use sourceresolver.Opt.
  • frontend/frontend_test.go
    • Added integration.SkipOnPlatform(t, "windows") to all tests.
    • Changed LocalDirs to LocalMounts.
    • Updated fsutil.Walk call.
  • frontend/gateway/client/attestation.go
    • Added nil checks for pb.Attestation and pb.InTotoSubject in AttestationFromPB.
  • frontend/gateway/client/client.go
    • Updated context handling to use context.WithCancelCause.
    • Added ResolveSourceMetadata method.
    • Changed ResolveImageConfig to use sourceresolver.Opt and call resolveImageConfigViaSourceMetadata if CapSourceMetaResolver is not supported.
  • frontend/gateway/container/container.go
    • Modified NewContainer to accept cache.Manager and executor.Executor.
    • Removed w worker.Worker parameter.
    • Updated PrepareMounts call with cm.
    • Changed cancel type to func(error).
  • frontend/gateway/forwarder/forward.go
    • Modified LLBBridgeToGatewayClient to accept exec executor.Executor.
    • Added executor field to BridgeClient.
  • frontend/gateway/forwarder/frontend.go
    • Modified Solve signature to accept exec executor.Executor.
    • Updated LLBBridgeToGatewayClient call with exec.
    • Updated serveLLBBridgeForwarder call with exec.
    • Changed exec.Run call instead of w.Executor().Run.
  • frontend/gateway/gateway.go
    • Added sourceresolver import.
    • Changed image.Image to dockerspec.DockerOCIImage.
    • Modified Solve signature to accept exec executor.Executor.
    • Updated forwarder.LLBBridgeToGatewayClient call with exec.
    • Updated serveLLBBridgeForwarder call with exec.
    • Changed exec.Run call instead of w.Executor().Run.
  • frontend/gateway/pb/caps.go
    • Added CapSourceMetaResolver capability.
  • frontend/gateway/pb/gateway.pb.go
    • Added ResolveSourceMetaRequest, ResolveSourceMetaResponse, and ResolveSourceImageResponse messages.
    • Updated SolveRequest and CacheOptionsEntry field numbers.
  • frontend/gateway/pb/gateway.proto
    • Added ResolveSourceMetaRequest, ResolveSourceMetaResponse, and ResolveSourceImageResponse messages.
  • go.mod
    • Updated Go version to 1.21.
    • Updated various dependencies (hcsshim, aws-sdk-go-v2, containerd, nydus-snapshotter, stargz-snapshotter, containernetworking/plugins, docker/cli, docker/docker, google/go-cmp, klauspost/compress, moby/docker-image-spec, moby/sys/mountinfo, pkg/profile, prometheus/client_golang, prometheus/procfs, serialx/hashring, spdx/tools-golang, tonistiigi/fsutil, tonistiigi/go-actions-cache, urfave/cli, vishvananda/netlink, go.etcd.io/bbolt, opentelemetry, golang.org/x/mod, golang.org/x/net, golang.org/x/sync, golang.org/x/sys, google.golang.org/genproto/googleapis/rpc, google.golang.org/grpc).
  • hack/Vagrantfile.freebsd13
    • Added config.ssh.keep_alive = true.
    • Removed containerd from pkg install.
    • Added install -m 755 bin/containerd /bin/containerd.
  • hack/compose
    • Added new file for Docker Compose setup.
  • hack/composefiles/.gitignore
    • Added new file to ignore most files in the directory.
  • hack/composefiles/buildkitd.toml
    • Added new file with BuildKit daemon configuration.
  • hack/composefiles/compose.yaml
    • Added new file for Docker Compose configuration.
  • hack/dockerfiles/archutil.Dockerfile
    • Added new file for generating architecture utility binaries.
  • hack/dockerfiles/authors.Dockerfile
    • Updated alpine version to 3.19.
  • hack/dockerfiles/docs.Dockerfile
    • Added ALPINE_VERSION arg.
  • hack/dockerfiles/generated-files.Dockerfile
    • Updated GO_VERSION and DEBIAN_VERSION.
  • hack/dockerfiles/lint.Dockerfile
    • Added ALPINE_VERSION, XX_VERSION, TARGETNAME, TARGETPLATFORM args.
    • Updated golang-base and protolint-base FROM images.
    • Added xx copy.
    • Modified golangci-lint run command to use xx-go --wrap and cache ID.
  • hack/dockerfiles/vendor.Dockerfile
    • Updated GO_VERSION and ALPINE_VERSION.
  • hack/shell
    • Removed --net=host from docker run command.
  • hack/test
    • Added ALPINE_VERSION and TESTFLAGS variables.
    • Added warning for TEST_DOCKERD=1 without BUILDKIT_TEST_DISABLE_FEATURES.
    • Added ALPINE_VERSION to buildxCmd build args.
  • session/auth/authprovider/authconfig.go
    • Added Insecure field to AuthTLSConfig.
  • session/auth/authprovider/authprovider.go
    • Added InsecureSkipVerify to tls.Config if Insecure is true.
  • session/configurabletimeout.go
    • Changed cancelConn type to func(error).
  • session/filesync/diffcopy.go
    • Added logic to split large messages in streamWriterCloser.Write.
  • session/filesync/filesync.go
    • Added keyExporterID constant.
    • Added FileOutputFunc and SyncedDir types.
    • Replaced NewFSSyncTargetDir, NewFSSyncTarget, NewFSSyncMultiTarget with NewFSSyncTarget (variadic) and WithFSSync, WithFSSyncDir, WithFSSyncEarthly.
    • Modified fsSyncAttachable to handle multiple targets and choose based on keyExporterID.
    • Updated CopyToCaller and CopyToCallerWithMeta to include id.
  • session/filesync/filesync.proto
    • Added comments for FileSync and FileSend services.
  • session/group.go
    • Updated context handling to use context.WithCancelCause.
  • session/grpc.go
    • Updated otelgrpc interceptor calls to ignore SA1019.
    • Changed cancel type to func(error).
  • session/manager.go
    • Updated context handling to use context.WithCancelCause.
    • Changed ctx.Err() to context.Cause(ctx).
  • session/session.go
    • Changed cancelCtx type to func(error).
    • Updated context handling to use context.WithCancelCause.
  • session/sshforward/copy.go
    • Changed ctx.Err() to context.Cause(ctx).
  • session/sshforward/ssh.go
    • Changed ctx.Err() to context.Cause(ctx).
  • session/upload/uploadprovider/provider.go
    • Added logic to split large messages in writer.Write.
  • snapshot/diffapply_freebsd.go
    • Removed needsUserXAttr function.
  • solver/llbsolver/provenance.go
    • Changed provenance.ProvenancePredicate to provenancetypes.ProvenancePredicate.
  • solver/llbsolver/provenance/types/types.go
    • Added new file defining ProvenancePredicate struct.
  • solver/llbsolver/solver.go
    • Changed frontend.FrontendLLBBridge to frontend.FrontendLLBBridge, exec executor.Executor.
    • Updated frontend.Solve call with exec.
  • solver/llbsolver/solver_test.go
    • Added integration.SkipOnPlatform(t, "windows") to testProvenance.
  • solver/pb/ops.pb.go
    • Added MountContentCache enum.
    • Added ContentCache field to Mount.
  • solver/pb/ops.proto
    • Added MountContentCache enum.
    • Added ContentCache field to Mount.
  • sourcepolicy/pb/policy.pb.go
    • Added PolicyAction_CONVERT and PolicyAction_DENY to PolicyAction enum.
    • Added Update field to Rule.
  • sourcepolicy/pb/policy.proto
    • Added PolicyAction_CONVERT and PolicyAction_DENY to PolicyAction enum.
    • Added Update field to Rule.
  • util/appcontext/context.go
    • Changed context.WithCancel to context.WithCancelCause.
  • util/archutil/check.go
    • Added Check function to verify architecture.
  • util/archutil/check_others.go
    • Added new file with dummy Check function for non-Linux platforms.
  • util/archutil/fixtures/exit.386.s
    • Added new file with assembly code for 386 exit.
  • util/archutil/fixtures/exit.amd64.S
    • Added new file with assembly code for amd64 exit.
  • util/archutil/fixtures/exit.arm.s
    • Added new file with assembly code for arm exit.
  • util/archutil/fixtures/exit.arm64.s
    • Added new file with assembly code for arm64 exit.
  • util/archutil/fixtures/exit.loongarch64.s
    • Added new file with assembly code for loongarch64 exit.
  • util/archutil/fixtures/exit.mips64.s
    • Added new file with assembly code for mips64 exit.
  • util/archutil/fixtures/exit.mips64le.s
    • Added new file with assembly code for mips64le exit.
  • util/archutil/fixtures/exit.ppc64.s
    • Added new file with assembly code for ppc64 exit.
  • util/archutil/fixtures/exit.ppc64le.s
    • Added new file with assembly code for ppc64le exit.
  • util/archutil/fixtures/exit.riscv64.s
    • Added new file with assembly code for riscv64 exit.
  • util/archutil/fixtures/exit.s390x.s
    • Added new file with assembly code for s390x exit.
  • util/archutil/generate.go
    • Added new file to generate architecture-specific binaries.
  • util/archutil/generate_test.go
    • Added new file with tests for generate.go.
  • util/archutil/types.go
    • Added new file defining Arch struct.
  • util/compression/compression.go
    • Removed NeedsForceCompression method.
  • util/compression/compression_test.go
    • Removed NeedsForceCompression test.
  • util/compression/types.go
    • Removed NeedsForceCompression method.
  • util/contentutil/contentutil.go
    • Changed content.Provider to content.InfoReaderProvider.
  • util/converter/converter.go
    • Modified NewWithRewriteTimestamp to accept immDiffIDs.
  • util/flightcontrol/flightcontrol.go
    • Changed Do to accept context.Context and return T, error.
  • util/imageutil/imageutil.go
    • Changed Config to accept content.InfoReaderProvider.
  • util/leaseutil/lease.go
    • Changed NewLease to accept context.Context and leases.Manager.
  • util/network/cniprovider/cniprovider.go
    • Added BridgeName and BridgeSubnet fields to Opt.
  • util/network/cniprovider/cniprovider_test.go
    • Added TestBridgeNetworkConfig.
  • util/network/cniprovider/network.go
    • Added BridgeName and BridgeSubnet to networkConfig.
  • util/network/cniprovider/network_linux.go
    • Added BridgeName and BridgeSubnet to networkConfig.
  • util/network/cniprovider/network_windows.go
    • Added BridgeName and BridgeSubnet to networkConfig.
  • util/network/netproviders.go
    • Added BridgeName and BridgeSubnet to CNI opt.
  • util/progress/progress.go
    • Changed context.WithCancel to context.WithCancelCause.
  • util/testutil/integration/integration.go
    • Added Tmpdir function.
    • Added SkipOnPlatform function.
  • util/testutil/integration/registry.go
    • Changed context.WithCancel to context.WithCancelCause.
  • util/testutil/integration/sandbox.go
    • Added SkipOnPlatform function.
  • util/testutil/integration/workers.go
    • Added FeatureSourceMetaResolver capability.
  • util/tracing/tracing.go
    • Changed context.WithCancel to context.WithCancelCause.
  • vendor/modules.txt
    • Updated vendor dependencies.
  • worker/controller.go
    • Changed frontend.FrontendLLBBridge to frontend.FrontendLLBBridge, exec executor.Executor.
    • Updated frontend.Solve call with exec.
  • worker/worker.go
    • Added DefaultCacheManager method to Infos.
  • worker/worker_test.go
    • Added TestCacheManager.
Ignored Files
  • Ignored by pattern: .github/workflows/** (7)
    • .github/workflows/.test.yml
    • .github/workflows/buildkit.yml
    • .github/workflows/dockerd.yml
    • .github/workflows/docs-upstream.yml
    • .github/workflows/frontend.yml
    • .github/workflows/test-os.yml
    • .github/workflows/validate.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 15, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request successfully merges version v0.13.0 of the upstream moby/buildkit repository. The changes are substantial and well-integrated, encompassing significant API updates, feature enhancements, and robustness improvements.

Key changes include:

  • API Evolution: The move to support multiple exporters by deprecating singular Exporter fields in favor of a plural Exporters slice is a major and well-handled update, with backward compatibility in mind.
  • Code Modernization: The adoption of context.WithCancelCause and context.Cause throughout the codebase aligns with modern Go practices for clearer cancellation semantics.
  • Robustness: The introduction of lease management for content store resources and safer subpath mounting techniques significantly improves the reliability and safety of the system.
  • Features: New features like the --exclude flag for COPY/ADD and enhanced shell parameter expansions are valuable additions.

Overall, this is a high-quality merge that brings in a host of improvements and new capabilities. The new documentation and project guides are also a welcome addition for the community.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.