Blog
Token
About Us
AiDOOS Wiki
Project Cost Estimation

Welcome to Knowledge Base!

KB at your finger tips

This is one stop global knowledge base where you can learn about all the products, solutions and support features.

Categories
All
CRM
Salesforce
ERP
SAP
Storage and Backups
Purestorage Netapp Nutanix
Cloud
AWS
Computing
IBM
Database
MongoDB MySQL PostgreSQL
DevOps
Docker Kubernetes Jenkins GitLab
Mobile
React Native Android
Web
React Angular PHP
Programming
Python
Products
CNC Software (Mastercam) 3D perception 7shifts ABB EV Charging Infrastructure Accelo Aconex (by Oracle) Act-On Actenum Scheduler Actico Compliance Suite ActiveCampaign Adapt Addepar Adobe Captivate Adyen AG Leader Agrivi AgriWebb Agworld Ahrefs Aidoc AIMS360 Akamai Kona Site Defender Algolia Alis by TalentGuard ALLDATA Repair Allscripts Alpaca Trading Altair HyperWorks Altium Designer AMOS Amplitude Anaplan Anessa Biofuel Optimization AppDynamics Applied Epic Applied Materials E3 Aptean ERP Aptean Food & Beverage ERP Aptima Aquatic Informatics’ WaterTrax Arable Arena Solutions PLM Articulate 360 Asana ASML Twinscan Aspen Plus Biochemical Process Modeling Aurora Solar AspenTech APC Athenahealth Atomwise Audiam Audiomovers AspenTech for Refining Autodesk AutoCAD Autosoft AspenTech Pharma Suite Asset Panda Aveva Marine AssetMark Aveva Pipeline Management AVEVA Process Engineering Suite AVEVA Refining Solutions AVEVA Unified Operations Center Avid Media Composer AVL eSuite AWS Ground Station AWS IoT Greengrass Azure IoT Central Azure Space Backbase BatchMaster ERP Benchling Bentley OpenFlows Bentley OpenRoads Bentley OpenUtilities Bentley Systems AssetWise Bentley Systems – OpenRail beonic BevSpot Bigbelly Smart Waste & Recycling System BigCommerce Automotive Bitly Bitmovin Blackbaud BlackBerry AtHoc Blackboard Learn BlackLynx Blend Blue Yonder WMS Bluebeam Revu Bohemia Interactive Simulations (BISim) Bosch Esitronic Diagnostic Bosch IoT Suite Braintree Bright Biomethane Brightpearl Bringg Browzwear Builder Prime Buildertrend BuildTools BWX Technologies' Nuclear Security Cabinet Vision Cadence OrCAD Cadence Virtuoso CAE Canvas LMS Cargowise One Carrier i-Vu CaterZen CattleMax CDK Global Celtx Cerner Pharmacy ChargePoint Cloud Services Charles River Development Check Point CloudGuard Checkout.com Cin7 Circularise Cisco Umbrella Classcraft ClearDATA ClearMetal ClickFunnels ClickUp Climate FieldView Clir Renewables Cloud Lending (Q2 Software) Cobb Accessport ComplianceQuest ComplyAdvantage Conducttr Conservis Continental Connected Vehicle Copper Coupa by LLamasoft CQG Integrated Client Creatio Creatio marketing CropNutrition CrowdStrike Falcon CyberSource Damarel Darktrace Dassault Systèmes CATIA Dassault Systèmes ENOVIA Dataminr DaVinci Resolve DealerSocket DealHub Decisive Farming Deliverect Deltek Costpoint Demandbase Denso EV Thermal Systems DeSL (Digital Enterprise Software) DigitalOcean DJI Ground Station Pro Docebo DrillPlan by Schlumberger DroneDeploy e-Builder Ecochain EcoVadis Edmentum Edsby EFI Live Tuning EFI Optitex EFI PrintSmith Vision Ellie Mae Encompass Ellucian Banner Elucidat Emerson Ovation Emerson Plantweb eMoney Advisor Enact Systems Enfusion Envestnet | Tamarac Epicor ERP Epicor Parts Network Esko ArtiosCAD Esko WebCenter ETQ Reliance QMS Everbridge eVinci™ Micro Reactor by Westinghouse Exostar SCM Fanuc Automation Fanuc Robotics FarmERP FarmLogs FieldAware Finacle Finastra Fusion FinQuery Flatiron Health FoodLogiQ Fortinet FortiGate FourKites Freshworks GDC Technology GE Digital APM GE Digital Plant Applications GE Digital Predix GE Healthcare FlexFactory GE Vernova Genscape Pipeline Solutions Geofeedia GeoSoftware Geotab GEP SMART Gerber Technology GetAccept Gorgias Greenbyte Energy Cloud Greenlight Guru GreenPrinter GreenSlate Guidewire Software Handshake HawkEye 360 Health Catalyst Herdwatch Hexagon Intergraph CAD Hexagon Manufacturing Intelligence Hexagon MSC Software Hexagon PPM Hexagon Safety & Infrastructure Hexcel HexPly Honeywell Enraf Tank Gauging Honeywell Forge Honeywell Forge for Chemicals Honeywell UOP Ecofining Houzz Pro HP Indigo Digital Press HP Tuners VCM Suite HubSpot CRM IBM i2 IBM Watson Health IFS Applications Illuminate Education Imprivata Indra Air Automation InEight Infor CloudSuite Food & Beverage Infor EAM Infor LN Infor WMS Inmarsat Fleet Data Instapage Insurity Intellect QMS Intergraph SmartMarine 3D Intex ERP Intuitive Surgical da Vinci IONOS Ironclad iSpring Suite John Deere Operations Center Johnson Controls Metasys Juro JustFood ERP Kahoot Kahua Kareo KBC Petro-SIM by Yokogawa Keap Kiinaxis RapidResponse Kinaxis RapidResponse Kisters WISKI KLA YieldStar Klaviyo Knewton Alta Kratos OpenSpace KUKA Robotics KUKA Smart Production Kustomer Landr LeadAngel LeanData Lectra Fashion PLM Leidos Integrated ISR Solutions Linode Lithium Balance BMS Lockheed Martin DiamondShield LogicGate Logility LogiNext Mile LuciadLightspeed (Hexagon) Luma Health Mahle Thermal Management Majesco Mallcomm MAM Software Autopart Manhattan TMS Manhattan WMS Mark43 MASS (Cohort plc) MasterControl Manufacturing Excellence MasterControl Quality Excellence Material Exchange McKesson Pharmacy Management MedeAnalytics Medidata Solutions Medtronic CareLink Medtronic Hugo RAS Mentor Graphics (Siemens) MetricStream Microsoft D365 SCM Microsoft Project MilliporeSigma BioContinuum MindTickle Mirakl Mitchell1 ProDemand MODS (Military Operational Decision Support) Moodle Moody’s Analytics Morningstar Direct MRI Facilities Management MuleSoft MyPath Nautilus Labs Navitaire nCino Nearpod Netafim NetApp Netwrix Auditor NextGen Healthcare NICE Actimize NICE Public Safety Nimble Nutshell Nuvation Energy BMS Nuvolo Office Furniture by Haworth Omnisend OneTrust OneWeb Satellite Services Onfleet Optibus Optimizely ONYX InSight Oracle E-Business Suite Oracle FLEXCUBE Oracle TMS Orion Advisor Tech OSISoft PI System Outgrow OVHcloud PagerDuty Palo Alto Networks Cortex XSOAR Palo Alto Networks Prisma Cloud PandaDoc Panorama Education Parrot Analytics Petrel by Schlumberger Philips HealthSuite PipelineManager by Atmos International Pipeliner CRM PitchBook Pix4Dfields Planet Labs Plex Systems PowerSchool PredictHQ Printavo Procore Project44 Proposify Prospera PTC Windchill Quantifi QuarkXPress Quipli Quorum Distribution Software R1 RCM Rackspace Rapyd ReCharge Reynolds and Reynolds Rightsline Riskalyze Roostify Runway ML S&P Capital IQ Sabre AirCentre Safefood 360 Saipher ATC SAP Defense & Security Sapiens CoreSuite Oracle Cloud SCM Oracle NetSuite Plex Manufacturing Cloud QbDVision Ramco Aviation MRO Suite RedTeam SAP EWM SAP Supply Chain Management SAS Analytics Schoology ScreenCloud Sensia Oilfield Monitoring and Control SentinelOne Serpstat Shift Technology Shift72 ShipBob ShipServ Shopify Plus Shopify Plus for Automotive Shotgun (by Autodesk) Siemens Simcenter Signal Sciences SimCentric Technologies SimCorp Dimension SimScale Simutech Multimedia Skedulo SkillMill by Interplay Learning Skyfii SkyWatch EarthCache Slingshot Orbital Smartsheet for Compliance Snapsheet Solutionreach Soyang Europe Green Materials Sparta Systems TrackWise Sphera Sustainability Management Spire Space Services Splunk Enterprise Security Splunk Industrial IoT Square for Retail StormGeo Stratasys 3D Printers Stripe STRIVR StudioBinder SUSE Swissport Symantec Endpoint Security (Broadcom) Synopsys TCAD Syntasa TalentLMS TankVision by Endress+Hauser Teladoc Health Tenable.io Terminus TexGen Thales CipherTrust Thales Manpack EW Suite Thales TopSky-ATC Thinkorswim Thryv Toast POS TotalEnergies Bio Lubricants TraceGains TraceLink Trimble Construction Trove TurnKey Lender Udemy for Business Unbounce Updox Validic Valmet DNA Automation System Varsity Tutors Veeva CRM Veeva MedTech Veeva Quality Veeva Vault Vendasta Veson Nautical IMOS Platform Viewpoint (by Trimble) Vimeo OTT Virbela Vizient VTS VWO Waste Management Open API by AMCS Waystar Wealthfront Wherefour WindRiver Helix Virtualization Platform WoodCAD|CAM Workday Student Worldpay Wrike Xactly Xerox Paper Recycling XOLV Xtime YCharts Yopto Zendesk Marketplace Zoho Zoho Inventory Zonos Zscaler Web-to-Print by Printful Zuppler

DevOps-Docker

Configuring builds

Configuring builds

Bake supports loading build definition from files, but sometimes you need even more flexibility to configure this definition.

For this use case, you can define variables inside the bake files that can be set by the user with environment variables or by attribute definitions in other bake files. If you wish to change a specific value for a single invocation you can use the --set flag from the command line.

Global scope attributes

You can define global scope attributes in HCL/JSON and use them for code reuse and setting values for variables. This means you can do a “data-only” HCL file with the values you want to set/override and use it in the list of regular output files. 

# docker-bake.hcl
variable "FOO" {
  default = "abc"
}

target "app" {
  args = {
    v1 = "pre-${FOO}"
  }
}

You can use this file directly: 

$ docker buildx bake --print app

{
  "group": {
    "default": {
      "targets": [
        "app"
      ]
    }
  },
  "target": {
    "app": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "v1": "pre-abc"
      }
    }
  }
}

Or create an override configuration file: 

# env.hcl
WHOAMI="myuser"
FOO="def-${WHOAMI}"

And invoke bake together with both of the files: 

$ docker buildx bake -f docker-bake.hcl -f env.hcl --print app

{
  "group": {
    "default": {
      "targets": [
        "app"
      ]
    }
  },
  "target": {
    "app": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "v1": "pre-def-myuser"
      }
    }
  }
}

From command line

You can also override target configurations from the command line with the --set flag: 

# docker-bake.hcl
target "app" {
  args = {
    mybuildarg = "foo"
  }
}

$ docker buildx bake --set app.args.mybuildarg=bar --set app.platform=linux/arm64 app --print

{
  "group": {
    "default": {
      "targets": [
        "app"
      ]
    }
  },
  "target": {
    "app": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "mybuildarg": "bar"
      },
      "platforms": [
        "linux/arm64"
      ]
    }
  }
}

Pattern matching syntax defined in https://golang.org/pkg/path/#Match is also supported: 

$ docker buildx bake --set foo*.args.mybuildarg=value  # overrides build arg for all targets starting with "foo"
$ docker buildx bake --set *.platform=linux/arm64      # overrides platform for all targets
$ docker buildx bake --set foo*.no-cache               # bypass caching only for targets starting with "foo"

Complete list of overridable fields:

  • args
  • cache-from
  • cache-to
  • context
  • dockerfile
  • labels
  • no-cache
  • output
  • platform
  • pull
  • secrets
  • ssh
  • tags
  • target

Using variables in variables across files

When multiple files are specified, one file can use variables defined in another file. 

# docker-bake1.hcl
variable "FOO" {
  default = upper("${BASE}def")
}

variable "BAR" {
  default = "-${FOO}-"
}

target "app" {
  args = {
    v1 = "pre-${BAR}"
  }
}

# docker-bake2.hcl
variable "BASE" {
  default = "abc"
}

target "app" {
  args = {
    v2 = "${FOO}-post"
  }
}

$ docker buildx bake -f docker-bake1.hcl -f docker-bake2.hcl --print app

{
  "group": {
    "default": {
      "targets": [
        "app"
      ]
    }
  },
  "target": {
    "app": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "v1": "pre--ABCDEF-",
        "v2": "ABCDEF-post"
      }
    }
  }
}

Bake file definition

Bake file definition

buildx bake supports HCL, JSON and Compose file format for defining build groups, targets as well as variables and functions. It looks for build definition files in the current directory in the following order:

  • docker-compose.yml
  • docker-compose.yaml
  • docker-bake.json
  • docker-bake.override.json
  • docker-bake.hcl
  • docker-bake.override.hcl

Specification

Inside a bake file you can declare group, target and variable blocks to define project specific reusable build flows.

Target

A target reflects a single docker build invocation with the same options that you would specify for docker build : 

# docker-bake.hcl
target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:latest"]
}

$ docker buildx bake webapp-dev

Note

In the case of compose files, each service corresponds to a target. If compose service name contains a dot it will be replaced with an underscore.

Complete list of valid target fields available for HCL and JSON definitions:

Name Type Description
inherits List Inherit build options from other targets
args Map Set build-time variables (same as --build-arg flag)
cache-from List External cache sources (same as --cache-from flag)
cache-to List Cache export destinations (same as --cache-to flag)
context String Set of files located in the specified path or URL
contexts Map Additional build contexts (same as --build-context flag)
dockerfile String Name of the Dockerfile (same as --file flag)
dockerfile-inline String Inline Dockerfile content
labels Map Set metadata for an image (same as --label flag)
no-cache Bool Do not use cache when building the image (same as --no-cache flag)
no-cache-filter List Do not cache specified stages (same as --no-cache-filter flag)
output List Output destination (same as --output flag)
platforms List Set target platforms for build (same as --platform flag)
pull Bool Always attempt to pull all referenced images (same as --pull flag)
secret List Secret to expose to the build (same as --secret flag)
ssh List SSH agent socket or keys to expose to the build (same as --ssh flag)
tags List Name and optionally a tag in the format name:tag (same as --tag flag)
target String Set the target build stage to build (same as --target flag)

Group

A group is a grouping of targets: 

# docker-bake.hcl
group "build" {
  targets = ["db", "webapp-dev"]
}

target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:latest"]
}

target "db" {
  dockerfile = "Dockerfile.db"
  tags = ["docker.io/username/db"]
}

$ docker buildx bake build

Variable

Similar to how Terraform provides a way to define variables, the HCL file format also supports variable block definitions. These can be used to define variables with values provided by the current environment, or a default value when unset: 

# docker-bake.hcl
variable "TAG" {
  default = "latest"
}

target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:${TAG}"]
}

$ docker buildx bake webapp-dev          # will use the default value "latest"
$ TAG=dev docker buildx bake webapp-dev  # will use the TAG environment variable value

Tip

See also the Configuring builds page for advanced usage.

Functions

A set of generally useful functions provided by go-cty are available for use in HCL files: 

# docker-bake.hcl
target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:latest"]
  args = {
    buildno = "${add(123, 1)}"
  }
}

In addition, user defined functions are also supported: 

# docker-bake.hcl
function "increment" {
  params = [number]
  result = number + 1
}

target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:latest"]
  args = {
    buildno = "${increment(123)}"
  }
}

Note

See User defined HCL functions page for more details.

Built-in variables

  • BAKE_CMD_CONTEXT can be used to access the main context for bake command from a bake file that has been imported remotely.
  • BAKE_LOCAL_PLATFORM returns the current platform’s default platform specification (e.g. linux/amd64 ).

Merging and inheritance

Multiple files can include the same target and final build options will be determined by merging them together: 

# docker-bake.hcl
target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:latest"]
}

# docker-bake2.hcl
target "webapp-dev" {
  tags = ["docker.io/username/webapp:dev"]
}

$ docker buildx bake -f docker-bake.hcl -f docker-bake2.hcl webapp-dev

A group can specify its list of targets with the targets option. A target can inherit build options by setting the inherits option to the list of targets or groups to inherit from: 

# docker-bake.hcl
target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:${TAG}"]
}

target "webapp-release" {
  inherits = ["webapp-dev"]
  platforms = ["linux/amd64", "linux/arm64"]
}

default target/group

When you invoke bake you specify what targets/groups you want to build. If no arguments is specified, the group/target named default will be built: 

# docker-bake.hcl
target "default" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:latest"]
}

$ docker buildx bake

Definitions

HCL definition

HCL definition file is recommended as its experience is more aligned with buildx UX and also allows better code reuse, different target groups and extended features. 

# docker-bake.hcl
variable "TAG" {
  default = "latest"
}

group "default" {
  targets = ["db", "webapp-dev"]
}

target "webapp-dev" {
  dockerfile = "Dockerfile.webapp"
  tags = ["docker.io/username/webapp:${TAG}"]
}

target "webapp-release" {
  inherits = ["webapp-dev"]
  platforms = ["linux/amd64", "linux/arm64"]
}

target "db" {
  dockerfile = "Dockerfile.db"
  tags = ["docker.io/username/db"]
}

JSON definition 

{
  "variable": {
    "TAG": {
      "default": "latest"
    }
  },
  "group": {
    "default": {
      "targets": [
        "db",
        "webapp-dev"
      ]
    }
  },
  "target": {
    "webapp-dev": {
      "dockerfile": "Dockerfile.webapp",
      "tags": [
        "docker.io/username/webapp:${TAG}"
      ]
    },
    "webapp-release": {
      "inherits": [
        "webapp-dev"
      ],
      "platforms": [
        "linux/amd64",
        "linux/arm64"
      ]
    },
    "db": {
      "dockerfile": "Dockerfile.db",
      "tags": [
        "docker.io/username/db"
      ]
    }
  }
}

Compose file 

# docker-compose.yml
services:
  webapp:
    image: docker.io/username/webapp:latest
    build:
      dockerfile: Dockerfile.webapp

  db:
    image: docker.io/username/db
    build:
      dockerfile: Dockerfile.db

Note

See Building from Compose file page for more details.

Remote definition

You can also build bake files directly from a remote Git repository or HTTPS URL: 

$ docker buildx bake "https://github.com/docker/cli.git#v20.10.11" --print
#1 [internal] load git source https://github.com/docker/cli.git#v20.10.11
#1 0.745 e8f1871b077b64bcb4a13334b7146492773769f7       refs/tags/v20.10.11
#1 2.022 From https://github.com/docker/cli
#1 2.022  * [new tag]         v20.10.11  -> v20.10.11
#1 DONE 2.9s

{
  "group": {
    "default": {
      "targets": [
        "binary"
      ]
    }
  },
  "target": {
    "binary": {
      "context": "https://github.com/docker/cli.git#v20.10.11",
      "dockerfile": "Dockerfile",
      "args": {
        "BASE_VARIANT": "alpine",
        "GO_STRIP": "",
        "VERSION": ""
      },
      "target": "binary",
      "platforms": [
        "local"
      ],
      "output": [
        "build"
      ]
    }
  }
}

As you can see the context is fixed to https://github.com/docker/cli.git even if no context is actually defined in the definition.

If you want to access the main context for bake command from a bake file that has been imported remotely, you can use the BAKE_CMD_CONTEXT built-in var. 

$ cat https://raw.githubusercontent.com/tonistiigi/buildx/remote-test/docker-bake.hcl

target "default" {
  context = BAKE_CMD_CONTEXT
  dockerfile-inline = <<EOT
FROM alpine
WORKDIR /src
COPY . .
RUN ls -l && stop
EOT
}

$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" --print

{
  "target": {
    "default": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "dockerfile-inline": "FROM alpine\nWORKDIR /src\nCOPY . .\nRUN ls -l \u0026\u0026 stop\n"
    }
  }
}

$ touch foo bar
$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test"

...
 > [4/4] RUN ls -l && stop:
#8 0.101 total 0
#8 0.102 -rw-r--r--    1 root     root             0 Jul 27 18:47 bar
#8 0.102 -rw-r--r--    1 root     root             0 Jul 27 18:47 foo
#8 0.102 /bin/sh: stop: not found

$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" "https://github.com/docker/cli.git#v20.10.11" --print
#1 [internal] load git source https://github.com/tonistiigi/buildx.git#remote-test
#1 0.429 577303add004dd7efeb13434d69ea030d35f7888       refs/heads/remote-test
#1 CACHED

{
  "target": {
    "default": {
      "context": "https://github.com/docker/cli.git#v20.10.11",
      "dockerfile": "Dockerfile",
      "dockerfile-inline": "FROM alpine\nWORKDIR /src\nCOPY . .\nRUN ls -l \u0026\u0026 stop\n"
    }
  }
}

$ docker buildx bake "https://github.com/tonistiigi/buildx.git#remote-test" "https://github.com/docker/cli.git#v20.10.11"

...
 > [4/4] RUN ls -l && stop:
#8 0.136 drwxrwxrwx    5 root     root          4096 Jul 27 18:31 kubernetes
#8 0.136 drwxrwxrwx    3 root     root          4096 Jul 27 18:31 man
#8 0.136 drwxrwxrwx    2 root     root          4096 Jul 27 18:31 opts
#8 0.136 -rw-rw-rw-    1 root     root          1893 Jul 27 18:31 poule.yml
#8 0.136 drwxrwxrwx    7 root     root          4096 Jul 27 18:31 scripts
#8 0.136 drwxrwxrwx    3 root     root          4096 Jul 27 18:31 service
#8 0.136 drwxrwxrwx    2 root     root          4096 Jul 27 18:31 templates
#8 0.136 drwxrwxrwx   10 root     root          4096 Jul 27 18:31 vendor
#8 0.136 -rwxrwxrwx    1 root     root          9620 Jul 27 18:31 vendor.conf
#8 0.136 /bin/sh: stop: not found
Read article

User defined HCL functions

User defined HCL functions

Using interpolation to tag an image with the git sha

As shown in the File definition page, bake supports variable blocks which are assigned to matching environment variables or default values: 

# docker-bake.hcl
variable "TAG" {
  default = "latest"
}

group "default" {
  targets = ["webapp"]
}

target "webapp" {
  tags = ["docker.io/username/webapp:${TAG}"]
}

alternatively, in json format: 

{
  "variable": {
    "TAG": {
      "default": "latest"
    }
  },
  "group": {
    "default": {
      "targets": ["webapp"]
    }
  },
  "target": {
    "webapp": {
      "tags": ["docker.io/username/webapp:${TAG}"]
    }
  }
}

$ docker buildx bake --print webapp

{
  "group": {
    "default": {
      "targets": [
        "webapp"
      ]
    }
  },
  "target": {
    "webapp": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "tags": [
        "docker.io/username/webapp:latest"
      ]
    }
  }
}

$ TAG=$(git rev-parse --short HEAD) docker buildx bake --print webapp

{
  "group": {
    "default": {
      "targets": [
        "webapp"
      ]
    }
  },
  "target": {
    "webapp": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "tags": [
        "docker.io/username/webapp:985e9e9"
      ]
    }
  }
}

Using the add function

You can use go-cty stdlib functions. Here we are using the add function. 

# docker-bake.hcl
variable "TAG" {
  default = "latest"
}

group "default" {
  targets = ["webapp"]
}

target "webapp" {
  args = {
    buildno = "${add(123, 1)}"
  }
}

$ docker buildx bake --print webapp

{
  "group": {
    "default": {
      "targets": [
        "webapp"
      ]
    }
  },
  "target": {
    "webapp": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "buildno": "124"
      }
    }
  }
}

Defining an increment function

It also supports user defined functions. The following example defines a simple an increment function. 

# docker-bake.hcl
function "increment" {
  params = [number]
  result = number + 1
}

group "default" {
  targets = ["webapp"]
}

target "webapp" {
  args = {
    buildno = "${increment(123)}"
  }
}

$ docker buildx bake --print webapp

{
  "group": {
    "default": {
      "targets": [
        "webapp"
      ]
    }
  },
  "target": {
    "webapp": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "buildno": "124"
      }
    }
  }
}

Only adding tags if a variable is not empty using an notequal

Here we are using the conditional notequal function which is just for symmetry with the equal one. 

# docker-bake.hcl
variable "TAG" {default="" }

group "default" {
  targets = [
    "webapp",
  ]
}

target "webapp" {
  context="."
  dockerfile="Dockerfile"
  tags = [
    "my-image:latest",
    notequal("",TAG) ? "my-image:${TAG}": "",
  ]
}

$ docker buildx bake --print webapp

{
  "group": {
    "default": {
      "targets": [
        "webapp"
      ]
    }
  },
  "target": {
    "webapp": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "tags": [
        "my-image:latest"
      ]
    }
  }
}

Using variables in functions

You can refer variables to other variables like the target blocks can. Stdlib functions can also be called but user functions can’t at the moment. 

# docker-bake.hcl
variable "REPO" {
  default = "user/repo"
}

function "tag" {
  params = [tag]
  result = ["${REPO}:${tag}"]
}

target "webapp" {
  tags = tag("v1")
}

$ docker buildx bake --print webapp

{
  "group": {
    "default": {
      "targets": [
        "webapp"
      ]
    }
  },
  "target": {
    "webapp": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "tags": [
        "user/repo:v1"
      ]
    }
  }
}

Using typed variables

Non-string variables are also accepted. The value passed with env is parsed into suitable type first. 

# docker-bake.hcl
variable "FOO" {
  default = 3
}

variable "IS_FOO" {
  default = true
}

target "app" {
  args = {
    v1 = FOO > 5 ? "higher" : "lower" 
    v2 = IS_FOO ? "yes" : "no"
  }
}

$ docker buildx bake --print app

{
  "group": {
    "default": {
      "targets": [
        "app"
      ]
    }
  },
  "target": {
    "app": {
      "context": ".",
      "dockerfile": "Dockerfile",
      "args": {
        "v1": "lower",
        "v2": "yes"
      }
    }
  }
}
Read article

High-level builds with Bake

High-level builds with Bake

This command is experimental.

The design of bake is in early stages, and we are looking for feedback from users.

Buildx also aims to provide support for high-level build concepts that go beyond invoking a single build command. We want to support building all the images in your application together and let the users define project specific reusable build flows that can then be easily invoked by anyone.

BuildKit efficiently handles multiple concurrent build requests and de-duplicating work. The build commands can be combined with general-purpose command runners (for example, make ). However, these tools generally invoke builds in sequence and therefore cannot leverage the full potential of BuildKit parallelization, or combine BuildKit’s output for the user. For this use case, we have added a command called docker buildx bake .

The bake command supports building images from HCL, JSON and Compose files. This is similar to docker compose build , but allowing all the services to be built concurrently as part of a single request. If multiple files are specified they are all read and configurations are combined.

We recommend using HCL files as its experience is more aligned with buildx UX and also allows better code reuse, different target groups and extended features.

Next steps

  • File definition
  • Configuring builds
  • User defined HCL functions
  • Defining additional build contexts and linking targets
  • Building from Compose file
Read article

Create a base image

Create a base image

Most Dockerfiles start from a parent image. If you need to completely control the contents of your image, you might need to create a base image instead. Here’s the difference:

  • A parent image is the image that your image is based on. It refers to the contents of the FROM directive in the Dockerfile. Each subsequent declaration in the Dockerfile modifies this parent image. Most Dockerfiles start from a parent image, rather than a base image. However, the terms are sometimes used interchangeably.

  • A base image has FROM scratch in its Dockerfile.

This topic shows you several ways to create a base image. The specific process will depend heavily on the Linux distribution you want to package. We have some examples below, and you are encouraged to submit pull requests to contribute new ones.

Create a full image using tar

In general, start with a working machine that is running the distribution you’d like to package as a parent image, though that is not required for some tools like Debian’s Debootstrap, which you can also use to build Ubuntu images.

It can be as simple as this to create an Ubuntu parent image: 

$ sudo debootstrap focal focal > /dev/null
$ sudo tar -C focal -c . | docker import - focal

sha256:81ec9a55a92a5618161f68ae691d092bf14d700129093158297b3d01593f4ee3

$ docker run focal cat /etc/lsb-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS"

There are more example scripts for creating parent images in the Docker GitHub repository.

Create a simple parent image using scratch

You can use Docker’s reserved, minimal image, scratch , as a starting point for building containers. Using the scratch “image” signals to the build process that you want the next command in the Dockerfile to be the first filesystem layer in your image.

While scratch appears in Docker’s repository on the hub, you can’t pull it, run it, or tag any image with the name scratch . Instead, you can refer to it in your Dockerfile . For example, to create a minimal container using scratch : 

# syntax=docker/dockerfile:1
FROM scratch
ADD hello /
CMD ["/hello"]

Assuming you built the “hello” executable example by using the source code at https://github.com/docker-library/hello-world, and you compiled it with the -static flag, you can build this Docker image using this docker build command: 

$ docker build --tag hello .

Don’t forget the . character at the end, which sets the build context to the current directory.

Note : Because Docker Desktop for Mac and Docker Desktop for Windows use a Linux VM, you need a Linux binary, rather than a Mac or Windows binary. You can use a Docker container to build it: 

$ docker run --rm -it -v $PWD:/build ubuntu:20.04

container# apt-get update && apt-get install build-essential
container# cd /build
container# gcc -o hello -static hello.c

To run your new image, use the docker run command: 

$ docker run --rm hello

This example creates the hello-world image used in the tutorials. If you want to test it out, you can clone the image repo.

More resources

There are lots of resources available to help you write your Dockerfile .

  • There’s a complete guide to all the instructions available for use in a Dockerfile in the reference section.
  • To help you write a clear, readable, maintainable Dockerfile , we’ve also written a Dockerfile best practices guide.
  • If your goal is to create a new Docker Official Image, read Docker Official Images.
Read article

Build context

Build context

The docker build or docker buildx build commands build Docker images from a Dockerfile and a “context”.

A build’s context is the set of files located at the PATH or URL specified as the positional argument to the build command: 

$ docker build [OPTIONS] PATH | URL | -
                         ^^^^^^^^^^^^^^

The build process can refer to any of the files in the context. For example, your build can use a COPY instruction to reference a file in the context or a RUN --mount=type=bind instruction for better performance with BuildKit. The build context is processed recursively. So, a PATH includes any subdirectories and the URL includes the repository and its submodules.

PATH context

This example shows a build command that uses the current directory ( . ) as a build context: 

$ docker build .
...
#16 [internal] load build context
#16 sha256:23ca2f94460dcbaf5b3c3edbaaa933281a4e0ea3d92fe295193e4df44dc68f85
#16 transferring context: 13.16MB 2.2s done
...

With the following Dockerfile: 

# syntax=docker/dockerfile:1
FROM busybox
WORKDIR /src
COPY foo .

And this directory structure: 

.
├── Dockerfile
├── bar
├── foo
└── node_modules

The legacy builder sends the entire directory to the daemon, including bar and node_modules directories, even though the Dockerfile does not use them. When using BuildKit, the client only sends the files required by the COPY instructions, in this case foo .

In some cases you may want to send the entire context: 

# syntax=docker/dockerfile:1
FROM busybox
WORKDIR /src
COPY . .

You can use a .dockerignore file to exclude some files or directories from being sent: 

# .dockerignore
node_modules
bar

Warning

Avoid using your root directory, / , as the PATH for your build context, as it causes the build to transfer the entire contents of your hard drive to the daemon.

URL context

The URL parameter can refer to three kinds of resources:

  • Git repositories
  • Pre-packaged tarball contexts
  • Plain text files

Git repositories

When the URL parameter points to the location of a Git repository, the repository acts as the build context. The builder recursively pulls the repository and its submodules. A shallow clone is performed and therefore pulls down just the latest commits, not the entire history. A repository is first pulled into a temporary directory on your host. After that succeeds, the directory is sent to the daemon as the context. Local copy gives you the ability to access private repositories using local user credentials, VPN’s, and so forth.

Note

If the URL parameter contains a fragment the system will recursively clone the repository and its submodules using a git clone --recursive command.

Git URLs accept a context configuration parameter in the form of a URL fragment, separated by a colon ( : ). The first part represents the reference that Git will check out, and can be either a branch, a tag, or a remote reference. The second part represents a subdirectory inside the repository that will be used as a build context.

For example, run this command to use a directory called docker in the branch container : 

$ docker build https://github.com/user/myrepo.git#container:docker

The following table represents all the valid suffixes with their build contexts:

Build Syntax Suffix Commit Used Build Context Used
myrepo.git refs/heads/master /
myrepo.git#mytag refs/tags/mytag /
myrepo.git#mybranch refs/heads/mybranch /
myrepo.git#pull/42/head refs/pull/42/head /
myrepo.git#:myfolder refs/heads/master /myfolder
myrepo.git#master:myfolder refs/heads/master /myfolder
myrepo.git#mytag:myfolder refs/tags/mytag /myfolder
myrepo.git#mybranch:myfolder refs/heads/mybranch /myfolder

By default .git directory is not kept on Git checkouts. You can set the BuildKit built-in arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 to keep it. It can be useful to keep it around if you want to retrieve Git information during your build: 

# syntax=docker/dockerfile:1
FROM alpine
WORKDIR /src
RUN --mount=target=. \
  make REVISION=$(git rev-parse HEAD) build

$ docker build --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 https://github.com/user/myrepo.git#main

Tarball contexts

If you pass a URL to a remote tarball, the URL itself is sent to the daemon: 

$ docker build http://server/context.tar.gz
#1 [internal] load remote build context
#1 DONE 0.2s

#2 copy /context /
#2 DONE 0.1s
...

The download operation will be performed on the host the daemon is running on, which is not necessarily the same host from which the build command is being issued. The daemon will fetch context.tar.gz and use it as the build context. Tarball contexts must be tar archives conforming to the standard tar UNIX format and can be compressed with any one of the xz , bzip2 , gzip or identity (no compression) formats.

Text files

Instead of specifying a context, you can pass a single Dockerfile in the URL or pipe the file in via STDIN . To pipe a Dockerfile from STDIN : 

$ docker build - < Dockerfile

With Powershell on Windows, you can run: 

Get-Content Dockerfile | docker build -

If you use STDIN or specify a URL pointing to a plain text file, the system places the contents into a file called Dockerfile , and any -f , --file option is ignored. In this scenario, there is no context.

The following example builds an image using a Dockerfile that is passed through stdin. No files are sent as build context to the daemon. 

docker build -t myimage:latest -<<EOF
FROM busybox
RUN echo "hello world"
EOF

Omitting the build context can be useful in situations where your Dockerfile does not require files to be copied into the image, and improves the build-speed, as no files are sent to the daemon.

Read article