Releases: moby/buildkit
v0.6.0
Images
https://hub.docker.com/r/moby/buildkit/tags/
-
docker.io/moby/buildkit:v0.6.0
sha256:f1a5fc2c244c2b3b3dda344f6a0c64796b31aa96aa2ab88c951aeeeb66e23318 -
docker.io/moby/buildkit:v0.6.0-rootless
sha256:d70dd5f1fbaa1e729e380b3a31c394a5f79ec0c19c55e6636cf63e97c390a9f0
Notable Changes
-
Custom DNS configuration and use systemd resolver if enabled #1033 #1040
-
Optional CNI networking support #1073
-
Automatic platform runtime support detection for RISC-V, ppc64le and s390x #1038 #1103
-
Clear previous cache mounts on no-cache builds #1092
-
Fix contention bugs between GC releases and cache import #1007 #1013 #1044
-
Updates on how cgroupfs/sysfs are mounted in privileged security mode #1085
-
Validate LLB not generated by golang package #1049
-
Handle canceled local upload state #1023
-
Provide a workaround for invalid registry responses from gcr.io #1024
Contributors
- Tõnis Tiigi
- Tibor Vass
- Akihiro Suda
- Andrey Smirnov
- Stepan Blyshchak
- Dave Chen
- Stefan Schoof
- Christian Höltje
- Colin Chartier
- Nathan Sullivan
- Sebastiaan van Stijn
- Tomohiro Kusumoto
- Lajos Papp
- Mark Gordon
dockerfile/1.1.2-experimental
This release is currently in staging: docker/dockerfile-upstream:1.1.2-experimental
sha256:702620cd58aea03f8c6c9b65c4eb45899677b9eec97042298a46537da20e145a
-
Allow setting security mode for a process with
RUN --security=sandbox|insecure
#1081 -
Allow setting uid/gid for cache mounts #1017
-
Avoid requesting internally linked paths to be pulled to build context #1075
-
Ensure missing cache IDs default to target paths #1093
-
Allow setting namespace for cache mounts with
BUILDKIT_CACHE_MOUNT_NS
build arg #1094
dockerfile/1.1.2
This release is currently in staging: docker/dockerfile-upstream:1.1.2
sha256:a2c4cc8f44b989b8cf71215cc1ccfcbcc0662edb138ddfd3b3943dc820ee3654
v0.5.1
Images
https://hub.docker.com/r/moby/buildkit/tags/
-
docker.io/moby/buildkit:v0.5.1
sha256:d45d15f3b22fcfc1b112ffafc40fd2f2d530245e63cfe346a65bd75acdc4d346 -
docker.io/moby/buildkit:v0.5.1-rootless
sha256:5a826464a96e11d1c1ee97f35460f8421c6bdafd1d8f20bc11b9d698a179ab0b
Notable Changes
Small bug fixes
Contributors
- Tõnis Tiigi
- Akihiro Suda
- Tibor Vass
v0.5.0
Images
https://hub.docker.com/r/moby/buildkit/tags/
-
docker.io/moby/buildkit:v0.5.0
sha256:ead5be62f4675b37f307e3000e5031644801219585020a6362aa71e02cb61027 -
docker.io/moby/buildkit:v0.5.0-rootless
sha256:5fcb511bf1067a5635b45b8269c05319a8a686460d704e554306f34d098cd440
Notable Changes
FileOp
LLB supports new operation FileOp
allowing built-in file operations during build like copying files, creating new files or directories and removing files. Previously ADD/COPY
commands used a helper image that ran a custom binary inside a container, now these commands use FileOp
directly. This allows better performance and use of these commands in air-gapped environments without preloading the helper image, as well as fixing issues reported with the helper image implementation.
Security entitlements
BuildKit now supports modes for granting builds permissions to execute processes with privileged capabilities. Certain options for running processes with LLB will require users to grant a capability before their build can run.
This enables specific builds to run processes that require system capabilities without compromising on the security of the default builds.
Currently two entitlements are supported:
network.host
- Runs a specific process in the host network namespace.
security.insecure
- Runs a process with all system capabilities enabled and security modules (eg. seccomp) disabled. Similar to docker run --privileged
.
The entitlements need to be enabled both in the daemon configuration file and passed with a build request using --allow
to take effect.
New connection helpers for buildctl
Buildctl now has support for connecting to BuildKit daemon running in a Docker container or Kubernetes pod by using docker-container://<name>
or kube-pod://<name>
as BUILDKIT_HOST
value.
Tar exporter
Build output can now be exported to the client as a tarball. Similar to the local exporter but allows preserving the file owner values.
buildctl build -o type=tar,dest=foo.tar ...
buildctl build -o type=tar ... > foo.tar
New progress output formatting
Progress output has been improved. The TTY output now shows the last logs for currently running processes directly in the interactive output. Plain progress has been also updated for better readability.
Contributors
- Tõnis Tiigi
- Akihiro Suda
- Tibor Vass
- Kunal Kushwaha
- Dave Chen
- Sebastiaan van Stijn
- Hao Hu
- Himanshu Pandey
- Hiromu Nakamura
- Michael Crosby
- Tomohiro Kusumoto
- Wei Fu
- Ziv Tsarfati
dockerfile/1.1.0
ADD/COPY
commands now support implementation based on llb.FileOp
and do not require helper image if builtin file operations support is available. #809
To find the files ignored from the build context Dockerfile frontend will first look for a file <path/to/Dockerfile>.dockerignore
and if it is not found .dockerignore
file will be looked up from the root of the build context. This allows projects with multiple Dockerfiles to use different .dockerignore
definitions. #901
--chown
flag for COPY
command now supports variable expansion. #926
v0.4.0
Images
https://hub.docker.com/r/moby/buildkit/tags/
-
docker.io/moby/buildkit:v0.4.0
sha256:b9e69cb63202e682d6338c579e63273c6263ab54a9091e54f98ce279e0a4e922 -
docker.io/moby/buildkit:v0.4.0-rootless
sha256:3877d091e65429f59919ed5591aaeb863b1889a5314bdfdba5ff9c0dfb2f3ed0
Notable Changes
securityContext
is no longer needed for running BuildKit on Kubernetes (#768)
moby/buildkit:v0.4.0-rootless
does not require securityContext.procMount
(or securityContext.privileged
) to be configured when launched with --oci-worker-no-process-sandbox
, which disables isolating PID namespaces across buildkitd
and build containers.
To run moby/buildkit:v0.4.0-rootless
using docker run
, you still need to specify --security-opt seccomp=unconfined --security-opt apparmor=unconfined
but you no longer need to specify --privileged
.
See also https://github.com/moby/buildkit/blob/v0.4.0/docs/rootless.md
Cache can be now embedded into an image and can be pushed together (#777)
Prior to v0.4.0, cache and image needed to be pushed separately: buildctl build --output type=image,name=example.com/foo/bar,push=true --export-cache type=registry,ref=example.com/foo/bar:cache --import-cache type=registry,ref=example.com/foo/bar:cache
Now cache be embedded into an image by specifying --export-cache type=inline
and on importing you can just point the --import-cache type=registry,ref=example.com/foo/bar
directly to your end image.
Cache can be now exported to a local filesystem (#615 , #807)
Cache can be now exported to a local filesystem (e.g. Travis CI cache directories) using --export-cache type=local,dest=/path/to/dir
and can be imported using --import-cache type=local,src=/path/to/dir
.
New buildctl CLI (#807)
CLI options for frontend options, exporters and cache export and import have been normalized to csv style for less verbosity and (future) support for multiple exporters and cache sources.
Frontend options:
Old:
--frontend-opt foo=bar --frontend-opt bar=baz
New:
--opt foo=bar,bar=baz --opt baz=bay
Exporters:
Old:
--exporter image --exporter-opt name=foo --exporter-opt push=true
--exporter local --exporter-opt output=out
New:
--output type=image,name=foo,push=true
--output type=local,dest=out
Cache:
Old:
--export-cache foo --export-cache-opt mode=max
--import-cache foo
New:
--export-cache type=registry,ref=foo,mode=max
--export-cache type=inline
--export-cache type=local,dest=/path/to/dir
--import-cache type=registry,ref=foo
--import-cache type=local,src=/path/to/dir
Legacy syntax is still supported but has been deprecated.
Contributors
- Tõnis Tiigi
- Akihiro Suda
- Tibor Vass
- Sebastiaan van Stijn
- Dave Chen
- Iskander Sharipov
- Derek McGowan
- Fernando Miguel
- Natasha Jarus
- Patrick Van Stee
- Wei Fu
Changes
v0.3.3
Images
https://hub.docker.com/r/moby/buildkit/tags/
- docker.io/moby/buildkit:v0.3.3
sha256:7eaccec7a90a43546b0fa870e55c860014fc3bbdd55c3697f59e7c812c246c06 - docker.io/moby/buildkit:v0.3.3-rootless
sha256:86d5b8565b37057098f1e7f2f1abd6b5263390ed92cab17d2ef62f3c9eadd704
Notable Changes
- buildctl: match
--no-cache
to frontend options - buildctl: match
--import-cache
to frontend options - dockerfile: allow symlinked Dockerfile location
- dockerfile: set copy helper to docker/dockerfile-copy:v0.1.9
- dockerfile: fix
ADD
from URLs colliding withCOPY
on windows - docs: documentation for experimental dockerfile features
- solver: fix authentication on image config resolve through external frontend
Contributors
- Tõnis Tiigi
- Akihiro Suda
- Tibor Vass
- Alice Frosi
- Kunal Kushwaha
- Ondrej Fabry
Changes
- 2e3058e dockerfile: allow symlinks on reading Dockerfile
- bf8c057 Merge pull request #727 from tonistiigi/add-fix
- f2f4b53 Merge pull request #729 from tonistiigi/session-context
- ef00d30 Merge pull request #728 from tonistiigi/docs-update
- f6a8961 llbsolver: keep session for context calls
- b3e4cdf dockerfile: document more mount options
- c840e79 dockerfile: avoid urls in context filter
- 594f95b Merge pull request #722 from kunalkushwaha/fix-git-2-http
- 71da3f8 Merge pull request #725 from ondrej-fabry/patch-1
- 7218446 Correct trivial typos
- 373dc26 replace git: with https:
- 471f506 Merge pull request #718 from tonistiigi/update-dockerfile-ref
- e00566d Merge pull request #715 from alicefr/other-arch
- a008ce3 Set GOARCH=amd64 for building stage for darwin/windows
- 9d3426d dockerfile: update image refs
- c3a857e Merge pull request #716 from tonistiigi/copy-source
- ec2ab81 dockerfile: update copy source repo
- 5aab829 Merge pull request #710 from AkihiroSuda/dfdoc
- b5003d5 update docs
v0.3.2
v0.3.1
Changes: v0.3.0...v0.3.1