Skip to content

build: allow client side querystring resolution#3415

Merged
tonistiigi merged 2 commits intodocker:masterfrom
tonistiigi:git-querystring-resolve
Sep 9, 2025
Merged

build: allow client side querystring resolution#3415
tonistiigi merged 2 commits intodocker:masterfrom
tonistiigi:git-querystring-resolve

Conversation

@tonistiigi
Copy link
Member

@tonistiigi tonistiigi commented Sep 9, 2025

For the cases where frontend/buildkit doesn't support new Git Querystring format, allow resolving the URL into LLB on client side and then build from input.

Note that this produces slightly different provenance where context is not set as string, so added opt-in via environment variable for now.

We will likely use it in Docker Github Actions so that we can use checksum and ref together in all the builds by default.

Example builds:

BUILDX_BUILDER=bk24 docker buildx build -f ./frontend/dockerfile/cmd/dockerfile-frontend/Dockerfile -t tonistiigi/dockerfile:1.18.0-bk24  --platform linux/amd64,linux/arm64  --push "https://github.com/moby/buildkit.git?tag=dockerfile/1.18.0&checksum=b772c318368090fb2ffc9c0fed92e0a35bf82389&keep-git-dir=true" --progress=plain

BUILDX_SEND_GIT_QUERY_AS_INPUT=true BUILDX_BUILDER=bk23 docker buildx build -f ./frontend/dockerfile/cmd/dockerfile-frontend/Dockerfile -t tonistiigi/dockerfile:1.18.0-bk23  --platform linux/amd64,linux/arm64  --push "https://github.com/moby/buildkit.git?tag=dockerfile/1.18.0&checksum=b772c318368090fb2ffc9c0fed92e0a35bf82389&keep-git-dir=true" --progress=plain

https://oci.dag.dev/?blob=docker.io/tonistiigi/dockerfile@sha256:12461cdf7db06fb3130cee0fb963333712d63dd849929f194e358609b05e98d0&mt=application%2Fvnd.in-toto%2Bjson&size=1744

https://oci.dag.dev/?blob=docker.io/tonistiigi/dockerfile@sha256:29d88a9d397e45c98e475225bd510622b4eef65bdf9274729ddb166ce75ee91e&mt=application%2Fvnd.in-toto%2Bjson&size=1544

@tonistiigi
build: allow client side querystring resolution
c737e84 
For the cases where frontend/buildkit doesn't support new
Git Querystring format, allow resolving the URL into LLB
on client side and then build from input.

Note that this produces slightly different provenance
where context is not set as string, so added opt-in
via environment variable for now.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@tonistiigi tonistiigi requested a review from crazy-max September 9, 2025 00:44
@crazy-max crazy-max added this to the v0.29.0 milestone Sep 9, 2025
crazy-max
crazy-max reviewed Sep 9, 2025
View reviewed changes
@tonistiigi
build: set original url to attrs when replacef with input
5a3afbf 
Save original URL so it can be picked up from provenance attestation.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
@tonistiigi tonistiigi merged commit 6009087 into docker:master Sep 9, 2025
138 checks passed
@crazy-max crazy-max mentioned this pull request Sep 10, 2025
Merged
@aevesdocker aevesdocker mentioned this pull request Sep 24, 2025
Open
3 tasks
This was referenced Oct 8, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crazy-max crazy-max crazy-max approved these changes

Assignees

@tonistiigi tonistiigi

Labels

area/build status/needs-docs-follow-up

Projects

None yet

Milestone

v0.29.0

Development

Successfully merging this pull request may close these issues.

3 participants

@tonistiigi @crazy-max @aevesdocker