allow filesystem entitlements by default

Signed-off-by: CrazyMax <[email protected]>
docker · Nov 22, 2024 · 46547d0 · 46547d0
1 parent 9bc07af
commit 46547d0
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -694,6 +694,13 @@ jobs:
 
   allow:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        buildx-version:
+          - v0.19.0-rc1
+          - v0.18.0
+          - v0.17.1
     steps:
       -
         name: Checkout
@@ -702,7 +709,7 @@ jobs:
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          version: ${{ matrix.buildx-version }}
           driver-opts: |
             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
       -

diff --git a/src/context.ts b/src/context.ts
@@ -83,6 +83,10 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
     args.push(inputs.source);
   }
   if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
+    if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
+      // allow filesystem entitlements by default
+      inputs.allow.push('fs=/');
+    }
     if (inputs.allow.length > 0) {
       args.push('--allow', inputs.allow.join(','));
     }