Closed
Conversation
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
ARM64 test compatibility fixes: - TestRunCacheWithMounts: create marker file (Windows-only) instead of checking whoami.exe (unavailable in nanoserver ARM64), use forward slashes for Shlex compat, preserve Linux code path unchanged - TestDockerfileDirs: use findstr instead of fc /b (unavailable in nanoserver) - TestExportLocalForcePlatformSplit: normalize platform before comparison (platforms.Normalize adds v8 variant on ARM64) Signed-off-by: Dawei Wei <davwei@microsoft.com>
fix: Windows ARM64 test compatibility
Avoid global conf lookup via HOME that fails on Windows. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
session(auth): cancel blocked credential callbacks
Signed-off-by: Dmitrii Kostyrev <dkostyrev@joom.com>
gitutil: avoid global git config lookup on Windows
…accept_encoding remotecache/s3: add disable_accept_encoding option for GCS S3 interoperability
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
gitutil: add opt-in support for host git config
The second Run call in TestWorkerExec reused the same container ID as the first. On CI this occasionally caused the sleep pid1 to exit immediately with status 1, likely due to incomplete kernel-level cleanup from the prior container. Use a fresh ID for the exec-testing phase to avoid any residual state. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [docker/github-builder/.github/workflows/bake.yml](https://github.com/docker/github-builder) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/docker/github-builder/releases) - [Commits](docker/github-builder@7031322...2497a7d) --- updated-dependencies: - dependency-name: docker/github-builder/.github/workflows/bake.yml dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [crazy-max/.github](https://github.com/crazy-max/.github) from 1.3.0 to 1.5.0. - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](crazy-max/.github@bb328ea...8df2a34) --- updated-dependencies: - dependency-name: crazy-max/.github dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…er/login-action-4.1.0 build(deps): bump docker/login-action from 4.0.0 to 4.1.0
Add configurable retry behavior for the S3 cache. Users can now set `retry_mode` (standard/adaptive) and `retry_max_attempts` to tune AWS SDK retry settings for their environment. When not specified, the AWS SDK defaults apply (standard mode, 3 max attempts). Signed-off-by: Jiří Moravčík <jiri.moravcik@gmail.com>
…er/github-builder/dot-github/workflows/bake.yml-1.5.0 build(deps): bump docker/github-builder/.github/workflows/bake.yml from 1.4.0 to 1.5.0
…y-max/dot-github-1.5.0 build(deps): bump crazy-max/.github from 1.3.0 to 1.5.0
The v2.4.0 release had a minor regression and didn't detect the HTML comments correctly; ``` diff --git a/README.md b/README.md index 3f271be..8ec4a7c 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ Join `#buildkit` channel on [Docker Community Slack](https://dockr.ly/comm-slack <!-- START doctoc generated TOC please keep comment here to allow auto update --> <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> +<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> - [Used by](#used-by) - [Quick start](#quick-start) ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Dockerfiles: pin doctoc to a fixed version
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
hack: print the README diff when doctoc validation fails
govet started to complain:
```
> [golangci-lint 1/1] RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache,id=lint-cache-default-freebsd/amd64 xx-go --wrap && golangci-lint run --build-tags "" && touch /golangci-lint.done:
111.1 frontend/dockerfile/dockerfile2llb/convert.go:1601:60: printf: fmt.Sprintf format %q has arg d.image.Config.Healthcheck of wrong type *github.com/moby/docker-image-spec/specs-go/v1.HealthcheckConfig (govet)
111.1 return commitToHistory(&d.image, fmt.Sprintf("HEALTHCHECK %q", d.image.Config.Healthcheck), false, nil, d.epoch)
111.1 ^
111.1 1 issues:
111.1 * govet: 1
```
Before this, the HEALTHCHECK would be formatted like;
HEALTHCHECK {["bin" "-c" "exit 0"] "1s" "10s" "3s" "100ms" '\x05'}
After this, it includes both the fields and values:
HEALTHCHECK {Test:[bin -c exit 0] Interval:1s Timeout:10s StartPeriod:3s StartInterval:100ms Retries:5}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cache: add retry_mode and retry_max_attempts options to s3 cache
Signed-off-by: Natnael Gebremariam <ngebremariam@microsoft.com>
frontend/dockerfile: fix HEALTHCHECK history formatting
test: use separate container ID for exec phase of worker test
Update Test Coverage for Secrets
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
solver: route gateway dockerfile.v0 source to builtin frontend
Signed-off-by: Aditya Maru <adityamaru@gmail.com>
Adds documentation for AI coding agents (Claude, Copilot, etc.) with: - GitHub CLI usage preferences (gh pr create, gh issue list, etc.) - Commit message conventions (lowercase, package: summary format) - PR title formatting requirements - Code formatting requirements (gofmt before commits) CLAUDE.md is symlinked to AGENTS.md for Claude Code compatibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
When bbolt is opened with NoSync: true, transactions complete in memory without fsync to disk. On graceful shutdown, dirty pages in the OS page cache may not be flushed before Close() returns, leading to corruption when the filesystem is unmounted or snapshots are taken. This is particularly problematic with network block devices (Ceph RBD) and container snapshot workflows where: 1. BuildKit stops gracefully (SIGTERM) 2. Close() returns without syncing dirty pages 3. Unmount forces writeback of partial/torn pages 4. Snapshot captures inconsistent B-tree state The fix wraps bolt.DB with syncingDB that calls Sync() before Close(), ensuring all pending writes are flushed to disk during graceful shutdown while preserving the NoSync performance benefits during normal operation. Signed-off-by: Aditya Maru <adityamaru@gmail.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| default: 'blacksmith' | ||
|
|
||
| permissions: | ||
| contents: write |
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 |
| - name: Prepare patched release | ||
| id: prepare | ||
| run: | | ||
| VERSION="${{ github.event.inputs.upstream_version }}" |
| id: prepare | ||
| run: | | ||
| VERSION="${{ github.event.inputs.upstream_version }}" | ||
| SUFFIX="${{ github.event.inputs.release_suffix }}" |
|
|
||
| - name: Upload release info | ||
| if: always() | ||
| uses: actions/upload-artifact@v4 |
github-actions
bot
added
area/util
area/ci
area/testing
area/api
area/remotecache
area/client
area/llb
area/buildctl
area/dependencies
area/docs
area/dockerfile
area/examples
area/executor
area/exporter
area/frontend
area/hack
area/session
area/source
area/sourcepolicy
area/worker
labels
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit f6af825. Configure here.
| id: prepare | ||
| run: | | ||
| VERSION="${{ github.event.inputs.upstream_version }}" | ||
| SUFFIX="${{ github.event.inputs.release_suffix }}" |
There was a problem hiding this comment.
Script injection via unsanitized workflow dispatch inputs
Medium Severity
The ${{ github.event.inputs.upstream_version }} and ${{ github.event.inputs.release_suffix }} expressions are directly interpolated into a shell run: block. This is a classic GitHub Actions script injection pattern — the expressions are template-expanded before the shell executes, allowing a malicious input to escape the quotes and inject arbitrary commands. Other workflows in this same PR were specifically updated to use core.getInput() via actions/github-script to avoid this exact pattern.
Reviewed by Cursor Bugbot for commit f6af825. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Codesmith can help with this PR — just tag
@codesmithor enable autofix.