v0.9.0-rc1

Welcome to the 0.9.0-rc1 release of buildkit!
This is a pre-release of buildkit

Notable Changes

• Builtin Dockerfile frontend defaults to v1.3.0-rc1 including support for RUN --network and Here-documents in labs channel. Dockerfile changelog Dockerfile labs changelog

• Errors have been improved by removing gRPC wrapping and providing suggestions for typos #2218 #2047 #2215 #2183

• Add support for subdirectories when building from Git source #2116

• Buildkitd config allows max-parallelism for limiting the parallelism of the BuildKit solver for low-powered machines #2049

• OpenTracing providers have been replaced with support for OpenTelemetry #2152 #2192

• New OpenTelemetry support allows forwarding traces with control API from the client or from user programs in llb.Exec container #2163

• Git: Default branch name is now detected correctly from remote #2228

• Allow forcing specific compression on exported layers even if another blob exists #2057

• Plain progress mode now prints last logs of failed command in error summary #2214

• Plain progress mode does not print to LLB vertex digest anymore to avoid confusion #2126

• Buildctl allows --metadata-file flag to output build metadata #2095

• This is the first release supporting Risc-V (experimental) #2222

• This is the first release supporting MacOS ARM64 and Windows ARM64 for buildctl #2037 #2187

• Runc has been updated to v1.0.0 GA #2143

• RootlessKit has been updated to v0.14.2 #2102

• Embedded QEMU emulators have been updated to v6.0.0 #2225

• LLB: Root directory can now be copied from empty references without causing an error or panic #2197

• LLB: Ensure image metadata resolver uses platform constraints set by marshaler #2196

• LLB: Copy operation now allows include and exclude filters to limit the copied files #2082

• Stargz snapshotter now supports authentication from Docker config #1733 #2165

• Support Windows OpenSSH agent forwarding #2127

• Handle expired tokens errors better #2062 #1957

• LLB: Support ALL_PROXY as a proxy environment variable that does not stay in build cache #2086

• Buildkit release images now contain OpenSSH #2135

• Enable containerd labels in buildctl debug workers and make their order deterministic #2070 #2071

• Gracefully handle client-side token seed errors #2050

• Pushing multi-platform images will not try to overwrite image tag internally multiple times. This is important for registries that support immutable tags. #2020

• Fix logs clipping behavior and double the limits #1934

• Support socket activation with --addr fd:// #1924

• Fix issue where Dockerfile with the same metadata and timestamps as another build could pick up its build cache by introducing a "none" differ for transferring local files that ignores metadata matches. #2081

• Fix rare "retry timeout exceeded" errors in job synchronization #2195

• Ensure containerd executor always waits for IO to complete before returning from Exec/Run. #2205

• Fix pulling layers that have already been pulled with different compression. #2226

• Fix some syncronisation errors #2178 #2177 #2156 #2052 #2051

• Fix goroutine leak from progress writing #2203

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Aaron Lehmann
• Sebastiaan van Stijn
• CrazyMax
• Tibor Vass
• Alex Couture-Beil
• Justin Chadwell
• Kohei Tokunaga
• Cory Bennett
• Erik Sipsma
• Siebe Schaap
• Vlad A. Ionescu
• Levi Harrison
• Brian Goff
• Edgar Lee
• Anders F Björklund
• Charles Korn
• Corey Larson
• Jesse Rittner
• Justin Garrison
• Marko Kohtala
• Omer Mizrahi
• Pierre Fenoll
• Rob Taylor
• Yamazaki Masashi
• zhangwenlong

dockerfile/1.3.0-rc1-labs

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.3.0-rc1-labs

Notable changes

• • RUN and COPY commands now support Here-document syntax allowing writing multiline inline scripts and files #2132 #2201 #2209 #2213 Documentation

dockerfile/1.3.0-rc1

Usage

# syntax=docker.io/docker/dockerfile-upstream:1.3.0-rc1

Notable changes

• RUN command allows --network flag for requesting a specific type of network conditions. --network=host requires allowing network.host entitlement. This feature was previously only available on labs channel. Documentation

• ADD command with a remote URL input now correctly handles the --chmod flag. #2171

• Values for RUN --mount flag now support variable expansion, except for the from field #2089

• Allow BUILDKIT_MULTI_PLATFORM build arg to force always creating multi-platform image, even if only contains single platform #1985

v0.8.3

https://hub.docker.com/r/moby/buildkit

Notable changes

• Update containerd with fixes to rootless overlay on kernel 5.11 and push panic #2014

• Add retry on 5xx push errors #2043

• Include basename in content checksum for wildcards #2018

• Fix missing mounts in execOp cache map #2076

v0.8.2

https://hub.docker.com/r/moby/buildkit

Notable changes

• Apparmor profile can be set in the buildkitd config #1966

• Seccomp updated to 2.4.2 to fix time64 syscall compatibility issues on 32-bit architectures #1955

• Update builtin QEMU emulators to fix issues with script handling and add i386 emulator #1953

• Avoid caching token fetch errors #1957

• Fix possible invalid cache match on specific copy operation #1965

• Fix reference count issues when returning typed errors from cache mounts #1963

• Avoid reusing credentials when checking out git submodules #1987

• Update Runc to v1.0.0-rc93 #1998

v0.8.1

https://hub.docker.com/r/moby/buildkit

Notable changes

• Builtin Dockerfile frontend updated to v1.2.1

• LLB client sets platform based on parent state to avoid inefficient lookups in cross-compilation cases #1889

• Fix building from Git URL without specifying protocol #1886

• Fix possible race in flightcontrol package #1891

• Fix/optimize scheduler preprocessor logic #1871

• Fix pushing foreign mediatype, eg. layers pulled from common Windows base images #1879

• Fix possible panic from a frontend component returning nil values #1898

dockerfile/1.2.1-labs

https://hub.docker.com/r/docker/dockerfile

dockerfile/1.2.1

https://hub.docker.com/r/docker/dockerfile

Notable changes

• Revert "Ensure ENTRYPOINT command has at least one argument" #1874

• Optimize processing COPY calls on multi-platform cross-compilation builds #1889

v0.8.0

Welcome to the 0.8.0 release of buildkit!

Important

• This release changes images pull mode in a way that image layers are only pulled from a registry when their contents is needed locally. If your build does not export the build result or does not need to run new containers on top of the image, the build will succeed without pulling the image. This allows you to make metadata modifications to remote images without pulling them or check that the remote cache is still valid for your build without actually pulling the cache layers.

Notable Changes

• Builtin Dockerfile frontend defaults to v1.2.0 including support for RUN --mount among other features. Dockerfile changelog

• Gateway API now allows running interactive container processes that can mount previous build results #1627 #1731

• API: Build errors now contain state for debugging the failure location including the snapshots' data when the error happened #1732

• Image layers used by the build are now only pulled when their content is being used by subsequent build steps or exporter. BuildKit can now make cache decisions about the data while it remains in the remote registry. #1475

• Fetching authorization tokens has been moved to client-side (if the client supports it). Passwords do not leak into the build daemon anymore and users can see from build output when credentials or tokens are accessed. #1660

• Support stargz/eStargz for pulling image layers incrementally based on what files are accessed https://github.com/moby/buildkit/blob/master/docs/stargz-estargz.md #1402

• Buildkit can now build for multiple architectures with QEMU without binfmt_misc handlers loaded to the kernel. moby/buildkit image comes with the emulator images. #1516

• Build errors now track the error location in the original source files #1494

• Frontend API now supports subrequests for implementing supplementary tasks like describing build stages or arguments. #1724

• Connection errors while communicating with the registry for push and pull now trigger a retry #1791

• Git source now supports token authentication via build secrets #1533

• Building from git source now supports forwarding SSH socket for authentication #1782

• Allow passing secrets to the build with environment variables #1534

• Increase registry communication performance and stability with custom connection pool and authenticator #1636

• Running commands do not leak empty stub files to image layers anymore (for example for mounted secrets) #1739

• Allow better handling client sessions dropping while it is being shared by multiple builds #1551

• Allow (and default to) using OCI mediatypes on exporting manifests for remote cache #1746

• Only add manifest descriptor annotations to OCI type manifests and not Docker manifests. This fixes an issue with GCR validation. #1730

• Avoid builds that generate excessive logs to cause a crash or slow down the build. Clipping is performed if needed. #1754

• Fix race on creating CNI sandboxes for containers #1775

• Execution steps now allow overriding the hostname for the build container #1339

• Always use correct mediatypes on exporting objects, not considering the object's original mediatype #1541

• Content-based checksums are now calculated in parallel for the build step with multiple mounts #1744

• Reenable setting insecure-registry config while exporting to a registry #1601

• Fix synchronization issues on pushing multi-platform images that share layers #1548

• Cache load errors are now handled gracefully #1498

• Disable truncating by default when using --progress=plain #1435

• Official image moby/buildkit now contains pigz for better extraction performance #1799

• Support for exposing SSH agent socket on Windows has been improved #1695

• LLB client library now supports using asynchronous callbacks when building the LLB graph #1426

• Change default Seccomp profile to the one provided by Docker #1807

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• Akihiro Suda
• Cory Bennett
• Paul "TBBle" Hampson
• Sebastiaan van Stijn
• Edgar Lee
• Tibor Vass
• Erik Sipsma
• Kohei Tokunaga
• Alex Couture-Beil
• Vlad A. Ionescu
• Lu Jingxiao
• Simon Ferquel
• CrazyMax
• Anders F Björklund
• Andrea Bolognani
• Andrea Luzzardi
• Andrew Chang
• Andrey Smirnov
• Anurag Goel
• Chanhun Jeong
• Chen Bin
• Ilya Dmitrichenko
• Jon Zeolla
• Jonathan Azoff
• Jörg Franke
• Kees Cook
• Miguel Ángel Jimeno
• Nick Santos
• Sam Whited
• Shingo Omura
• Wang Yumu
• Wei Fu
• Xiaofan Zhang
• Ximo Guanter
• 岁丰

dockerfile/1.2.0-labs

Usage

# syntax=docker/dockerfile-upstream:1.2.0-labs

Notable changes

• Experimental channel has been renamed to labs #1805