moby/buildkit v0.31.0

on GitHub

buildkit 0.31.0

Welcome to the v0.31.0 release of buildkit!

Please try out the release binaries and report any issues at
https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn
• Bjorn Neergaard
• Jonathan A. Sternberg
• Akihiro Suda
• Bryce Gibson
• Ava Barron
• Brian Goff
• Jiří Moravčík
• ZRHann
• Kevin NZUGUEM
• Maya Chen
• Natnael Gebremariam
• Sai Kiran Maggidi
• okhowang(王沛文)

Notable Changes

• Built-in Dockerfile frontend has been updated to v1.25.0 changelog
• Exec steps now support a network proxy feature where all container traffic will be routed through an HTTP proxy server. This allows capturing the network traffic for inspection in build progress and provenance attestation. Source policies can define the requests that build containers are allowed to make and the ones that should be blocked. Network proxy can be enabled for the whole BuildKit daemon or enabled on a per-build basis. #6858 #6816 #6740 #6863
• The local exporter now supports a mode=delete attribute which will replace the destination directory with the contents of the build result instead of merging it. Similar to the --delete flag in rsync. #6561 #6864
• LLB APIs now support per-step resource limits for CPU and memory. #6569
• LLB APIs support a new Passthrough operation that allows defining dependency build graph branches that are required to be built but do not add any outputs to the final result. The state.Requires() client helper can be used to define such dependencies in the build graph. #6829
• All image results now default to using OCI media types. Previously this was applied based on whether annotations or attestations were needed. oci-mediatypes=false can be used for legacy Docker media types. This change raises the compatibility version of BuildKit v0.31.0 to 30. #6824
• Local cache exporter now supports the reset option to clear the unreferenced existing cache. #6612
• The local build result outputs now use a new implementation with better security guarantees in case the destination directory is mutated externally during the transfer. #6561
• New build metrics about build counts and durations have been added to the OTEL provider. #6736
• Parallel request limits for registry connections can now be set via configuration file. #6776
• In special modes where the client does not expose the session connection to transfer credentials, builds can now still fall back to anonymous registry auth instead of erroring. #6760
• Embedded binfmt emulators in the release image have been updated to QEMU v10.2.3. #6846
• Runc container runtime has been updated to v1.3.6
• Created attestations now use in-toto v1 statement format. #6823
• Due to the upgraded CLI library, the internal buildctl completion scripts flag --generate-bash-completion is no longer supported and has been replaced with --generate-shell-completion. #6848
• Fix an issue in default GC policy rules where the first rule for prioritizing releasing cache mounts and local sources did not apply. #6856
• Fix an issue where parent directories could be created with incorrect permissions due to system umask when using BuildKit embedded in Dockerd. #6828
• Fix possible segfault from race condition when HTTP server returned 401 error. #6791
• Fix source policy exact match rules losing the destination value during conversion. #6861
• Fix potential deadlock race conditions on stdin close. #6810 #6815
• Fix premature ref release possibly causing "snapshot does not exist" error. #6821
• Fix OTLP shutdown stalling buildctl and buildkitd when the trace collector is unreachable. #6757
• Fix possible reference counting issues. #6820
• Fix possible hang in local progress writer. #6811
• Fix a data race when reading worker platform information. #6867
• Fix possible early release in case of cache computation error. #6818
• Improve stability of how runc kills build container processes. #6779

Dependency Changes

• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 -> v1.21.1
• github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 -> v1.12.0
• github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 -> v1.7.0
• github.com/aws/aws-sdk-go-v2 v1.41.7 -> v1.42.0
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 -> v1.7.13
• github.com/aws/aws-sdk-go-v2/config v1.32.17 -> v1.32.24
• github.com/aws/aws-sdk-go-v2/credentials v1.19.16 -> v1.19.23
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 -> v1.18.29
• github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.2.9 new
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 -> v1.4.29
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 -> v2.7.29
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 -> v1.4.30
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 -> v1.13.12
• github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.12 -> v1.9.22
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 -> v1.13.29
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.20 -> v1.19.29
• github.com/aws/aws-sdk-go-v2/service/s3 v1.89.1 -> v1.103.3
• github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 -> v1.1.5
• github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 -> v1.31.3
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 -> v1.36.6
• github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 -> v1.43.3
• github.com/aws/smithy-go v1.25.1 -> v1.27.2
• github.com/containerd/containerd/v2 v2.2.3 -> v2.2.4
• github.com/containerd/continuity v0.4.5 -> v0.5.0
• github.com/containerd/nydus-snapshotter v0.15.13 -> v0.15.15
• github.com/containerd/platforms v1.0.0-rc.2 -> v1.0.0-rc.4
• github.com/containerd/typeurl/v2 v2.2.3 -> v2.3.0
• github.com/docker/cli v29.4.3 -> v29.5.3
• github.com/docker/docker-credential-helpers v0.9.5 -> v0.9.8
• github.com/go-openapi/analysis v0.24.3 -> v0.25.2
• github.com/go-openapi/jsonpointer v0.22.5 -> v0.23.1
• github.com/go-openapi/jsonreference v0.21.5 -> v0.21.6
• github.com/go-openapi/runtime v0.29.3 -> v0.32.3
• github.com/go-openapi/runtime/server-middleware v0.30.0 new
• github.com/go-openapi/spec v0.22.4 -> v0.22.5
• github.com/go-openapi/strfmt v0.26.1 -> v0.26.3
• github.com/go-openapi/swag v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/cmdutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/conv v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/fileutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/jsonname v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/jsonutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/loading v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/mangling v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/netutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/stringutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/typeutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/yamlutils v0.25.5 -> v0.26.0
• github.com/go-openapi/validate v0.25.2 -> v0.25.3
• github.com/golang-jwt/jwt/v5 v5.3.0 -> v5.3.1
• github.com/google/certificate-transparency-go v1.3.2 -> v1.3.3
• github.com/google/go-containerregistry v0.20.7 -> v0.21.6
• github.com/google/pprof f64d9cf942d6 -> 545e8a4df936
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 -> v2.29.0
• github.com/in-toto/attestation v1.1.2 -> v1.2.0
• github.com/moby/policy-helpers a39d60132186 -> d5411a945cfc
• github.com/moby/sys/mount v0.3.4 -> fc52b7222d0b
• github.com/moby/sys/sequential v0.6.0 -> v0.7.0
• github.com/opencontainers/selinux v1.13.1 -> v1.15.1
• github.com/pelletier/go-toml/v2 v2.2.4 -> v2.3.1
• github.com/prometheus/common v0.66.1 -> v0.67.5
• github.com/prometheus/otlptranslator v0.0.2 -> v1.0.0
• github.com/prometheus/procfs v0.17.0 -> v0.20.1
• github.com/secure-systems-lab/go-securesystemslib v0.10.0 -> v0.11.0
• github.com/sigstore/protobuf-specs v0.5.0 -> v0.5.1
• github.com/sigstore/rekor v1.5.0 -> v1.5.2
• github.com/sigstore/rekor-tiles/v2 v2.0.1 -> 5d098a2b6443
• github.com/sigstore/sigstore v1.10.5 -> v1.10.8
• github.com/sigstore/sigstore-go v1.1.4 -> v1.2.1
• github.com/sigstore/timestamp-authority/v2 v2.0.6 -> v2.1.2
• github.com/theupdateframework/go-tuf/v2 v2.4.1 -> v2.4.2
• github.com/tonistiigi/fsutil a2aa163d723f -> 0257b3308df4
• github.com/transparency-dev/formats 404c0d5b696c -> v0.1.1
• github.com/urfave/cli/v3 v3.9.0 new
• github.com/vbatts/tar-split v0.12.2 -> v0.12.3
• github.com/youmark/pkcs8 a2c0da244d78 new
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0 -> v0.69.0
• go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.68.0 -> v0.69.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 -> v0.69.0
• go.opentelemetry.io/otel v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/prometheus v0.60.0 -> v0.65.0
• go.opentelemetry.io/otel/metric v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/sdk v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/sdk/metric v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/trace v1.43.0 -> v1.44.0
• go.yaml.in/yaml/v2 v2.4.3 -> v2.4.4
• golang.org/x/exp df9299821621 -> 055de637280b
• google.golang.org/genproto/googleapis/api 6f92a3bedf2d -> 3dc84a4a5aaa
• google.golang.org/genproto/googleapis/rpc 6f92a3bedf2d -> 3dc84a4a5aaa
• google.golang.org/grpc v1.80.0 -> v1.81.1
• google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 -> v1.6.1
• k8s.io/klog/v2 v2.140.0 new

Previous release can be found at v0.30.0