.github/workflows/publish.yml

@@ -1,21 +0,0 @@
-name: publish
-
-on:
-  release:
-    types:
-      - published
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Publish
-        uses: actions/publish-immutable-action@v0.0.4

README.md

@@ -101,13 +101,7 @@ The following inputs can be used as `step.with` keys:
 | `cache-binary`               | Bool     | `true`             | Cache buildx binary to GitHub Actions cache backend                                                                                                                          |
 | `cleanup`                    | Bool     | `true`             | Cleanup temp files and remove builder at the end of a job                                                                                                                    |
 
-> [!IMPORTANT]
-> If you set the `buildkitd-flags` input, the default flags (`--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host`)
-> will be reset. If you want to retain the default behavior, make sure to
-> include these flags in your custom `buildkitd-flags` value.
-
-> [!NOTE]
-> `buildkitd-config` and `buildkitd-config-inline` are mutually exclusive.
+_\* `buildkitd-config` and `buildkitd-config-inline` are mutually exclusive_
 
 ### outputs
 

__tests__/context.test.ts

@@ -1,6 +1,7 @@
 import {beforeEach, describe, expect, jest, test} from '@jest/globals';
 import * as fs from 'fs';
 import * as path from 'path';
+import * as uuid from 'uuid';
 import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx';
 import {Context} from '@docker/actions-toolkit/lib/context';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
@@ -25,12 +26,8 @@ jest.spyOn(Context, 'tmpName').mockImplementation((): string => {
   return tmpName;
 });
 
-jest.mock('crypto', () => {
-  return {
-    ...(jest.requireActual('crypto') as object),
-    randomUUID: jest.fn(() => '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d')
-  };
-});
+jest.mock('uuid');
+jest.spyOn(uuid, 'v4').mockReturnValue('9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d');
 
 jest.spyOn(Docker, 'context').mockImplementation((): Promise<string> => {
   return Promise.resolve('default');
@@ -229,24 +226,6 @@ describe('getCreateArgs', () => {
         '--buildkitd-flags', '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
         '--config', tmpName,
       ]
-    ],
-    [
-      10,
-      'v0.10.3',
-      new Map<string, string>([
-        ['install', 'false'],
-        ['use', 'false'],
-        ['driver', 'cloud'],
-        ['buildkitd-flags', '--allow-insecure-entitlement network.host'],
-        ['cache-binary', 'true'],
-        ['cleanup', 'true'],
-      ]),
-      [
-        'create',
-        '--name', 'builder-9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d',
-        '--driver', 'cloud',
-        '--buildkitd-flags', '--allow-insecure-entitlement network.host',
-      ]
     ]
   ])(
     '[%d] given buildx %s and %p as inputs, returns %p',

action.yml

@@ -19,6 +19,7 @@ inputs:
     required: false
   buildkitd-flags:
     description: 'BuildKit daemon flags'
+    default: '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host'
     required: false
   buildkitd-config:
     description: 'BuildKit daemon config file'

package.json

@@ -25,9 +25,10 @@
   "license": "Apache-2.0",
   "packageManager": "yarn@3.6.3",
   "dependencies": {
-    "@actions/core": "^1.11.1",
-    "@docker/actions-toolkit": "^0.39.0",
-    "js-yaml": "^4.1.0"
+    "@actions/core": "^1.10.1",
+    "@docker/actions-toolkit": "^0.35.0",
+    "js-yaml": "^4.1.0",
+    "uuid": "^10.0.0"
   },
   "devDependencies": {
     "@types/js-yaml": "^4.0.9",

src/context.ts

@@ -1,4 +1,4 @@
-import * as crypto from 'crypto';
+import * as uuid from 'uuid';
 import * as core from '@actions/core';
 
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
@@ -8,7 +8,6 @@ import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Node} from '@docker/actions-toolkit/lib/types/buildx/builder';
 
 export const builderNodeEnvPrefix = 'BUILDER_NODE';
-const defaultBuildkitdFlags = '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host';
 
 export interface Inputs {
   version: string;
@@ -33,7 +32,7 @@ export async function getInputs(): Promise<Inputs> {
     name: await getBuilderName(core.getInput('driver') || 'docker-container'),
     driver: core.getInput('driver') || 'docker-container',
     driverOpts: Util.getInputList('driver-opts', {ignoreComma: true, quote: false}),
-    buildkitdFlags: core.getInput('buildkitd-flags'),
+    buildkitdFlags: core.getInput('buildkitd-flags') || '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host',
     platforms: Util.getInputList('platforms'),
     install: core.getBooleanInput('install'),
     use: core.getBooleanInput('use'),
@@ -47,19 +46,17 @@ export async function getInputs(): Promise<Inputs> {
 }
 
 export async function getBuilderName(driver: string): Promise<string> {
-  return driver == 'docker' ? await Docker.context() : `builder-${crypto.randomUUID()}`;
+  return driver == 'docker' ? await Docker.context() : `builder-${uuid.v4()}`;
 }
 
 export async function getCreateArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
   const args: Array<string> = ['create', '--name', inputs.name, '--driver', inputs.driver];
   if (await toolkit.buildx.versionSatisfies('>=0.3.0')) {
-    await Util.asyncForEach(inputs.driverOpts, async (driverOpt: string) => {
+    await Util.asyncForEach(inputs.driverOpts, async driverOpt => {
       args.push('--driver-opt', driverOpt);
     });
-    if (inputs.buildkitdFlags) {
+    if (driverSupportsFlags(inputs.driver) && inputs.buildkitdFlags) {
       args.push('--buildkitd-flags', inputs.buildkitdFlags);
-    } else if (driverSupportsBuildkitdFlags(inputs.driver)) {
-      args.push('--buildkitd-flags', defaultBuildkitdFlags);
     }
   }
   if (inputs.platforms.length > 0) {
@@ -68,10 +65,12 @@ export async function getCreateArgs(inputs: Inputs, toolkit: Toolkit): Promise<A
   if (inputs.use) {
     args.push('--use');
   }
-  if (inputs.buildkitdConfig) {
-    args.push('--config', toolkit.buildkit.config.resolveFromFile(inputs.buildkitdConfig));
-  } else if (inputs.buildkitdConfigInline) {
-    args.push('--config', toolkit.buildkit.config.resolveFromString(inputs.buildkitdConfigInline));
+  if (driverSupportsFlags(inputs.driver)) {
+    if (inputs.buildkitdConfig) {
+      args.push('--config', toolkit.buildkit.config.resolveFromFile(inputs.buildkitdConfig));
+    } else if (inputs.buildkitdConfigInline) {
+      args.push('--config', toolkit.buildkit.config.resolveFromString(inputs.buildkitdConfigInline));
+    }
   }
   if (inputs.endpoint) {
     args.push(inputs.endpoint);
@@ -84,16 +83,14 @@ export async function getAppendArgs(inputs: Inputs, node: Node, toolkit: Toolkit
   if (node.name) {
     args.push('--node', node.name);
   } else if (inputs.driver == 'kubernetes' && (await toolkit.buildx.versionSatisfies('<0.11.0'))) {
-    args.push('--node', `node-${crypto.randomUUID()}`);
+    args.push('--node', `node-${uuid.v4()}`);
   }
   if (node['driver-opts'] && (await toolkit.buildx.versionSatisfies('>=0.3.0'))) {
-    await Util.asyncForEach(node['driver-opts'], async (driverOpt: string) => {
+    await Util.asyncForEach(node['driver-opts'], async driverOpt => {
       args.push('--driver-opt', driverOpt);
     });
-    if (node['buildkitd-flags']) {
+    if (driverSupportsFlags(inputs.driver) && node['buildkitd-flags']) {
       args.push('--buildkitd-flags', node['buildkitd-flags']);
-    } else if (driverSupportsBuildkitdFlags(inputs.driver)) {
-      args.push('--buildkitd-flags', defaultBuildkitdFlags);
     }
   }
   if (node.platforms) {
@@ -113,6 +110,6 @@ export async function getInspectArgs(inputs: Inputs, toolkit: Toolkit): Promise<
   return args;
 }
 
-function driverSupportsBuildkitdFlags(driver: string): boolean {
+function driverSupportsFlags(driver: string): boolean {
   return driver == '' || driver == 'docker-container' || driver == 'docker' || driver == 'kubernetes';
 }

src/main.ts

@@ -1,6 +1,6 @@
-import * as crypto from 'crypto';
 import * as fs from 'fs';
 import * as yaml from 'js-yaml';
+import * as uuid from 'uuid';
 import * as core from '@actions/core';
 import * as actionsToolkit from '@docker/actions-toolkit';
 
@@ -98,7 +98,7 @@ actionsToolkit.run(
         });
       });
       if (defaultContextWithTLS) {
-        const tmpDockerContext = `buildx-${crypto.randomUUID()}`;
+        const tmpDockerContext = `buildx-${uuid.v4()}`;
         await core.group(`Creating temp docker context (TLS data loaded in default one)`, async () => {
           await Docker.getExecOutput(['context', 'create', tmpDockerContext], {
             ignoreReturnCode: true

yarn.lock

@@ -12,9 +12,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/artifact@npm:^2.1.9":
-  version: 2.1.10
-  resolution: "@actions/artifact@npm:2.1.10"
+"@actions/artifact@npm:^2.1.8":
+  version: 2.1.8
+  resolution: "@actions/artifact@npm:2.1.8"
   dependencies:
     "@actions/core": ^1.10.0
     "@actions/github": ^5.1.1
@@ -30,7 +30,7 @@ __metadata:
     jwt-decode: ^3.1.2
     twirp-ts: ^2.5.0
     unzip-stream: ^0.3.1
-  checksum: dfe4cb49da913e7706b884ff2dac629671f298febb1e54b2800659e4e78651c47032548ee5e18f164e31894b4aca4320201a97a7cd4240d0fbf7d203a6955b29
+  checksum: 51a47c21bcdac705abb61dbaef923f2760354c39bcad44a31b129e18bf31f646e5148f92ee7e1198275d1dba7bebfd1d1500ad7f62f6de1e65b57b2d092d5341
   languageName: node
   linkType: hard
 
@@ -62,16 +62,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/core@npm:^1.11.1":
-  version: 1.11.1
-  resolution: "@actions/core@npm:1.11.1"
-  dependencies:
-    "@actions/exec": ^1.1.1
-    "@actions/http-client": ^2.0.1
-  checksum: 9ac7a3e0b478bfefd862dcb4ddaa1d8c3f9076bb1931d3d280918d1749e7783480c6a009c1b009c8bf5093e2d77d9f4e023d70416145bf246f0071736d4ef839
-  languageName: node
-  linkType: hard
-
 "@actions/exec@npm:^1.0.0, @actions/exec@npm:^1.0.1, @actions/exec@npm:^1.1.1":
   version: 1.1.1
   resolution: "@actions/exec@npm:1.1.1"
@@ -115,7 +105,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/http-client@npm:^2.0.1, @actions/http-client@npm:^2.1.0, @actions/http-client@npm:^2.1.1, @actions/http-client@npm:^2.2.0":
+"@actions/http-client@npm:^2.0.1, @actions/http-client@npm:^2.1.0, @actions/http-client@npm:^2.1.1, @actions/http-client@npm:^2.2.0, @actions/http-client@npm:^2.2.1":
   version: 2.2.1
   resolution: "@actions/http-client@npm:2.2.1"
   dependencies:
@@ -125,16 +115,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@actions/http-client@npm:^2.2.3":
-  version: 2.2.3
-  resolution: "@actions/http-client@npm:2.2.3"
-  dependencies:
-    tunnel: ^0.0.6
-    undici: ^5.25.4
-  checksum: 5d395df575d30ae599efa10dd715e72944b015e753db61f0a823f737acbb0e99743d4a9f25e812b18ec8cc34f86c73565d075c449e01ffa891577b6595212dde
-  languageName: node
-  linkType: hard
-
 "@actions/io@npm:^1.0.1, @actions/io@npm:^1.1.1, @actions/io@npm:^1.1.3":
   version: 1.1.3
   resolution: "@actions/io@npm:1.1.3"
@@ -1091,16 +1071,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@docker/actions-toolkit@npm:^0.39.0":
-  version: 0.39.0
-  resolution: "@docker/actions-toolkit@npm:0.39.0"
+"@docker/actions-toolkit@npm:^0.35.0":
+  version: 0.35.0
+  resolution: "@docker/actions-toolkit@npm:0.35.0"
   dependencies:
-    "@actions/artifact": ^2.1.9
+    "@actions/artifact": ^2.1.8
     "@actions/cache": ^3.2.4
     "@actions/core": ^1.10.1
     "@actions/exec": ^1.1.1
     "@actions/github": ^6.0.0
-    "@actions/http-client": ^2.2.3
+    "@actions/http-client": ^2.2.1
     "@actions/io": ^1.1.3
     "@actions/tool-cache": ^2.0.1
     "@azure/storage-blob": ^12.15.0
@@ -1116,7 +1096,7 @@ __metadata:
     semver: ^7.6.3
     tar-stream: ^3.1.7
     tmp: ^0.2.3
-  checksum: 9dafe3c3e02f6f78c8da4cfb8bc726ae5eef9b6a2fedfca5d75ee6d6c559745c12aa16587dd595360f76be91803235dc66e0852e595ef7a582506fa0d4402983
+  checksum: 27fa4a500e94beff376bc322cc1074c82b20f6ceb0104c43ed5efc613763c8b7ea37b231c32c4dfcb5f7ce8a14948eecc799aa363d60d11d848466d5718d63f0
   languageName: node
   linkType: hard
 
@@ -3187,8 +3167,8 @@ __metadata:
   version: 0.0.0-use.local
   resolution: "docker-setup-buildx@workspace:."
   dependencies:
-    "@actions/core": ^1.11.1
-    "@docker/actions-toolkit": ^0.39.0
+    "@actions/core": ^1.10.1
+    "@docker/actions-toolkit": ^0.35.0
     "@types/js-yaml": ^4.0.9
     "@types/node": ^20.12.12
     "@types/uuid": ^10.0.0
@@ -3205,6 +3185,7 @@ __metadata:
     ts-jest: ^29.1.2
     ts-node: ^10.9.2
     typescript: ^5.4.5
+    uuid: ^10.0.0
   languageName: unknown
   linkType: soft
 
@@ -5553,9 +5534,9 @@ __metadata:
   linkType: hard
 
 "path-to-regexp@npm:^6.2.0":
-  version: 6.3.0
-  resolution: "path-to-regexp@npm:6.3.0"
-  checksum: eca78602e6434a1b6799d511d375ec044e8d7e28f5a48aa5c28d57d8152fb52f3fc62fb1cfc5dfa2198e1f041c2a82ed14043d75740a2fe60e91b5089a153250
+  version: 6.2.2
+  resolution: "path-to-regexp@npm:6.2.2"
+  checksum: b7b0005c36f5099f9ed1fb20a820d2e4ed1297ffe683ea1d678f5e976eb9544f01debb281369dabdc26da82e6453901bf71acf2c7ed14b9243536c2a45286c33
   languageName: node
   linkType: hard
 
@@ -6689,6 +6670,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"uuid@npm:^10.0.0":
+  version: 10.0.0
+  resolution: "uuid@npm:10.0.0"
+  bin:
+    uuid: dist/bin/uuid
+  checksum: 4b81611ade2885d2313ddd8dc865d93d8dccc13ddf901745edca8f86d99bc46d7a330d678e7532e7ebf93ce616679fb19b2e3568873ac0c14c999032acb25869
+  languageName: node
+  linkType: hard
+
 "uuid@npm:^3.3.2, uuid@npm:^3.3.3":
   version: 3.4.0
   resolution: "uuid@npm:3.4.0"