From 803057a92a1f9625680688bc325fea6defa23307 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 6 Mar 2026 16:10:15 +0100 Subject: [PATCH 1/3] update actions-toolkit to 0.80.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/bake.yml | 6 +++--- .github/workflows/build.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 9917eb0..25d3318 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -150,7 +150,7 @@ env: BUILDKIT_IMAGE: "moby/buildkit:v0.27.1" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" - DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.76.0" + DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.80.0" COSIGN_VERSION: "v3.0.2" LOCAL_EXPORT_DIR: "/tmp/buildx-output" MATRIX_SIZE_LIMIT: "20" @@ -250,7 +250,7 @@ jobs: script: | const os = require('os'); const { Bake } = require('@docker/actions-toolkit/lib/buildx/bake'); - const { GitHub } = require('@docker/actions-toolkit/lib/github'); + const { GitHub } = require('@docker/actions-toolkit/lib/github/github'); const { Util } = require('@docker/actions-toolkit/lib/util'); const inpSbomImage = core.getInput('sbom-image'); @@ -617,7 +617,7 @@ jobs: script: | const os = require('os'); const { Build } = require('@docker/actions-toolkit/lib/buildx/build'); - const { GitHub } = require('@docker/actions-toolkit/lib/github'); + const { GitHub } = require('@docker/actions-toolkit/lib/github/github'); const { Util } = require('@docker/actions-toolkit/lib/util'); const inpPlatform = core.getInput('platform'); diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0d1eac3..e717d4a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -153,7 +153,7 @@ env: BUILDKIT_IMAGE: "moby/buildkit:v0.27.1" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" - DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.76.0" + DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.80.0" COSIGN_VERSION: "v3.0.2" LOCAL_EXPORT_DIR: "/tmp/buildx-output" MATRIX_SIZE_LIMIT: "20" @@ -245,7 +245,7 @@ jobs: INPUT_SIGN: ${{ inputs.sign }} with: script: | - const { GitHub } = require('@docker/actions-toolkit/lib/github'); + const { GitHub } = require('@docker/actions-toolkit/lib/github/github'); const { Util } = require('@docker/actions-toolkit/lib/util'); const inpMatrixSizeLimit = parseInt(core.getInput('matrix-size-limit'), 10); @@ -516,7 +516,7 @@ jobs: with: script: | const { Build } = require('@docker/actions-toolkit/lib/buildx/build'); - const { GitHub } = require('@docker/actions-toolkit/lib/github'); + const { GitHub } = require('@docker/actions-toolkit/lib/github/github'); const inpPlatform = core.getInput('platform'); const platformPairSuffix = inpPlatform ? `-${inpPlatform.replace(/\//g, '-')}` : ''; From 51a156ce53114d7b6e322253e25fedaf52ab3031 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 4 Mar 2026 15:32:12 +0100 Subject: [PATCH 2/3] update buildkit 0.28.0 and buildx to 0.32.1 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/bake.yml | 4 ++-- .github/workflows/build.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 25d3318..0fed63d 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -146,8 +146,8 @@ on: value: ${{ jobs.finalize.outputs.signed }} env: - BUILDX_VERSION: "v0.31.1" - BUILDKIT_IMAGE: "moby/buildkit:v0.27.1" + BUILDX_VERSION: "v0.32.1" + BUILDKIT_IMAGE: "moby/buildkit:v0.28.0" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.80.0" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e717d4a..0d9296b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -149,8 +149,8 @@ on: value: ${{ jobs.finalize.outputs.signed }} env: - BUILDX_VERSION: "v0.31.1" - BUILDKIT_IMAGE: "moby/buildkit:v0.27.1" + BUILDX_VERSION: "v0.32.1" + BUILDKIT_IMAGE: "moby/buildkit:v0.28.0" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.80.0" From c809e6311b2b36a09ea226212a9b86e2dd886d99 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 6 Mar 2026 17:28:37 +0100 Subject: [PATCH 3/3] add image-digest output to return pushed digest on manifest creation Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/bake.yml | 44 +++++++++++++++++++++++++++++-------- .github/workflows/build.yml | 44 +++++++++++++++++++++++++++++-------- 2 files changed, 70 insertions(+), 18 deletions(-) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 0fed63d..74733b9 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -138,6 +138,9 @@ on: artifact-name: description: "Name of the uploaded artifact (for local output)" value: ${{ jobs.finalize.outputs.artifact-name }} + image-digest: + description: "Digest of the built image (for image output if pushed)" + value: ${{ jobs.finalize.outputs.image-digest }} output-type: description: "Build output type" value: ${{ jobs.finalize.outputs.output-type }} @@ -904,12 +907,21 @@ jobs: cosign-version: ${{ env.COSIGN_VERSION }} cosign-verify-commands: ${{ steps.set.outputs.cosign-verify-commands }} artifact-name: ${{ inputs.artifact-upload && inputs.artifact-name || '' }} + image-digest: ${{ steps.manifest.outputs.digest }} output-type: ${{ inputs.output }} signed: ${{ needs.prepare.outputs.sign }} needs: - prepare - build steps: + - + name: Install @docker/actions-toolkit + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + INPUT_DAT-MODULE: ${{ env.DOCKER_ACTIONS_TOOLKIT_MODULE }} + with: + script: | + await exec.exec('npm', ['install', '--prefer-offline', '--ignore-scripts', core.getInput('dat-module')]); - name: Docker meta id: meta @@ -941,6 +953,7 @@ jobs: cache-binary: false - name: Create manifest + id: manifest if: ${{ inputs.output == 'image' }} uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: @@ -950,6 +963,8 @@ jobs: INPUT_BUILD-OUTPUTS: ${{ toJSON(needs.build.outputs) }} with: script: | + const { ImageTools } = require('@docker/actions-toolkit/lib/buildx/imagetools'); + const inpPush = core.getBooleanInput('push'); const inpImageNames = core.getMultilineInput('image-names'); const inpTagNames = core.getMultilineInput('tag-names'); @@ -967,22 +982,33 @@ jobs: return; } + let digest; for (const imageName of inpImageNames) { - let createArgs = ['buildx', 'imagetools', 'create']; + const tags = []; for (const tag of inpTagNames) { - createArgs.push('-t', `${imageName}:${tag}`); - } - for (const digest of digests) { - createArgs.push(digest); + tags.push(`${imageName}:${tag}`); } if (inpPush) { - await exec.exec('docker', createArgs); - } else { - await core.group(`Generated imagetools create command for ${imageName}`, async () => { - core.info(`docker ${createArgs.join(' ')}`); + const result = await new ImageTools().create({ + sources: digests, + tags: tags }); + core.info(`Created manifest with digest: ${result.digest}`); + digest = result.digest; + } else { + let createArgs = ['buildx', 'imagetools', 'create']; + for (const tag of tags) { + createArgs.push('-t', tag); + } + for (const digest of digests) { + createArgs.push(digest); + } + core.info(`Generated command for ${imageName}: docker ${createArgs.join(' ')}`); } } + if (digest) { + core.setOutput('digest', digest); + } - name: Merge artifacts if: ${{ inputs.output == 'local' && inputs.artifact-upload }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0d9296b..fcc5de2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,6 +141,9 @@ on: artifact-name: description: "Name of the uploaded artifact (for local output)" value: ${{ jobs.finalize.outputs.artifact-name }} + image-digest: + description: "Digest of the built image (for image output if pushed)" + value: ${{ jobs.finalize.outputs.image-digest }} output-type: description: "Build output type" value: ${{ jobs.finalize.outputs.output-type }} @@ -758,12 +761,21 @@ jobs: cosign-version: ${{ env.COSIGN_VERSION }} cosign-verify-commands: ${{ steps.set.outputs.cosign-verify-commands }} artifact-name: ${{ inputs.artifact-upload && inputs.artifact-name || '' }} + image-digest: ${{ steps.manifest.outputs.digest }} output-type: ${{ inputs.output }} signed: ${{ needs.prepare.outputs.sign }} needs: - prepare - build steps: + - + name: Install @docker/actions-toolkit + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + env: + INPUT_DAT-MODULE: ${{ env.DOCKER_ACTIONS_TOOLKIT_MODULE }} + with: + script: | + await exec.exec('npm', ['install', '--prefer-offline', '--ignore-scripts', core.getInput('dat-module')]); - name: Docker meta id: meta @@ -794,6 +806,7 @@ jobs: cache-binary: false - name: Create manifest + id: manifest if: ${{ inputs.output == 'image' }} uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: @@ -803,6 +816,8 @@ jobs: INPUT_BUILD-OUTPUTS: ${{ toJSON(needs.build.outputs) }} with: script: | + const { ImageTools } = require('@docker/actions-toolkit/lib/buildx/imagetools'); + const inpPush = core.getBooleanInput('push'); const inpImageNames = core.getMultilineInput('image-names'); const inpTagNames = core.getMultilineInput('tag-names'); @@ -820,22 +835,33 @@ jobs: return; } + let digest; for (const imageName of inpImageNames) { - let createArgs = ['buildx', 'imagetools', 'create']; + const tags = []; for (const tag of inpTagNames) { - createArgs.push('-t', `${imageName}:${tag}`); - } - for (const digest of digests) { - createArgs.push(digest); + tags.push(`${imageName}:${tag}`); } if (inpPush) { - await exec.exec('docker', createArgs); - } else { - await core.group(`Generated imagetools create command for ${imageName}`, async () => { - core.info(`docker ${createArgs.join(' ')}`); + const result = await new ImageTools().create({ + sources: digests, + tags: tags }); + core.info(`Created manifest with digest: ${result.digest}`); + digest = result.digest; + } else { + let createArgs = ['buildx', 'imagetools', 'create']; + for (const tag of tags) { + createArgs.push('-t', tag); + } + for (const digest of digests) { + createArgs.push(digest); + } + core.info(`Generated command for ${imageName}: docker ${createArgs.join(' ')}`); } } + if (digest) { + core.setOutput('digest', digest); + } - name: Merge artifacts if: ${{ inputs.output == 'local' && inputs.artifact-upload }}