Merge pull request #537 from crazy-max/pep440-match

allow to match part of the git tag or value for pep440 type

.dockerignore

@@ -1,2 +1,12 @@
 /coverage
-/node_modules
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.eslintignore

@@ -0,0 +1,3 @@
+/dist/**
+/coverage/**
+/node_modules/**

.eslintrc.json

@@ -1,18 +1,19 @@
 {
   "env": {
     "node": true,
-    "es2021": true,
-    "jest/globals": true
+    "es6": true,
+    "jest": true
   },
   "extends": [
     "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
     "plugin:@typescript-eslint/recommended",
     "plugin:jest/recommended",
     "plugin:prettier/recommended"
   ],
   "parser": "@typescript-eslint/parser",
   "parserOptions": {
-    "ecmaVersion": "latest",
+    "ecmaVersion": 2023,
     "sourceType": "module"
   },
   "plugins": [

.gitattributes

@@ -1,3 +1,5 @@
+/.yarn/releases/** binary
+/.yarn/plugins/** binary
 /__tests__/fixtures/** -linguist-detectable
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true

.github/CODEOWNERS

@@ -1 +0,0 @@
-*	@crazy-max

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,3 @@
+# Code of conduct
+
+- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,101 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Bug Report
+description: Report a bug
+labels:
+  - status/triage
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to report a bug!
+        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
+
+  - type: checkboxes
+    attributes:
+      label: Contributing guidelines
+      description: >
+        Make sure you've read the contributing guidelines before proceeding.
+      options:
+        - label: I've read the [contributing guidelines](https://github.com/docker/metadata-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: "I've found a bug, and:"
+      description: |
+        Make sure that your request fulfills all of the following requirements.
+        If one requirement cannot be satisfied, explain in detail why.
+      options:
+        - label: The documentation does not mention anything about my problem
+        - label: There are no open or closed issues that are related to my problem
+
+  - type: textarea
+    attributes:
+      label: Description
+      description: >
+        Provide a brief description of the bug in 1-2 sentences.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: >
+        Describe precisely what you'd expect to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Actual behaviour
+      description: >
+        Describe precisely what is actually happening.
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Repository URL
+      description: >
+        Enter the URL of the repository where you are experiencing the
+        issue. If your repository is private, provide a link to a minimal
+        repository that reproduces the issue.
+
+  - type: input
+    attributes:
+      label: Workflow run URL
+      description: >
+        Enter the URL of the GitHub Action workflow run if public (e.g.
+        `https://github.com/<user>/<repo>/actions/runs/<id>`)
+
+  - type: textarea
+    attributes:
+      label: YAML workflow
+      description: |
+        Provide the YAML of the workflow that's causing the issue.
+        Make sure to remove any sensitive information.
+      render: yaml
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Workflow logs
+      description: >
+        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
+        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
+        and make sure to remove any sensitive information.
+
+  - type: textarea
+    attributes:
+      label: BuildKit logs
+      description: >
+        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
+      render: text
+
+  - type: textarea
+    attributes:
+      label: Additional info
+      description: |
+        Provide any additional information that could be useful.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,34 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
----
-
-### Behaviour
-
-#### Steps to reproduce this issue
-
-1.
-2.
-3.
-
-#### Expected behaviour
-
-> Tell us what should happen
-
-#### Actual behaviour
-
-> Tell us what happens instead
-
-### Configuration
-
-* Repository URL (if public): 
-* Build URL (if public): 
-
-```yml
-# paste your YAML workflow file here and remove sensitive data
-```
-
-### Logs
-
-> Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
-> and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,9 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
+blank_issues_enabled: true
+contact_links:
+  - name: Questions and Discussions
+    url: https://github.com/docker/metadata-action/discussions/new
+    about: Use Github Discussions to ask questions and/or open discussion topics.
+  - name: Documentation
+    url: https://docs.docker.com/build/ci/github-actions/
+    about: Read the documentation.

.github/ISSUE_TEMPLATE/feature.yml

@@ -0,0 +1,15 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Feature request
+description: Missing functionality? Come tell us about it!
+labels:
+  - kind/enhancement
+  - status/triage
+
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is the feature you want to see?
+    validations:
+      required: true

.github/SECURITY.md

@@ -0,0 +1,12 @@
+# Reporting security issues
+
+The project maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+**Please _DO NOT_ file a public issue**, instead send your report privately to
+[security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated, and we will publicly thank you for it.
+We also like to send gifts—if you'd like Docker swag, make sure to let
+us know. We currently do not offer a paid security bounty program, but are not
+ruling it out in the future.

.github/SUPPORT.md

@@ -1,32 +0,0 @@
-# Support [![](https://isitmaintained.com/badge/resolution/docker/metadata-action.svg)](https://isitmaintained.com/project/docker/metadata-action)
-
-## Reporting an issue
-
-Please do a search in [open issues](https://github.com/docker/metadata-action/issues?utf8=%E2%9C%93&q=) to see if the
-issue or feature request has already been filed.
-
-If you find your issue already exists, make relevant comments and add your
-[reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place
-of a "+1" comment.
-
-:+1: - upvote
-
-:-1: - downvote
-
-If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
-
-## Writing good bug reports and feature requests
-
-File a single issue per problem and feature request.
-
-* Do not enumerate multiple bugs or feature requests in the same issue.
-* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
-
-The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
-
-You are now ready to [create a new issue](https://github.com/docker/metadata-action/issues/new/choose)!
-
-## Closure policy
-
-* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
-* Issues that go a week without a response from original poster are subject to closure at our discretion.

.github/dependabot.yml

@@ -11,6 +11,7 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    versioning-strategy: "increase"
     allow:
       - dependency-type: "production"
     labels:

.github/workflows/ci.yml

@@ -1,5 +1,9 @@
 name: ci
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   schedule:
     - cron: '0 10 * * *'
@@ -13,14 +17,39 @@ on:
 
 env:
   DOCKER_IMAGE: localhost:5000/name/app
+  BUILDX_VERSION: latest
 
 jobs:
+  context:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        context:
+          - workflow
+          - git
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          context: ${{ matrix.context }}
+
   multi-images:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -51,7 +80,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -81,7 +116,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -109,7 +150,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -134,7 +181,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -151,7 +204,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -161,12 +220,18 @@ jobs:
             name=ghcr.io/name/app,enable=${{ github.event_name == 'pull_request' }}
             name=ghcr.io/name/release,enable=${{ startsWith(github.ref, 'refs/tags/') }}
 
-  labels:
+  custom-labels-annotations:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -179,13 +244,24 @@ jobs:
             org.opencontainers.image.title=MyCustomTitle
             org.opencontainers.image.description=this is a "good" example
             org.opencontainers.image.vendor=MyCompany
+          annotations: |
+            maintainer=Foo
+            org.opencontainers.image.title=MyFooTitle
+            org.opencontainers.image.description=this is a "foo" example
+            org.opencontainers.image.vendor=MyFooCompany
 
   global-exps:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         uses: ./
@@ -193,6 +269,8 @@ jobs:
           images: |
             ${{ env.DOCKER_IMAGE }}
             ghcr.io/name/app
+          labels: |
+            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
           tags: |
             type=sha
             type=raw,value=gexp-branch-{{branch}}
@@ -200,13 +278,20 @@ jobs:
             type=raw,value=gexp-tag-{{tag}}
             type=raw,value=gexp-baseref-{{base_ref}}
             type=raw,value=gexp-defbranch,enable={{is_default_branch}}
+            type=raw,value=gexp-notdefbranch,enable={{is_not_default_branch}}
 
   json:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         id: meta
@@ -235,7 +320,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver-opts: network=host
       -
         name: Docker meta
         id: docker_meta
@@ -252,17 +343,9 @@ jobs:
             type=semver,pattern=v{{major}}.{{minor}}
             type=semver,pattern=v{{major}}
             type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          driver-opts: network=host
       -
         name: Build and push to local registry
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: ./test
           file: ./test/Dockerfile
@@ -279,17 +362,18 @@ jobs:
         name: Check manifest
         run: |
           docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v2
 
   bake:
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
       -
         name: Docker meta
         id: docker_meta
@@ -307,19 +391,14 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
             type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
       -
         name: Build
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v6
         with:
           files: |
             ./test/docker-bake.hcl
-            ${{ steps.docker_meta.outputs.bake-file }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-tags }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-labels }}
           targets: |
             release
 
@@ -334,7 +413,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         id: meta
@@ -346,7 +431,7 @@ jobs:
           sep-tags: ${{ matrix.sep }}
       -
         name: Tags
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             console.log(`${{ steps.meta.outputs.tags }}`);
@@ -356,7 +441,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
       -
         name: Docker meta
         id: meta
@@ -367,9 +458,11 @@ jobs:
             ghcr.io/name/app
           labels: |
             maintainer=CrazyMax
+          annotations: |
+            maintainer=Foo
       -
         name: Build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: ./test
           file: ./test/output.Dockerfile
@@ -377,4 +470,165 @@ jobs:
             DOCKER_METADATA_OUTPUT_VERSION
             DOCKER_METADATA_OUTPUT_TAGS
             DOCKER_METADATA_OUTPUT_LABELS
+            DOCKER_METADATA_OUTPUT_ANNOTATIONS
             DOCKER_METADATA_OUTPUT_JSON
+
+  no-output-env:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_METADATA_SET_OUTPUT_ENV: false
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        id: meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          labels: |
+            maintainer=CrazyMax
+          annotations: |
+            maintainer=Foo
+      -
+        name: No output environment variables set
+        shell: bash
+        run: |
+          [[ "$(printenv | grep "^DOCKER_METADATA_OUTPUT_" | wc -l)" -eq 0 ]] || exit 1
+
+  bake-annotations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./test/docker-bake.hcl
+            cwd://${{ steps.docker_meta.outputs.bake-file-tags }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-annotations }}
+          targets: |
+            release
+
+  no-images:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha
+      -
+        name: Print envs
+        run: env|sort
+
+  bake-path-context:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: latest
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: ./
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          source: .
+          files: |
+            ./test/docker-bake.hcl
+            ${{ steps.docker_meta.outputs.bake-file-tags }}
+            ${{ steps.docker_meta.outputs.bake-file-labels }}
+          targets: |
+            release
+
+  sha-short:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        short-length:
+          - ''
+          - 16
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          tags: |
+            type=sha
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: ${{ matrix.short-length }}
+
+  dump:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Dump context
+        uses: crazy-max/ghaction-dump-context@v2

.github/workflows/pr-assign-author.yml

@@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write

.github/workflows/publish.yml

@@ -0,0 +1,21 @@
+name: publish
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Publish
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -1,5 +1,9 @@
 name: test
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
@@ -13,14 +17,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Test
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v6
         with:
+          source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
         with:
-          file: ./coverage/clover.xml
+          files: ./coverage/clover.xml
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/validate.yml

@@ -1,5 +1,9 @@
 name: validate
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
@@ -11,16 +15,17 @@ jobs:
   prepare:
     runs-on: ubuntu-latest
     outputs:
-      targets: ${{ steps.targets.outputs.matrix }}
+      targets: ${{ steps.generate.outputs.targets }}
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
-        name: Targets matrix
-        id: targets
-        run: |
-          echo "matrix=$(docker buildx bake validate --print | jq -cr '.group.validate.targets')" >> $GITHUB_OUTPUT
+        name: List targets
+        id: generate
+        uses: docker/bake-action/subaction/list-targets@v6
+        with:
+          target: validate
 
   validate:
     runs-on: ubuntu-latest
@@ -31,11 +36,8 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.prepare.outputs.targets) }}
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
       -
         name: Validate
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v6
         with:
           targets: ${{ matrix.target }}

.gitignore

@@ -1,12 +1,5 @@
-/.dev
-node_modules/
-lib
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
 
-# Jetbrains
-/.idea
-/*.iml
-
-# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@@ -14,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -24,34 +18,14 @@ pids
 *.seed
 *.pid.lock
 
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov
 
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
 # Dependency directories
+node_modules/
 jspm_packages/
 
-# TypeScript v1 declaration files
-typings/
-
 # TypeScript cache
 *.tsbuildinfo
 
@@ -61,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache
 
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
 # Yarn Integrity file
 .yarn-integrity
 
-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
 
-# parcel-bundler cache (https://parceljs.org/)
-.cache
-
-# next.js build output
-.next
-
-# nuxt.js build output
-.nuxt
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*

.prettierignore

@@ -0,0 +1,6 @@
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/

.yarnrc.yml

@@ -0,0 +1,13 @@
+logFilters:
+  - code: YN0013
+    level: discard
+  - code: YN0019
+    level: discard
+  - code: YN0076
+    level: discard
+
+nodeLinker: node-modules
+
+plugins:
+  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+    spec: "@yarnpkg/plugin-interactive-tools"

README.md

@@ -44,10 +44,13 @@ ___
     * [`{{sha}}`](#sha)
     * [`{{base_ref}}`](#base_ref)
     * [`{{is_default_branch}}`](#is_default_branch)
+    * [`{{is_not_default_branch}}`](#is_not_default_branch)
     * [`{{date '<format>' tz='<timezone>'}}`](#date-format-tztimezone)
+    * [`{{commit_date '<format>' tz='<timezone>'}}`](#commit_date-format-tztimezone)
   * [Major version zero](#major-version-zero)
   * [JSON output object](#json-output-object)
-  * [Overwrite labels](#overwrite-labels)
+  * [Overwrite labels and annotations](#overwrite-labels-and-annotations)
+  * [Annotations](#annotations)
 * [Contributing](#contributing)
 
 ## Usage
@@ -74,23 +77,23 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: name/app
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
@@ -128,11 +131,11 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             name/app
@@ -144,13 +147,13 @@ jobs:
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
@@ -204,13 +207,10 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             name/app
@@ -222,16 +222,16 @@ jobs:
             type=sha
       -
         name: Build
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v6
         with:
           files: |
             ./docker-bake.hcl
-            ${{ steps.meta.outputs.bake-file }}
+            cwd://${{ steps.meta.outputs.bake-file }}
           targets: build
 ```
 
-Content of `${{ steps.meta.outputs.bake-file }}` file will look like this with
-`refs/tags/v1.2.3` ref:
+Content of `${{ steps.meta.outputs.bake-file }}` file, combining tags and
+labels, will look like this with `refs/tags/v1.2.3` ref:
 
 ```json
 {
@@ -262,12 +262,29 @@ Content of `${{ steps.meta.outputs.bake-file }}` file will look like this with
 }
 ```
 
+You can also use the `bake-file-tags` and `bake-file-labels` outputs if you
+just want to use tags and/or labels respectively. The following example is
+similar to the previous one:
+
+```yaml
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-tags }}
+            cwd://${{ steps.meta.outputs.bake-file-labels }}
+          targets: build
+```
+
 ## Customizing
 
 ### inputs
 
-Following inputs can be used as `step.with` keys
+The following inputs can be used as `step.with` keys:
 
+> [!NOTE]
 > `List` type is a newline-delimited string
 > ```yaml
 > labels: |
@@ -277,40 +294,48 @@ Following inputs can be used as `step.with` keys
 > ```
 
 | Name              | Type   | Description                                                                  |
-|---------------------|--------|-------------------------------------------------------------------------------|
+|-------------------|--------|------------------------------------------------------------------------------|
 | `context`         | String | Where to get context data. Allowed options are: `workflow` (default), `git`. |
 | `images`          | List   | List of Docker images to use as base name for tags                           |
 | `tags`            | List   | List of [tags](#tags-input) as key-value pair attributes                     |
 | `flavor`          | List   | [Flavor](#flavor-input) to apply                                             |
 | `labels`          | List   | List of custom labels                                                        |
+| `annotations`     | List   | List of custom annotations                                                   |
 | `sep-tags`        | String | Separator to use for tags output (default `\n`)                              |
 | `sep-labels`      | String | Separator to use for labels output (default `\n`)                            |
+| `sep-annotations` | String | Separator to use for annotations output (default `\n`)                       |
 | `bake-target`     | String | Bake target name (default `docker-metadata-action`)                          |
 
 ### outputs
 
-Following outputs are available
+The following outputs are available:
 
 | Name                    | Type   | Description                                                                                                                                                     |
-|---------------|---------|--------------------------------------------------------------------------------------------|
+|-------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `version`               | String | Docker image version                                                                                                                                            |
 | `tags`                  | String | Docker tags                                                                                                                                                     |
 | `labels`                | String | Docker labels                                                                                                                                                   |
+| `annotations`           | String | [Annotations](https://github.com/moby/buildkit/blob/master/docs/annotations.md)                                                                                 |
 | `json`                  | String | JSON output of tags and labels                                                                                                                                  |
-| `bake-file`   | File    | [Bake file definition](https://docs.docker.com/build/customize/bake/file-definition/) path |
+| `bake-file-tags`        | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with tags                                                                            |
+| `bake-file-labels`      | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with labels                                                                          |
+| `bake-file-annotations` | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with [annotations](https://github.com/moby/buildkit/blob/master/docs/annotations.md) |
 
-Alternatively, each output is also exported as an environment variable:
+Alternatively, each output is also exported as an environment variable when `DOCKER_METADATA_SET_OUTPUT_ENV` is `true`:
 
 * `DOCKER_METADATA_OUTPUT_VERSION`
 * `DOCKER_METADATA_OUTPUT_TAGS`
 * `DOCKER_METADATA_OUTPUT_LABELS`
+* `DOCKER_METADATA_OUTPUT_ANNOTATIONS`
 * `DOCKER_METADATA_OUTPUT_JSON`
-* `DOCKER_METADATA_OUTPUT_BAKE_FILE`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_TAGS`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_LABELS`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_ANNOTATIONS`
 
 So it can be used with our [Docker Build Push action](https://github.com/docker/build-push-action/):
 
 ```yaml
-- uses: docker/build-push-action@v4
+- uses: docker/build-push-action@v6
   with:
     build-args: |
       DOCKER_METADATA_OUTPUT_JSON
@@ -319,8 +344,11 @@ So it can be used with our [Docker Build Push action](https://github.com/docker/
 ### environment variables
 
 | Name                                 | Type   | Description                                                                                                                                  |
-|-------------------------------|------|------------------------------------------------------------------------------------------------------------|
+|--------------------------------------|--------|----------------------------------------------------------------------------------------------------------------------------------------------|
 | `DOCKER_METADATA_PR_HEAD_SHA`        | Bool   | If `true`, set associated head SHA instead of commit SHA that triggered the workflow on pull request event                                   |
+| `DOCKER_METADATA_SHORT_SHA_LENGTH`   | Number | Specifies the length of the [short commit SHA](#typesha) to ensure uniqueness. Default is `7`, but can be increased for larger repositories. |
+| `DOCKER_METADATA_ANNOTATIONS_LEVELS` | String | Comma separated list of annotations levels to set for annotations output separated (default `manifest`)                                      |
+| `DOCKER_METADATA_SET_OUTPUT_ENV`     | Bool   | If `true`, sets each output as an environment variable (default `true`)                                                                      |
 
 ## `context` input
 
@@ -359,6 +387,8 @@ images: |
 * `name=<string>` image base name
 * `enable=<true|false>` enable this entry (default `true`)
 
+If `images` is empty, tags will be generated without base name.
+
 ## `flavor` input
 
 `flavor` defines a global behavior for [`tags`](#tags-input):
@@ -465,6 +495,8 @@ tags: |
   type=semver,pattern={{version}}
   # use custom value instead of git tag
   type=semver,pattern={{version}},value=v1.0.0
+  # use custom value and match part of it
+  type=semver,pattern={{version}},value=p1/v1.0.0,match=v(\d.\d.\d)$
 ```
 
 Will be used on a [push tag event](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
@@ -480,18 +512,21 @@ with the following expressions:
 * `minor` ; minor version identifier
 * `patch` ; patch version identifier
 
-| Git tag            | Pattern                                                  | Output               |
-|--------------------|----------------------------------------------------------|----------------------|
-| `v1.2.3`           | `{{raw}}`                                                | `v1.2.3`             |
-| `v1.2.3`           | `{{version}}`                                            | `1.2.3`              |
-| `v1.2.3`           | `{{major}}.{{minor}}`                                    | `1.2`                |
-| `v1.2.3`           | `v{{major}}`                                             | `v1`                 |
-| `v1.2.3`           | `{{minor}}`                                              | `2`                  |
-| `v1.2.3`           | `{{patch}}`                                              | `3`                  |
-| `v2.0.8-beta.67`   | `{{raw}}`                                                | `v2.0.8-beta.67`     |
-| `v2.0.8-beta.67`   | `{{version}}`                                            | `2.0.8-beta.67`      |
-| `v2.0.8-beta.67`   | `{{major}}.{{minor}}`                                    | `2.0.8-beta.67`*     |
+| Git tag          | Pattern               | Match          | Output           |
+|------------------|-----------------------|----------------|------------------|
+| `v1.2.3`         | `{{raw}}`             |                | `v1.2.3`         |
+| `v1.2.3`         | `{{version}}`         |                | `1.2.3`          |
+| `v1.2.3`         | `{{major}}.{{minor}}` |                | `1.2`            |
+| `v1.2.3`         | `v{{major}}`          |                | `v1`             |
+| `v1.2.3`         | `{{minor}}`           |                | `2`              |
+| `v1.2.3`         | `{{patch}}`           |                | `3`              |
+| `p1/v1.2.3`      | `{{version}}`         | `v(\d.\d.\d)$` | `1.2.3`          |
+| `v2.0.8-beta.67` | `{{raw}}`             |                | `v2.0.8-beta.67` |
+| `v2.0.8-beta.67` | `{{version}}`         |                | `2.0.8-beta.67`  |
+| `v2.0.8-beta.67` | `{{major}}`           |                | `2.0.8-beta.67`* |
+| `v2.0.8-beta.67` | `{{major}}.{{minor}}` |                | `2.0.8-beta.67`* |
 
+> [!IMPORTANT]
 > *Pre-release (rc, beta, alpha) will only extend `{{version}}` (or `{{raw}}`
 > if specified) as tag because they are updated frequently, and contain many
 > breaking changes that are (by the author's design) not yet fit for public
@@ -501,7 +536,7 @@ Extended attributes and default values:
 
 ```yaml
 tags: |
-  type=semver,enable=true,priority=900,prefix=,suffix=,pattern=,value=
+  type=semver,enable=true,priority=900,prefix=,suffix=,pattern=,value=,match=
 ```
 
 ### `type=pep440`
@@ -512,6 +547,8 @@ tags: |
   type=pep440,pattern={{version}}
   # use custom value instead of git tag
   type=pep440,pattern={{version}},value=1.0.0
+  # use custom value and match part of it
+  type=pep440,pattern={{version}},value=p1/v1.0.0,match=v(\d.\d.\d)$
 ```
 
 Will be used on a [push tag event](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
@@ -527,20 +564,22 @@ with the following expressions:
 * `minor` ; minor version identifier
 * `patch` ; patch version identifier
 
-| Git tag            | Pattern                                                  | Output               |
-|--------------------|----------------------------------------------------------|----------------------|
-| `1.2.3`            | `{{raw}}`                                                | `1.2.3`              |
-| `1.2.3`            | `{{version}}`                                            | `1.2.3`              |
-| `v1.2.3`           | `{{version}}`                                            | `1.2.3`              |
-| `1.2.3`            | `{{major}}.{{minor}}`                                    | `1.2`                |
-| `1.2.3`            | `v{{major}}`                                             | `v1`                 |
-| `v1.2.3rc2`        | `{{raw}}`                                                | `v1.2.3rc2`          |
-| `1.2.3rc2`         | `{{version}}`                                            | `1.2.3rc2`           |
-| `1.2.3rc2`         | `{{major}}.{{minor}}`                                    | `1.2.3rc2`*          |
-| `1.2.3post1`       | `{{major}}.{{minor}}`                                    | `1.2.3.post1`*       |
-| `1.2.3beta2`       | `{{major}}.{{minor}}`                                    | `1.2.3b2`*           |
-| `1.0dev4`          | `{{major}}.{{minor}}`                                    | `1.0.dev4`*          |
+| Git tag      | Pattern               | Match          | Output         |
+|--------------|-----------------------|----------------|----------------|
+| `1.2.3`      | `{{raw}}`             |                | `1.2.3`        |
+| `1.2.3`      | `{{version}}`         |                | `1.2.3`        |
+| `v1.2.3`     | `{{version}}`         |                | `1.2.3`        |
+| `1.2.3`      | `{{major}}.{{minor}}` |                | `1.2`          |
+| `1.2.3`      | `v{{major}}`          |                | `v1`           |
+| `v1.2.3rc2`  | `{{raw}}`             |                | `v1.2.3rc2`    |
+| `1.2.3rc2`   | `{{version}}`         |                | `1.2.3rc2`     |
+| `p1/v1.2.3`  | `{{version}}`         | `v(\d.\d.\d)$` | `1.2.3`        |
+| `1.2.3rc2`   | `{{major}}.{{minor}}` |                | `1.2.3rc2`*    |
+| `1.2.3post1` | `{{major}}.{{minor}}` |                | `1.2.3.post1`* |
+| `1.2.3beta2` | `{{major}}.{{minor}}` |                | `1.2.3b2`*     |
+| `1.0dev4`    | `{{major}}.{{minor}}` |                | `1.0.dev4`*    |
 
+> [!IMPORTANT]
 > *dev/pre/post release will only extend `{{version}}` (or `{{raw}}` if
 > specified) as tag because they are updated frequently, and contain many
 > breaking changes that are (by the author's design) not yet fit for public
@@ -677,7 +716,26 @@ tags: |
   type=sha,format=long
 ```
 
-Output Git short commit (or long if specified) as Docker tag like `sha-ad132f5`.
+Output Git short commit (or long if specified) as Docker tag like
+`sha-860c190`.
+
+By default, the length of the short commit SHA is `7` characters. You can
+increase this length for larger repositories by setting the
+[`DOCKER_METADATA_SHORT_SHA_LENGTH` environment variable](#environment-variables):
+
+```yaml
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name/app
+          tags: |
+            type=sha
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: 12
+```
 
 Extended attributes and default values:
 
@@ -711,6 +769,7 @@ generated by default (`auto` mode) for:
 
 * [`type=ref,event=tag`](#typeref)
 * [`type=semver,pattern=...`](#typesemver)
+* [`type=pep440,pattern=...`](#typepep440)
 * [`type=match,pattern=...`](#typematch)
 
 For conditionally tagging with latest for a specific branch name, e.g. if your
@@ -752,7 +811,8 @@ Each tags `type` attribute has a default priority:
 ### Global expressions
 
 The following [Handlebars' template](https://handlebarsjs.com/guide/) expressions
-for `prefix`, `suffix`, `value` and `enable` attributes are available:
+for `prefix`, `suffix`, `value` and `enable` attributes of `tags` input are
+available:
 
 ```yaml
 tags: |
@@ -762,6 +822,13 @@ tags: |
   type=raw,value=mytag-{{branch}}-{{sha}}
 ```
 
+They can also be applied to `labels` and `annotations` inputs:
+
+```yaml
+labels: |
+  org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
+```
+
 #### `{{branch}}`
 
 Returns the branch name that triggered the workflow run. Will be empty if not 
@@ -802,6 +869,7 @@ workflow run. Will be empty for a branch reference:
 | `push`         | `refs/heads/my/branch`        |                    |
 | `push tag`*    | `refs/tags/v1.2.3`            | `master`           |
 
+> [!IMPORTANT]
 > *`base_ref` is available in the push payload but doesn't always seem to 
 > return the expected branch when the push tag event occurs. It's also
 > [not documented in GitHub docs](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push).
@@ -813,6 +881,11 @@ workflow run. Will be empty for a branch reference:
 Returns `true` if the branch that triggered the workflow run is the default
 one, otherwise `false`.
 
+#### `{{is_not_default_branch}}`
+
+Returns `true` if the branch that triggered the workflow run is not the default
+one, otherwise `false`.
+
 #### `{{date '<format>' tz='<timezone>'}}`
 
 Returns the current date rendered by its [moment format](https://momentjs.com/docs/#/displaying/format/).
@@ -824,6 +897,20 @@ Default `tz` is UTC.
 | `{{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}`   | `Friday, January 10th 2020, 3:25:50 pm` |
 | `{{date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000`                       |
 
+#### `{{commit_date '<format>' tz='<timezone>'}}`
+
+Returns the date when the current git commit is committed, rendered by its
+[moment format](https://momentjs.com/docs/#/displaying/format/). It falls back
+to the current date if the commit date is not available.
+
+Default `tz` is UTC.
+
+| Expression                                          | Output example                          |
+|-----------------------------------------------------|-----------------------------------------|
+| `{{commit_date 'YYYYMMDD'}}`                        | `20200110`                              |
+| `{{commit_date 'dddd, MMMM Do YYYY, h:mm:ss a'}}`   | `Friday, January 10th 2020, 3:25:50 pm` |
+| `{{commit_date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000`                       |
+
 ### Major version zero
 
 Major version zero (`0.y.z`) is for initial development and **may** change at
@@ -851,13 +938,13 @@ that you can reuse them further in your workflow using the [`fromJSON` function]
 ```yaml
       -
         name: Docker meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         id: meta
         with:
           images: name/app
       -
         name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -867,16 +954,17 @@ that you can reuse them further in your workflow using the [`fromJSON` function]
             REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
 ```
 
-### Overwrite labels
+### Overwrite labels and annotations
 
 If some [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-labels generated are not suitable, you can overwrite them like this:
+generated are not suitable as labels/annotations, you can overwrite them like
+this:
 
 ```yaml
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: name/app
           labels: |
@@ -886,6 +974,78 @@ labels generated are not suitable, you can overwrite them like this:
             org.opencontainers.image.vendor=MyCompany
 ```
 
+### Annotations
+
+Since Buildx 0.12, it is possible to set annotations to your image through the
+`--annotation` flag.
+
+With the [`build-push-action`](https://github.com/docker/build-push-action/),
+you can set the `annotations` input with the value of the `annotations` output
+of the `metadata-action`:
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+```
+
+The same can be done with the [`bake-action`](https://github.com/docker/bake-action/):
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-tags }}
+            cwd://${{ steps.meta.outputs.bake-file-annotations }}
+          targets: build
+```
+
+Note that annotations can be attached at many different levels within a manifest.
+By default, the generated annotations will be attached to image manifests,
+but different registries may expect annotations at different places;
+a common practice is to read annotations at _image indexes_ if present,
+which are often used by multi-arch builds to index platform-specific images.
+If you want to specify level(s) for your annotations, you can use the
+[`DOCKER_METADATA_ANNOTATIONS_LEVELS` environment variable](#environment-variables)
+with a comma separated list of all levels the annotations should be attached to (defaults to `manifest`).
+The following configuration demonstrates the ability to attach annotations to both image manifests and image indexes,
+though your registry may only need annotations at the index level. (That is, `index` alone may be enough.)
+Please consult the documentation of your registry.
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+```
+
+More information about annotations in the [BuildKit documentation](https://github.com/moby/buildkit/blob/master/docs/annotations.md).
+
 ## Contributing
 
 Want to contribute? Awesome! You can find information about contributing to

UPGRADE.md

@@ -1,300 +0,0 @@
-# Upgrade notes
-
-## v2 to v3
-
-* Repository has been moved to docker org. Replace `crazy-max/ghaction-docker-meta@v2`
-  with `docker/metadata-action@v4`
-* The default bake target has been changed: `ghaction-docker-meta` > `docker-metadata-action`
-
-## v1 to v2
-
-* [inputs](#inputs)
-  * [`tag-sha`](#tag-sha)
-  * [`tag-edge` / `tag-edge-branch`](#tag-edge--tag-edge-branch)
-  * [`tag-semver`](#tag-semver)
-  * [`tag-match` / `tag-match-group`](#tag-match--tag-match-group)
-  * [`tag-latest`](#tag-latest)
-  * [`tag-schedule`](#tag-schedule)
-  * [`tag-custom` / `tag-custom-only`](#tag-custom--tag-custom-only)
-  * [`label-custom`](#label-custom)
-* [Basic workflow](#basic-workflow)
-* [Semver workflow](#semver-workflow)
-
-### inputs
-
-| New        | Unchanged       | Removed            |
-|------------|-----------------|--------------------|
-| `tags`     | `images`        | `tag-sha`          |
-| `flavor`   | `sep-tags`      | `tag-edge`         |
-| `labels`   | `sep-labels`    | `tag-edge-branch`  |
-|            |                 | `tag-semver`       |
-|            |                 | `tag-match`        |
-|            |                 | `tag-match-group`  |
-|            |                 | `tag-latest`       |
-|            |                 | `tag-schedule`     |
-|            |                 | `tag-custom`       |
-|            |                 | `tag-custom-only`  |
-|            |                 | `label-custom`     |
-
-#### `tag-sha`
-
-```yaml
-tags: |
-  type=sha
-```
-
-#### `tag-edge` / `tag-edge-branch`
-
-```yaml
-tags: |
-  # default branch
-  type=edge
-  # specify branch
-  type=edge,branch=main
-```
-
-#### `tag-semver`
-
-```yaml
-tags: |
-  type=semver,pattern={{version}}
-```
-
-#### `tag-match` / `tag-match-group`
-
-```yaml
-tags: |
-  type=match,pattern=v(.*),group=1
-```
-
-#### `tag-latest`
-
-`tag-latest` is now handled through the [`flavor` input](README.md#flavor-input):
-
-```yaml
-flavor: |
-  latest=auto
-```
-
-See also the notes about ["latest tag" behavior](README.md#latest-tag)
-
-#### `tag-schedule`
-
-```yaml
-tags: |
-  # default tag (nightly)
-  type=schedule
-  # specific pattern
-  type=schedule,pattern={{date 'YYYYMMDD'}}
-```
-
-#### `tag-custom` / `tag-custom-only`
-
-```yaml
-tags: |
-  type=raw,value=foo
-  type=raw,value=bar
-  # or
-  type=raw,foo
-  type=raw,bar
-  # or
-  foo
-  bar
-```
-
-#### `label-custom`
-
-Same behavior for `labels`:
-
-```yaml
-labels: |
-  maintainer=CrazyMax
-```
-
-### Basic workflow
-
-```yaml
-# v1
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v1
-        with:
-          images: name/app
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-```yaml
-# v2
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: name/app
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-### Semver workflow
-
-```yaml
-# v1
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v1
-        with:
-          images: name/app
-          tag-semver: |
-            {{version}}
-            {{major}}.{{minor}}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-```yaml
-# v2
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: name/app
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```

__mocks__/@actions/github.ts

@@ -204,4 +204,20 @@ export const context = {
   }
 };
 
-export const getOctokit = jest.fn();
+export const getOctokit = jest.fn(() => ({
+  rest: {
+    repos: {
+      getCommit: jest.fn(() =>
+        Promise.resolve({
+          data: {
+            commit: {
+              committer: {
+                date: '2024-11-13T13:42:28Z'
+              }
+            }
+          }
+        })
+      )
+    }
+  }
+}));

__tests__/context.test.ts

@@ -5,9 +5,12 @@ import * as path from 'path';
 import {Context} from '@actions/github/lib/context';
 import {Git} from '@docker/actions-toolkit/lib/git';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 
 import {ContextSource, getContext, getInputs, Inputs} from '../src/context';
 
+const toolkit = new Toolkit({githubToken: 'fake-github-token'});
+
 beforeEach(() => {
   jest.clearAllMocks();
   jest.spyOn(GitHub, 'context', 'get').mockImplementation((): Context => {
@@ -39,8 +42,10 @@ describe('getInputs', () => {
         githubToken: '',
         images: ['moby/buildkit', 'ghcr.io/moby/mbuildkit'],
         labels: [],
+        annotations: [],
         sepLabels: '\n',
         sepTags: '\n',
+        sepAnnotations: '\n',
         tags: [],
       } as Inputs
     ],
@@ -51,6 +56,7 @@ describe('getInputs', () => {
         ['images', 'moby/buildkit'],
         ['sep-labels', ','],
         ['sep-tags', ','],
+        ['sep-annotations', ',']
       ]),
       {
         context: ContextSource.workflow,
@@ -59,8 +65,10 @@ describe('getInputs', () => {
         githubToken: '',
         images: ['moby/buildkit'],
         labels: [],
+        annotations: [],
         sepLabels: ',',
         sepTags: ',',
+        sepAnnotations: ',',
         tags: [],
       } as Inputs
     ],
@@ -76,8 +84,10 @@ describe('getInputs', () => {
         githubToken: '',
         images: ['moby/buildkit', 'ghcr.io/moby/mbuildkit'],
         labels: [],
+        annotations: [],
         sepLabels: '\n',
         sepTags: '\n',
+        sepAnnotations: '\n',
         tags: [],
       } as Inputs
     ],
@@ -106,9 +116,10 @@ describe('getContext', () => {
   });
 
   it('workflow', async () => {
-    const context = await getContext(ContextSource.workflow);
+    const context = await getContext(ContextSource.workflow, toolkit);
     expect(context.ref).toEqual('refs/heads/dev');
     expect(context.sha).toEqual('5f3331d7f7044c18ca9f12c77d961c4d7cf3276a');
+    expect(context.commitDate).toEqual(new Date('2024-11-13T13:42:28.000Z'));
   });
 
   it('git', async () => {
@@ -118,9 +129,13 @@ describe('getContext', () => {
         sha: 'git-test-sha'
       } as Context);
     });
-    const context = await getContext(ContextSource.git);
+    jest.spyOn(Git, 'commitDate').mockImplementation(async (): Promise<Date> => {
+      return new Date('2023-01-01T13:42:28.000Z');
+    });
+    const context = await getContext(ContextSource.git, toolkit);
     expect(context.ref).toEqual('refs/heads/git-test');
     expect(context.sha).toEqual('git-test-sha');
+    expect(context.commitDate).toEqual(new Date('2023-01-01T13:42:28.000Z'));
   });
 });
 

__tests__/tag.test.ts

@@ -32,7 +32,8 @@ describe('transform', () => {
             "priority": DefaultPriorities[Type.Semver],
             "enable": "true",
             "pattern": "{{version}}",
-            "value": ""
+            "value": "",
+            "match": ""
           }
         },
         {
@@ -147,7 +148,8 @@ describe('parse', () => {
           "priority": DefaultPriorities[Type.Semver],
           "enable": "true",
           "pattern": "{{version}}",
-          "value": ""
+          "value": "",
+          "match": ""
         }
       } as Tag,
       false
@@ -160,7 +162,8 @@ describe('parse', () => {
           "priority": "1",
           "enable": "true",
           "pattern": "{{version}}",
-          "value": ""
+          "value": "",
+          "match": ""
         }
       } as Tag,
       false
@@ -173,7 +176,22 @@ describe('parse', () => {
           "priority": "1",
           "enable": "true",
           "pattern": "{{version}}",
-          "value": "v1.0.0"
+          "value": "v1.0.0",
+          "match": ""
+        }
+      } as Tag,
+      false
+    ],
+    [
+      `type=semver,priority=1,enable=true,pattern={{version}},value=p1/v1.0.0,"match=v(\\d.\\d.\\d)$"`,
+      {
+        type: Type.Semver,
+        attrs: {
+          "priority": "1",
+          "enable": "true",
+          "pattern": "{{version}}",
+          "value": "p1/v1.0.0",
+          "match": "v(\\d.\\d.\\d)$"
         }
       } as Tag,
       false

action.yml

@@ -13,7 +13,7 @@ inputs:
     required: true
   images:
     description: 'List of Docker images to use as base name for tags'
-    required: true
+    required: false
   tags:
     description: 'List of tags as key-value pair attributes'
     required: false
@@ -23,12 +23,18 @@ inputs:
   labels:
     description: 'List of custom labels'
     required: false
+  annotations:
+    description: 'List of custom annotations'
+    required: false
   sep-tags:
     description: 'Separator to use for tags output (default \n)'
     required: false
   sep-labels:
     description: 'Separator to use for labels output (default \n)'
     required: false
+  sep-annotations:
+    description: 'Separator to use for annotations output (default \n)'
+    required: false
   bake-target:
     description: 'Bake target name (default docker-metadata-action)'
     required: false
@@ -44,11 +50,19 @@ outputs:
     description: 'Generated Docker tags'
   labels:
     description: 'Generated Docker labels'
-  bake-file:
-    description: 'Bake definiton file'
+  annotations:
+    description: 'Generated annotations'
   json:
     description: 'JSON output of tags and labels'
+  bake-file-tags:
+    description: 'Bake definition file with tags'
+  bake-file-labels:
+    description: 'Bake definition file with labels'
+  bake-file-annotations:
+    description: 'Bake definition file with annotations'
+  bake-file:
+    description: 'Bake definition file with tags and labels'
 
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'

dev.Dockerfile

@@ -1,13 +1,20 @@
 # syntax=docker/dockerfile:1
 
-ARG NODE_VERSION=16
+ARG NODE_VERSION=20
 
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache <<EOT
+  corepack enable
+  yarn --version
+  yarn config set --home enableTelemetry 0
+EOT
 
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn install && mkdir /vendor && cp yarn.lock /vendor
 
@@ -20,7 +27,7 @@ RUN --mount=type=bind,target=.,rw <<EOT
   git add -A
   cp -rf /vendor/* .
   if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
-    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
     git status --porcelain -- yarn.lock
     exit 1
   fi
@@ -28,6 +35,7 @@ EOT
 
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run build && mkdir /out && cp -Rf dist /out/
 
@@ -48,24 +56,25 @@ EOT
 
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out
 
 FROM scratch AS format-update
 COPY --from=format /out /
 
 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
   yarn run lint
 
 FROM deps AS test
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
   --mount=type=cache,target=/src/node_modules \
-  yarn run test --coverageDirectory=/tmp/coverage
+  yarn run test --coverage --coverageDirectory=/tmp/coverage
 
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /

docker-bake.hcl

@@ -1,9 +1,15 @@
+target "_common" {
+  args = {
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
 group "default" {
   targets = ["build"]
 }
 
 group "pre-checkin" {
-  targets = ["vendor-update", "format", "build"]
+  targets = ["vendor", "format", "build"]
 }
 
 group "validate" {
@@ -11,42 +17,49 @@ group "validate" {
 }
 
 target "build" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-update"
   output = ["."]
 }
 
 target "build-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "build-validate"
   output = ["type=cacheonly"]
 }
 
 target "format" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "format-update"
   output = ["."]
 }
 
 target "lint" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "lint"
   output = ["type=cacheonly"]
 }
 
-target "vendor-update" {
+target "vendor" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "vendor-validate"
   output = ["type=cacheonly"]
 }
 
 target "test" {
+  inherits = ["_common"]
   dockerfile = "dev.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]

package.json

@@ -1,13 +1,16 @@
 {
   "name": "docker-metadata-action",
   "description": "GitHub Action to extract metadata (tags, labels) for Docker",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
   "scripts": {
-    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
-    "lint": "eslint src/**/*.ts __tests__/**/*.ts",
-    "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
-    "test": "jest --coverage",
-    "all": "yarn run build && yarn run format && yarn test"
+    "build": "ncc build --source-map --minify --license licenses.txt",
+    "lint": "yarn run prettier && yarn run eslint",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
+    "eslint": "eslint --max-warnings=0 .",
+    "eslint:fix": "eslint --fix .",
+    "prettier": "prettier --check \"./**/*.ts\"",
+    "prettier:fix": "prettier --write \"./**/*.ts\"",
+    "test": "jest"
   },
   "repository": {
     "type": "git",
@@ -20,41 +23,36 @@
     "tag",
     "label"
   ],
-  "author": "Docker",
-  "contributors": [
-    {
-      "name": "CrazyMax",
-      "url": "https://crazymax.dev"
-    }
-  ],
+  "author": "Docker Inc.",
   "license": "Apache-2.0",
+  "packageManager": "yarn@3.6.3",
   "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@actions/github": "^5.1.1",
-    "@docker/actions-toolkit": "^0.5.0",
+    "@actions/core": "^1.11.1",
+    "@actions/github": "^6.0.1",
+    "@docker/actions-toolkit": "^0.62.1",
     "@renovate/pep440": "^1.0.0",
-    "csv-parse": "^5.4.0",
-    "handlebars": "^4.7.7",
-    "moment": "^2.29.4",
-    "moment-timezone": "^0.5.43",
-    "semver": "^7.5.0"
+    "csv-parse": "^5.6.0",
+    "handlebars": "^4.7.8",
+    "moment": "^2.30.1",
+    "moment-timezone": "^0.6.0",
+    "semver": "^7.7.2"
   },
   "devDependencies": {
     "@types/csv-parse": "^1.2.2",
-    "@types/node": "^16.18.23",
-    "@types/semver": "^7.3.13",
-    "@typescript-eslint/eslint-plugin": "^5.56.0",
-    "@typescript-eslint/parser": "^5.56.0",
-    "@vercel/ncc": "^0.36.1",
-    "dotenv": "^16.0.3",
-    "eslint": "^8.36.0",
-    "eslint-config-prettier": "^8.8.0",
-    "eslint-plugin-jest": "^27.2.1",
-    "eslint-plugin-prettier": "^4.2.1",
-    "jest": "^29.5.0",
-    "prettier": "^2.8.7",
-    "ts-jest": "^29.0.5",
-    "ts-node": "^10.9.1",
-    "typescript": "^4.9.5"
+    "@types/node": "^20.12.12",
+    "@types/semver": "^7.7.0",
+    "@typescript-eslint/eslint-plugin": "^7.9.0",
+    "@typescript-eslint/parser": "^7.9.0",
+    "@vercel/ncc": "^0.38.1",
+    "dotenv": "^16.4.5",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-jest": "^28.5.0",
+    "eslint-plugin-prettier": "^5.1.3",
+    "jest": "^29.7.0",
+    "prettier": "^3.2.5",
+    "ts-jest": "^29.1.2",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.4.5"
   }
 }

src/context.ts

@@ -1,8 +1,13 @@
 import * as core from '@actions/core';
-import {Context} from '@actions/github/lib/context';
+import {Context as GithubContext} from '@actions/github/lib/context';
 import {Util} from '@docker/actions-toolkit/lib/util';
 import {Git} from '@docker/actions-toolkit/lib/git';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+
+export interface Context extends GithubContext {
+  commitDate: Date;
+}
 
 export interface Inputs {
   context: ContextSource;
@@ -10,8 +15,10 @@ export interface Inputs {
   tags: string[];
   flavor: string[];
   labels: string[];
+  annotations: string[];
   sepTags: string;
   sepLabels: string;
+  sepAnnotations: string;
   bakeTarget: string;
   githubToken: string;
 }
@@ -23,8 +30,10 @@ export function getInputs(): Inputs {
     tags: Util.getInputList('tags', {ignoreComma: true, comment: '#'}),
     flavor: Util.getInputList('flavor', {ignoreComma: true, comment: '#'}),
     labels: Util.getInputList('labels', {ignoreComma: true, comment: '#'}),
+    annotations: Util.getInputList('annotations', {ignoreComma: true, comment: '#'}),
     sepTags: core.getInput('sep-tags', {trimWhitespace: false}) || `\n`,
     sepLabels: core.getInput('sep-labels', {trimWhitespace: false}) || `\n`,
+    sepAnnotations: core.getInput('sep-annotations', {trimWhitespace: false}) || `\n`,
     bakeTarget: core.getInput('bake-target') || `docker-metadata-action`,
     githubToken: core.getInput('github-token')
   };
@@ -35,10 +44,10 @@ export enum ContextSource {
   git = 'git'
 }
 
-export async function getContext(source: ContextSource): Promise<Context> {
+export async function getContext(source: ContextSource, toolkit: Toolkit): Promise<Context> {
   switch (source) {
     case ContextSource.workflow:
-      return getContextFromWorkflow();
+      return await getContextFromWorkflow(toolkit);
     case ContextSource.git:
       return await getContextFromGit();
     default:
@@ -46,7 +55,7 @@ export async function getContext(source: ContextSource): Promise<Context> {
   }
 }
 
-function getContextFromWorkflow(): Context {
+async function getContextFromWorkflow(toolkit: Toolkit): Promise<Context> {
   const context = GitHub.context;
 
   // Needs to override Git reference with pr ref instead of upstream branch ref
@@ -65,9 +74,63 @@ function getContextFromWorkflow(): Context {
     }
   }
 
-  return context;
+  return {
+    commitDate: await getCommitDateFromWorkflow(context.sha, toolkit),
+    ...context
+  } as Context;
 }
 
 async function getContextFromGit(): Promise<Context> {
-  return await Git.context();
+  const ctx = await Git.context();
+
+  return {
+    commitDate: await Git.commitDate(ctx.sha),
+    ...ctx
+  } as Context;
+}
+
+async function getCommitDateFromWorkflow(sha: string, toolkit: Toolkit): Promise<Date> {
+  const event = GitHub.context.payload as unknown as {
+    // branch push
+    commits?: Array<{
+      timestamp: string;
+      // commit sha
+      id: string;
+    }>;
+    // tags
+    head_commit?: {
+      timestamp: string;
+      // commit sha
+      id: string;
+    };
+  };
+
+  if (event.commits) {
+    const commitDate = event.commits.find(x => x.id === sha)?.timestamp;
+    if (commitDate) {
+      return new Date(commitDate);
+    }
+  }
+
+  if (event.head_commit) {
+    if (event.head_commit.id === sha) {
+      return new Date(event.head_commit.timestamp);
+    }
+  }
+
+  // fallback to github api for commit date
+  try {
+    const commit = await toolkit.github.octokit.rest.repos.getCommit({
+      owner: GitHub.context.repo.owner,
+      repo: GitHub.context.repo.repo,
+      ref: sha
+    });
+    if (commit.data.commit.committer?.date) {
+      return new Date(commit.data.commit.committer.date);
+    }
+    throw new Error('Committer date not found');
+  } catch (error) {
+    core.debug(`Failed to get commit date from GitHub API: ${error.message}`);
+    return new Date();
+  }
 }

src/main.ts

@@ -2,26 +2,19 @@ import * as fs from 'fs';
 import * as core from '@actions/core';
 import * as actionsToolkit from '@docker/actions-toolkit';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {Util} from '@docker/actions-toolkit/lib/util';
 
 import {getContext, getInputs, Inputs} from './context';
 import {Meta, Version} from './meta';
 
-function setOutput(name: string, value: string) {
-  core.setOutput(name, value);
-  core.exportVariable(`DOCKER_METADATA_OUTPUT_${name.replace(/\W/g, '_').toUpperCase()}`, value);
-}
-
 actionsToolkit.run(
   // main
   async () => {
     const inputs: Inputs = getInputs();
-    if (inputs.images.length == 0) {
-      throw new Error(`images input required`);
-    }
-
     const toolkit = new Toolkit({githubToken: inputs.githubToken});
-    const context = await getContext(inputs.context);
+    const context = await getContext(inputs.context, toolkit);
     const repo = await toolkit.github.repoData();
+    const setOutput = outputEnvEnabled() ? setOutputAndEnv : core.setOutput;
 
     await core.group(`Context info`, async () => {
       core.info(`eventName: ${context.eventName}`);
@@ -32,6 +25,7 @@ actionsToolkit.run(
       core.info(`actor: ${context.actor}`);
       core.info(`runNumber: ${context.runNumber}`);
       core.info(`runId: ${context.runId}`);
+      core.info(`commitDate: ${context.commitDate}`);
     });
 
     if (core.isDebug()) {
@@ -74,18 +68,53 @@ actionsToolkit.run(
       setOutput('labels', labels.join(inputs.sepLabels));
     });
 
+    // Annotations
+    const annotationsRaw: Array<string> = meta.getAnnotations();
+    const annotationsLevels = process.env.DOCKER_METADATA_ANNOTATIONS_LEVELS || 'manifest';
+    await core.group(`Annotations`, async () => {
+      const annotations: Array<string> = [];
+      for (const level of annotationsLevels.split(',')) {
+        annotations.push(
+          ...annotationsRaw.map(label => {
+            const v = `${level}:${label}`;
+            core.info(v);
+            return v;
+          })
+        );
+      }
+      setOutput(`annotations`, annotations.join(inputs.sepAnnotations));
+    });
+
     // JSON
-    const jsonOutput = meta.getJSON();
+    const jsonOutput = meta.getJSON(annotationsLevels.split(','));
     await core.group(`JSON output`, async () => {
       core.info(JSON.stringify(jsonOutput, null, 2));
       setOutput('json', JSON.stringify(jsonOutput));
     });
 
-    // Bake file definition
-    const bakeFile: string = meta.getBakeFile();
-    await core.group(`Bake file definition`, async () => {
+    // Bake files
+    for (const kind of ['tags', 'labels', 'annotations:' + annotationsLevels]) {
+      const outputName = kind.split(':')[0];
+      const bakeFile: string = meta.getBakeFile(kind);
+      await core.group(`Bake file definition (${outputName})`, async () => {
         core.info(fs.readFileSync(bakeFile, 'utf8'));
-      setOutput('bake-file', bakeFile);
+        setOutput(`bake-file-${outputName}`, bakeFile);
       });
     }
+
+    // Bake file with tags and labels
+    setOutput(`bake-file`, `${meta.getBakeFileTagsLabels()}`);
+  }
 );
+
+function setOutputAndEnv(name: string, value: string) {
+  core.setOutput(name, value);
+  core.exportVariable(`DOCKER_METADATA_OUTPUT_${name.replace(/\W/g, '_').toUpperCase()}`, value);
+}
+
+function outputEnvEnabled(): boolean {
+  if (process.env.DOCKER_METADATA_SET_OUTPUT_ENV) {
+    return Util.parseBool(process.env.DOCKER_METADATA_SET_OUTPUT_ENV);
+  }
+  return true;
+}

src/meta.ts

@@ -5,15 +5,16 @@ import moment from 'moment-timezone';
 import * as pep440 from '@renovate/pep440';
 import * as semver from 'semver';
 import * as core from '@actions/core';
-import {Context} from '@actions/github/lib/context';
 import {Context as ToolkitContext} from '@docker/actions-toolkit/lib/context';
 import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
 
-import {Inputs} from './context';
+import {Inputs, Context} from './context';
 import * as icl from './image';
 import * as tcl from './tag';
 import * as fcl from './flavor';
 
+const defaultShortShaLength = 7;
+
 export interface Version {
   main: string | undefined;
   partial: string[];
@@ -113,6 +114,7 @@ export class Meta {
     }
 
     const currentDate = this.date;
+    const commitDate = this.context.commitDate;
     const vraw = this.setValue(
       handlebars.compile(tag.attrs['pattern'])({
         date: function (format, options) {
@@ -128,6 +130,20 @@ export class Meta {
             }
           });
           return m.tz(tz).format(format);
+        },
+        commit_date: function (format, options) {
+          const m = moment(commitDate);
+          let tz = 'UTC';
+          Object.keys(options.hash).forEach(key => {
+            switch (key) {
+              case 'tz':
+                tz = options.hash[key];
+                break;
+              default:
+                throw new Error(`Unknown ${key} attribute`);
+            }
+          });
+          return m.tz(tz).format(format);
         }
       }),
       tag
@@ -145,8 +161,20 @@ export class Meta {
     if (tag.attrs['value'].length > 0) {
       vraw = this.setGlobalExp(tag.attrs['value']);
     } else {
-      vraw = this.context.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-');
+      vraw = this.context.ref.replace(/^refs\/tags\//g, '');
     }
+
+    if (tag.attrs['match'].length > 0) {
+      const tmatch = vraw.match(tag.attrs['match']);
+      if (!tmatch) {
+        core.warning(`${tag.attrs['match']} does not match ${vraw}.`);
+      } else {
+        vraw = tmatch[1];
+      }
+    }
+
+    vraw = vraw.replace(/\//g, '-');
+
     if (!semver.valid(vraw)) {
       core.warning(`${vraw} is not a valid semver. More info: https://semver.org/`);
       return version;
@@ -179,8 +207,20 @@ export class Meta {
     if (tag.attrs['value'].length > 0) {
       vraw = this.setGlobalExp(tag.attrs['value']);
     } else {
-      vraw = this.context.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-');
+      vraw = this.context.ref.replace(/^refs\/tags\//g, '');
     }
+
+    if (tag.attrs['match'].length > 0) {
+      const tmatch = vraw.match(tag.attrs['match']);
+      if (!tmatch) {
+        core.warning(`${tag.attrs['match']} does not match ${vraw}.`);
+      } else {
+        vraw = tmatch[1];
+      }
+    }
+
+    vraw = vraw.replace(/\//g, '-');
+
     if (!pep440.valid(vraw)) {
       core.warning(`${vraw} does not conform to PEP 440. More info: https://www.python.org/dev/peps/pep-0440`);
       return version;
@@ -307,7 +347,7 @@ export class Meta {
 
     let val = this.context.sha;
     if (tag.attrs['format'] === tcl.ShaFormat.Short) {
-      val = this.context.sha.substring(0, 7);
+      val = Meta.shortSha(this.context.sha);
     }
 
     const vraw = this.setValue(val, tag);
@@ -356,9 +396,10 @@ export class Meta {
     return val;
   }
 
-  private setGlobalExp(val): string {
+  private setGlobalExp(val: string): string {
     const context = this.context;
     const currentDate = this.date;
+    const commitDate = this.context.commitDate;
     return handlebars.compile(val)({
       branch: function () {
         if (!/^refs\/heads\//.test(context.ref)) {
@@ -373,7 +414,7 @@ export class Meta {
         return context.ref.replace(/^refs\/tags\//g, '');
       },
       sha: function () {
-        return context.sha.substring(0, 7);
+        return Meta.shortSha(context.sha);
       },
       base_ref: function () {
         if (/^refs\/tags\//.test(context.ref) && context.payload?.base_ref != undefined) {
@@ -386,6 +427,20 @@ export class Meta {
         }
         return '';
       },
+      commit_date: function (format, options) {
+        const m = moment(commitDate);
+        let tz = 'UTC';
+        Object.keys(options.hash).forEach(key => {
+          switch (key) {
+            case 'tz':
+              tz = options.hash[key];
+              break;
+            default:
+              throw new Error(`Unknown ${key} attribute`);
+          }
+        });
+        return m.tz(tz).format(format);
+      },
       is_default_branch: function () {
         const branch = context.ref.replace(/^refs\/heads\//g, '');
         // TODO: "base_ref" is available in the push payload but doesn't always seem to
@@ -408,6 +463,9 @@ export class Meta {
         }
         return 'false';
       },
+      is_not_default_branch: function () {
+        return this.is_default_branch() === 'false' ? 'true' : 'false';
+      },
       date: function (format, options) {
         const m = moment(currentDate);
         let tz = 'UTC';
@@ -440,22 +498,43 @@ export class Meta {
     if (!this.version.main) {
       return [];
     }
+
+    const generateTags = (imageName: string, version: string): Array<string> => {
       const tags: Array<string> = [];
-    for (const imageName of this.getImageNames()) {
-      tags.push(`${imageName}:${this.version.main}`);
+      const prefix = imageName !== '' ? `${imageName}:` : '';
+      tags.push(`${prefix}${version}`);
       for (const partial of this.version.partial) {
-        tags.push(`${imageName}:${partial}`);
+        tags.push(`${prefix}${partial}`);
       }
       if (this.version.latest) {
         const latestTag = `${this.flavor.prefixLatest ? this.flavor.prefix : ''}latest${this.flavor.suffixLatest ? this.flavor.suffix : ''}`;
-        tags.push(`${imageName}:${Meta.sanitizeTag(latestTag)}`);
+        tags.push(`${prefix}${Meta.sanitizeTag(latestTag)}`);
       }
+      return tags;
+    };
+
+    const tags: Array<string> = [];
+    const images = this.getImageNames();
+    if (images.length > 0) {
+      for (const imageName of images) {
+        tags.push(...generateTags(imageName, this.version.main));
+      }
+    } else {
+      tags.push(...generateTags('', this.version.main));
     }
     return tags;
   }
 
   public getLabels(): Array<string> {
-    const labels: Array<string> = [
+    return this.getOCIAnnotationsWithCustoms(this.inputs.labels);
+  }
+
+  public getAnnotations(): Array<string> {
+    return this.getOCIAnnotationsWithCustoms(this.inputs.annotations);
+  }
+
+  private getOCIAnnotationsWithCustoms(extra: string[]): Array<string> {
+    const res: Array<string> = [
       `org.opencontainers.image.title=${this.repo.name || ''}`,
       `org.opencontainers.image.description=${this.repo.description || ''}`,
       `org.opencontainers.image.url=${this.repo.html_url || ''}`,
@@ -465,11 +544,13 @@ export class Meta {
       `org.opencontainers.image.revision=${this.context.sha || ''}`,
       `org.opencontainers.image.licenses=${this.repo.license?.spdx_id || ''}`
     ];
-    labels.push(...this.inputs.labels);
+    extra.forEach(label => {
+      res.push(this.setGlobalExp(label));
+    });
 
     return Array.from(
       new Map<string, string>(
-        labels
+        res
           .map(label => label.split('='))
           // eslint-disable-next-line @typescript-eslint/no-unused-vars
           .filter(([_key, ...values]) => values.length > 0)
@@ -480,7 +561,11 @@ export class Meta {
       .map(([key, value]) => `${key}=${value}`);
   }
 
-  public getJSON(): unknown {
+  public getJSON(alevels: string[]): unknown {
+    const annotations: Array<string> = [];
+    for (const level of alevels) {
+      annotations.push(...this.getAnnotations().map(label => `${level}:${label}`));
+    }
     return {
       tags: this.getTags(),
       labels: this.getLabels().reduce((res, label) => {
@@ -490,18 +575,55 @@ export class Meta {
         }
         res[matches[1]] = matches[2];
         return res;
-      }, {})
+      }, {}),
+      annotations: annotations
     };
   }
 
-  public getBakeFile(): string {
-    const bakeFile = path.join(ToolkitContext.tmpDir(), 'docker-metadata-action-bake.json');
-    fs.writeFileSync(
-      bakeFile,
-      JSON.stringify(
+  public getBakeFile(kind: string): string {
+    if (kind == 'tags') {
+      return this.generateBakeFile(
         {
-          target: {
-            [this.inputs.bakeTarget]: {
+          tags: this.getTags(),
+          args: {
+            DOCKER_META_IMAGES: this.getImageNames().join(','),
+            DOCKER_META_VERSION: this.version.main
+          }
+        },
+        kind
+      );
+    } else if (kind == 'labels') {
+      return this.generateBakeFile(
+        {
+          labels: this.getLabels().reduce((res, label) => {
+            const matches = label.match(/([^=]*)=(.*)/);
+            if (!matches) {
+              return res;
+            }
+            res[matches[1]] = matches[2];
+            return res;
+          }, {})
+        },
+        kind
+      );
+    } else if (kind.startsWith('annotations:')) {
+      const name = kind.split(':')[0];
+      const annotations: Array<string> = [];
+      for (const level of kind.split(':')[1].split(',')) {
+        annotations.push(...this.getAnnotations().map(label => `${level}:${label}`));
+      }
+      return this.generateBakeFile(
+        {
+          annotations: annotations
+        },
+        name
+      );
+    }
+    throw new Error(`Unknown bake file type: ${kind}`);
+  }
+
+  public getBakeFileTagsLabels(): string {
+    return this.generateBakeFile({
       tags: this.getTags(),
       labels: this.getLabels().reduce((res, label) => {
         const matches = label.match(/([^=]*)=(.*)/);
@@ -515,14 +637,12 @@ export class Meta {
         DOCKER_META_IMAGES: this.getImageNames().join(','),
         DOCKER_META_VERSION: this.version.main
       }
+    });
   }
-          }
-        },
-        null,
-        2
-      )
-    );
 
+  private generateBakeFile(dt, suffix?: string): string {
+    const bakeFile = path.join(ToolkitContext.tmpDir(), `docker-metadata-action-bake${suffix ? `-${suffix}` : ''}.json`);
+    fs.writeFileSync(bakeFile, JSON.stringify({target: {[this.inputs.bakeTarget]: dt}}, null, 2));
     return bakeFile;
   }
 
@@ -533,4 +653,18 @@ export class Meta {
   private static sanitizeTag(tag: string): string {
     return tag.replace(/[^a-zA-Z0-9._-]+/g, '-');
   }
+
+  private static shortSha(sha: string): string {
+    let shortShaLength = defaultShortShaLength;
+    if (process.env.DOCKER_METADATA_SHORT_SHA_LENGTH) {
+      if (isNaN(Number(process.env.DOCKER_METADATA_SHORT_SHA_LENGTH))) {
+        throw new Error(`DOCKER_METADATA_SHORT_SHA_LENGTH is not a valid number: ${process.env.DOCKER_METADATA_SHORT_SHA_LENGTH}`);
+      }
+      shortShaLength = Number(process.env.DOCKER_METADATA_SHORT_SHA_LENGTH);
+    }
+    if (shortShaLength >= sha.length) {
+      return sha;
+    }
+    return sha.substring(0, shortShaLength);
+  }
 }

src/tag.ts

@@ -137,6 +137,9 @@ export function Parse(s: string): Tag {
       if (!Object.prototype.hasOwnProperty.call(tag.attrs, 'value')) {
         tag.attrs['value'] = '';
       }
+      if (!Object.prototype.hasOwnProperty.call(tag.attrs, 'match')) {
+        tag.attrs['match'] = '';
+      }
       break;
     }
     case Type.Match: {

test/output.Dockerfile

@@ -4,9 +4,11 @@ RUN apk add --no-cache coreutils jq
 ARG DOCKER_METADATA_OUTPUT_VERSION
 ARG DOCKER_METADATA_OUTPUT_TAGS
 ARG DOCKER_METADATA_OUTPUT_LABELS
+ARG DOCKER_METADATA_OUTPUT_ANNOTATIONS
 ARG DOCKER_METADATA_OUTPUT_JSON
 RUN printenv DOCKER_METADATA_OUTPUT_VERSION
 RUN printenv DOCKER_METADATA_OUTPUT_TAGS
 RUN printenv DOCKER_METADATA_OUTPUT_LABELS
+RUN printenv DOCKER_METADATA_OUTPUT_ANNOTATIONS
 RUN printenv DOCKER_METADATA_OUTPUT_JSON
 RUN echo $DOCKER_METADATA_OUTPUT_JSON | jq