chore(deps): Bump @babel/runtime-corejs3 from 7.14.7 to 7.28.2

Bumps [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) from 7.14.7 to 7.28.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.2/packages/babel-runtime-corejs3) --- updated-dependencies: - dependency-name: "@babel/runtime-corejs3" dependency-version: 7.28.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #537 from crazy-max/pep440-match
2025-08-06 15:15:38 +00:00 · 2025-08-01 10:56:28 +02:00 · 2025-08-01 10:53:35 +02:00 · 2025-08-01 10:52:31 +02:00 · 2025-08-01 10:41:39 +02:00 · 2025-07-31 18:15:00 +02:00
49 changed files with 14897 additions and 5733 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,12 @@
 /coverage
-/node_modules
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1,3 @@
+/dist/**
+/coverage/**
+/node_modules/**
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -1,18 +1,19 @@
 {
  "env": {
    "node": true,
-    "es2021": true,
-    "jest/globals": true
+    "es6": true,
+    "jest": true
  },
  "extends": [
    "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
    "plugin:@typescript-eslint/recommended",
    "plugin:jest/recommended",
    "plugin:prettier/recommended"
  ],
  "parser": "@typescript-eslint/parser",
  "parserOptions": {
-    "ecmaVersion": "latest",
+    "ecmaVersion": 2023,
    "sourceType": "module"
  },
  "plugins": [
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,5 @@
+/.yarn/releases/** binary
+/.yarn/plugins/** binary
 /__tests__/fixtures/** -linguist-detectable
 /dist/** linguist-generated=true
 /lib/** linguist-generated=true
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +0,0 @@
-*	@crazy-max
--- a/.github/CODE_OF_CONDUCT.md
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Code of conduct
+
+- [Moby community guidelines](https://github.com/moby/moby/blob/master/CONTRIBUTING.md#moby-community-guidelines)
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -0,0 +1,101 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Bug Report
+description: Report a bug
+labels:
+  - status/triage
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to report a bug!
+        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
+
+  - type: checkboxes
+    attributes:
+      label: Contributing guidelines
+      description: >
+        Make sure you've read the contributing guidelines before proceeding.
+      options:
+        - label: I've read the [contributing guidelines](https://github.com/docker/metadata-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
+          required: true
+
+  - type: checkboxes
+    attributes:
+      label: "I've found a bug, and:"
+      description: |
+        Make sure that your request fulfills all of the following requirements.
+        If one requirement cannot be satisfied, explain in detail why.
+      options:
+        - label: The documentation does not mention anything about my problem
+        - label: There are no open or closed issues that are related to my problem
+
+  - type: textarea
+    attributes:
+      label: Description
+      description: >
+        Provide a brief description of the bug in 1-2 sentences.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Expected behaviour
+      description: >
+        Describe precisely what you'd expect to happen.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Actual behaviour
+      description: >
+        Describe precisely what is actually happening.
+    validations:
+      required: true
+
+  - type: input
+    attributes:
+      label: Repository URL
+      description: >
+        Enter the URL of the repository where you are experiencing the
+        issue. If your repository is private, provide a link to a minimal
+        repository that reproduces the issue.
+
+  - type: input
+    attributes:
+      label: Workflow run URL
+      description: >
+        Enter the URL of the GitHub Action workflow run if public (e.g.
+        `https://github.com/<user>/<repo>/actions/runs/<id>`)
+
+  - type: textarea
+    attributes:
+      label: YAML workflow
+      description: |
+        Provide the YAML of the workflow that's causing the issue.
+        Make sure to remove any sensitive information.
+      render: yaml
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: Workflow logs
+      description: >
+        [Attach](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/attaching-files)
+        the [log file of your workflow run](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
+        and make sure to remove any sensitive information.
+
+  - type: textarea
+    attributes:
+      label: BuildKit logs
+      description: >
+        If applicable, provide the [BuildKit container logs](https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs)
+      render: text
+
+  - type: textarea
+    attributes:
+      label: Additional info
+      description: |
+        Provide any additional information that could be useful.
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,34 +0,0 @@
---
-name: Bug report
-about: Create a report to help us improve
---
-
-### Behaviour
-
-#### Steps to reproduce this issue
-
-1.
-2.
-3.
-
-#### Expected behaviour
-
-> Tell us what should happen
-
-#### Actual behaviour
-
-> Tell us what happens instead
-
-### Configuration
-
-* Repository URL (if public): 
-* Build URL (if public): 
-
-```yml
-# paste your YAML workflow file here and remove sensitive data
-```
-
-### Logs
-
-> Download the [log file of your build](https://docs.github.com/en/actions/managing-workflow-runs/using-workflow-run-logs#downloading-logs)
-> and [attach it](https://docs.github.com/en/github/managing-your-work-on-github/file-attachments-on-issues-and-pull-requests) to this issue.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,9 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
+blank_issues_enabled: true
+contact_links:
+  - name: Questions and Discussions
+    url: https://github.com/docker/metadata-action/discussions/new
+    about: Use Github Discussions to ask questions and/or open discussion topics.
+  - name: Documentation
+    url: https://docs.docker.com/build/ci/github-actions/
+    about: Read the documentation.
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -0,0 +1,15 @@
+# https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema
+name: Feature request
+description: Missing functionality? Come tell us about it!
+labels:
+  - kind/enhancement
+  - status/triage
+
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is the feature you want to see?
+    validations:
+      required: true
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -0,0 +1,12 @@
+# Reporting security issues
+
+The project maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+**Please _DO NOT_ file a public issue**, instead send your report privately to
+[security@docker.com](mailto:security@docker.com).
+
+Security reports are greatly appreciated, and we will publicly thank you for it.
+We also like to send gifts&mdash;if you'd like Docker swag, make sure to let
+us know. We currently do not offer a paid security bounty program, but are not
+ruling it out in the future.
--- a/.github/SUPPORT.md
+++ b/.github/SUPPORT.md
@@ -1,32 +0,0 @@
-# Support [![](https://isitmaintained.com/badge/resolution/docker/metadata-action.svg)](https://isitmaintained.com/project/docker/metadata-action)
-
-## Reporting an issue
-
-Please do a search in [open issues](https://github.com/docker/metadata-action/issues?utf8=%E2%9C%93&q=) to see if the
-issue or feature request has already been filed.
-
-If you find your issue already exists, make relevant comments and add your
-[reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place
-of a "+1" comment.
-
-:+1: - upvote
-
-:-1: - downvote
-
-If you cannot find an existing issue that describes your bug or feature, submit an issue using the guidelines below.
-
-## Writing good bug reports and feature requests
-
-File a single issue per problem and feature request.
-
-* Do not enumerate multiple bugs or feature requests in the same issue.
-* Do not add your issue as a comment to an existing issue unless it's for the identical input. Many issues look similar, but have different causes.
-
-The more information you can provide, the more likely someone will be successful reproducing the issue and finding a fix.
-
-You are now ready to [create a new issue](https://github.com/docker/metadata-action/issues/new/choose)!
-
-## Closure policy
-
-* Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the support guidelines.
-* Issues that go a week without a response from original poster are subject to closure at our discretion.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,6 +11,7 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
+    versioning-strategy: "increase"
    allow:
      - dependency-type: "production"
    labels:
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,8 +1,12 @@
 name: ci

+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
  schedule:
-    - cron: '0 */4 * * *' # every 4 hours
+    - cron: '0 10 * * *'
  push:
    branches:
      - 'master'
@@ -10,20 +14,42 @@ on:
    tags:
      - 'v*.*.*'
  pull_request:
-    branches:
-      - 'master'
-      - 'releases/v*'

 env:
  DOCKER_IMAGE: localhost:5000/name/app
+  BUILDX_VERSION: latest

 jobs:
+  context:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        context:
+          - workflow
+          - git
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          context: ${{ matrix.context }}
+
  multi-images:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -37,6 +63,9 @@ jobs:
            type=ref,event=tag
            type=ref,event=pr
            type=sha
+      -
+        name: Print envs
+        run: env|sort

  tag-schedule:
    runs-on: ubuntu-latest
@@ -51,7 +80,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -81,7 +116,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -109,7 +150,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -134,7 +181,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -151,7 +204,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -161,12 +220,18 @@ jobs:
            name=ghcr.io/name/app,enable=${{ github.event_name == 'pull_request' }}
            name=ghcr.io/name/release,enable=${{ startsWith(github.ref, 'refs/tags/') }}

-  labels:
+  custom-labels-annotations:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -179,13 +244,24 @@ jobs:
            org.opencontainers.image.title=MyCustomTitle
            org.opencontainers.image.description=this is a "good" example
            org.opencontainers.image.vendor=MyCompany
+          annotations: |
+            maintainer=Foo
+            org.opencontainers.image.title=MyFooTitle
+            org.opencontainers.image.description=this is a "foo" example
+            org.opencontainers.image.vendor=MyFooCompany

  global-exps:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        uses: ./
@@ -193,6 +269,8 @@ jobs:
          images: |
            ${{ env.DOCKER_IMAGE }}
            ghcr.io/name/app
+          labels: |
+            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
          tags: |
            type=sha
            type=raw,value=gexp-branch-{{branch}}
@@ -200,13 +278,20 @@ jobs:
            type=raw,value=gexp-tag-{{tag}}
            type=raw,value=gexp-baseref-{{base_ref}}
            type=raw,value=gexp-defbranch,enable={{is_default_branch}}
+            type=raw,value=gexp-notdefbranch,enable={{is_not_default_branch}}

  json:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
      -
        name: Docker meta
        id: meta
@@ -235,7 +320,13 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver-opts: network=host
      -
        name: Docker meta
        id: docker_meta
@@ -252,17 +343,9 @@ jobs:
            type=semver,pattern=v{{major}}.{{minor}}
            type=semver,pattern=v{{major}}
            type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-        with:
-          driver-opts: network=host
      -
        name: Build and push to local registry
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
        with:
          context: ./test
          file: ./test/Dockerfile
@@ -279,17 +362,18 @@ jobs:
        name: Check manifest
        run: |
          docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
-      -
-        name: Dump context
-        if: always()
-        uses: crazy-max/ghaction-dump-context@v1

  bake:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
      -
        name: Docker meta
        id: docker_meta
@@ -307,18 +391,244 @@ jobs:
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
      -
        name: Build
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v6
        with:
          files: |
            ./test/docker-bake.hcl
-            ${{ steps.docker_meta.outputs.bake-file }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-tags }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-labels }}
          targets: |
            release
+
+  sep-tags:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sep:
+          - " "
+          - ","
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        id: meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          sep-tags: ${{ matrix.sep }}
+      -
+        name: Tags
+        uses: actions/github-script@v7
+        with:
+          script: |
+            console.log(`${{ steps.meta.outputs.tags }}`);
+
+  output-env:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        id: meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          labels: |
+            maintainer=CrazyMax
+          annotations: |
+            maintainer=Foo
+      -
+        name: Build
+        uses: docker/build-push-action@v6
+        with:
+          context: ./test
+          file: ./test/output.Dockerfile
+          build-args: |
+            DOCKER_METADATA_OUTPUT_VERSION
+            DOCKER_METADATA_OUTPUT_TAGS
+            DOCKER_METADATA_OUTPUT_LABELS
+            DOCKER_METADATA_OUTPUT_ANNOTATIONS
+            DOCKER_METADATA_OUTPUT_JSON
+
+  no-output-env:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_METADATA_SET_OUTPUT_ENV: false
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Docker meta
+        id: meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          labels: |
+            maintainer=CrazyMax
+          annotations: |
+            maintainer=Foo
+      -
+        name: No output environment variables set
+        shell: bash
+        run: |
+          [[ "$(printenv | grep "^DOCKER_METADATA_OUTPUT_" | wc -l)" -eq 0 ]] || exit 1
+
+  bake-annotations:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./test/docker-bake.hcl
+            cwd://${{ steps.docker_meta.outputs.bake-file-tags }}
+            cwd://${{ steps.docker_meta.outputs.bake-file-annotations }}
+          targets: |
+            release
+
+  no-images:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha
+      -
+        name: Print envs
+        run: env|sort
+
+  bake-path-context:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: latest
+      -
+        name: Docker meta
+        id: docker_meta
+        uses: ./
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          source: .
+          files: |
+            ./test/docker-bake.hcl
+            ${{ steps.docker_meta.outputs.bake-file-tags }}
+            ${{ steps.docker_meta.outputs.bake-file-labels }}
+          targets: |
+            release
+
+  sha-short:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        short-length:
+          - ''
+          - 16
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ env.BUILDX_VERSION }}
+          driver: docker
+      -
+        name: Docker meta
+        uses: ./
+        with:
+          images: |
+            ${{ env.DOCKER_IMAGE }}
+            ghcr.io/name/app
+          tags: |
+            type=sha
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: ${{ matrix.short-length }}
+
+  dump:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Dump context
+        uses: crazy-max/ghaction-dump-context@v2
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@@ -0,0 +1,17 @@
+name: pr-assign-author
+
+permissions:
+  contents: read
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  run:
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
+    permissions:
+      contents: read
+      pull-requests: write
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,21 @@
+name: publish
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Publish
+        uses: actions/publish-immutable-action@v0.0.4
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,14 +1,15 @@
 name: test

+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
  push:
    branches:
      - 'master'
      - 'releases/v*'
  pull_request:
-    branches:
-      - 'master'
-      - 'releases/v*'

 jobs:
  test:
@@ -16,19 +17,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Validate
-        uses: docker/bake-action@v1
-        with:
-          targets: validate
+        uses: actions/checkout@v4
      -
        name: Test
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v6
        with:
+          source: .
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
        with:
-          file: ./coverage/clover.xml
+          files: ./coverage/clover.xml
+          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -0,0 +1,43 @@
+name: validate
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'releases/v*'
+  pull_request:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      targets: ${{ steps.generate.outputs.targets }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: List targets
+        id: generate
+        uses: docker/bake-action/subaction/list-targets@v6
+        with:
+          target: validate
+
+  validate:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
+      -
+        name: Validate
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,5 @@
-/.dev
-node_modules/
-lib
+# https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore

-# Jetbrains
-/.idea
-/*.iml
-
-# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
@@ -14,6 +7,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
+.pnpm-debug.log*

 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -24,34 +18,14 @@ pids
 *.seed
 *.pid.lock

-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
 # Coverage directory used by tools like istanbul
 coverage
 *.lcov

-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
 # Dependency directories
+node_modules/
 jspm_packages/

-# TypeScript v1 declaration files
-typings/
-
 # TypeScript cache
 *.tsbuildinfo

@@ -61,36 +35,19 @@ typings/
 # Optional eslint cache
 .eslintcache

-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
 # Yarn Integrity file
 .yarn-integrity

-# dotenv environment variables file
+# dotenv environment variable files
 .env
-.env.test
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local

-# parcel-bundler cache (https://parceljs.org/)
-.cache
-
-# next.js build output
-.next
-
-# nuxt.js build output
-.nuxt
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,6 @@
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# yarn v2
+.yarn/
--- a/.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+++ b/.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -0,0 +1,13 @@
+logFilters:
+  - code: YN0013
+    level: discard
+  - code: YN0019
+    level: discard
+  - code: YN0076
+    level: discard
+
+nodeLinker: node-modules
+
+plugins:
+  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+    spec: "@yarnpkg/plugin-interactive-tools"
--- a/README.md
+++ b/README.md
@@ -1,12 +1,14 @@
 [![GitHub release](https://img.shields.io/github/release/docker/metadata-action.svg?style=flat-square)](https://github.com/docker/metadata-action/releases/latest)
 [![GitHub marketplace](https://img.shields.io/badge/marketplace-docker--metadata--action-blue?logo=github&style=flat-square)](https://github.com/marketplace/actions/docker-metadata-action)
-[![Test workflow](https://img.shields.io/github/workflow/status/docker/metadata-action/test?label=test&logo=github&style=flat-square)](https://github.com/docker/metadata-action/actions?workflow=test)
+[![CI workflow](https://img.shields.io/github/actions/workflow/status/docker/metadata-action/ci.yml?branch=master&label=ci&logo=github&style=flat-square)](https://github.com/docker/metadata-action/actions?workflow=ci)
+[![Test workflow](https://img.shields.io/github/actions/workflow/status/docker/metadata-action/test.yml?branch=master&label=test&logo=github&style=flat-square)](https://github.com/docker/metadata-action/actions?workflow=test)
 [![Codecov](https://img.shields.io/codecov/c/github/docker/metadata-action?logo=codecov&style=flat-square)](https://codecov.io/gh/docker/metadata-action)

 ## About

-GitHub Action to extract metadata from Git reference and GitHub events.
-This action is particularly useful if used with [Docker Build Push](https://github.com/docker/build-push-action) action to tag and label Docker images.
+GitHub Action to extract metadata from Git reference and GitHub events. This action
+is particularly useful if used with [Docker Build Push](https://github.com/docker/build-push-action)
+action to tag and label Docker images.

 ![Screenshot](.github/metadata-action.png)

@@ -19,6 +21,8 @@ ___
 * [Customizing](#customizing)
  * [inputs](#inputs)
  * [outputs](#outputs)
+  * [environment variables](#environment-variables)
+* [`context` input](#context-input)
 * [`images` input](#images-input)
 * [`flavor` input](#flavor-input)
 * [`tags` input](#tags-input)
@@ -33,17 +37,21 @@ ___
 * [Notes](#notes)
  * [Image name and tag sanitization](#image-name-and-tag-sanitization)
  * [Latest tag](#latest-tag)
+  * [`priority` attribute](#priority-attribute)
  * [Global expressions](#global-expressions)
    * [`{{branch}}`](#branch)
    * [`{{tag}}`](#tag)
    * [`{{sha}}`](#sha)
    * [`{{base_ref}}`](#base_ref)
    * [`{{is_default_branch}}`](#is_default_branch)
-    * [`{{date '<format>'}}`](#date-format)
+    * [`{{is_not_default_branch}}`](#is_not_default_branch)
+    * [`{{date '<format>' tz='<timezone>'}}`](#date-format-tztimezone)
+    * [`{{commit_date '<format>' tz='<timezone>'}}`](#commit_date-format-tztimezone)
  * [Major version zero](#major-version-zero)
  * [JSON output object](#json-output-object)
-  * [Overwrite labels](#overwrite-labels)
-* [Keep up-to-date with GitHub Dependabot](#keep-up-to-date-with-github-dependabot)
+  * [Overwrite labels and annotations](#overwrite-labels-and-annotations)
+  * [Annotations](#annotations)
+* [Contributing](#contributing)

 ## Usage

@@ -53,6 +61,7 @@ ___
 name: ci

 on:
+  workflow_dispatch:
  push:
    branches:
      - 'master'
@@ -68,23 +77,23 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: name/app
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
@@ -92,13 +101,14 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
 ```

-| Event           | Ref                           | Docker Tags                         |
-|-----------------|-------------------------------|-------------------------------------|
-| `pull_request`  | `refs/pull/2/merge`           | `pr-2`                              |
-| `push`          | `refs/heads/master`           | `master`                            |
-| `push`          | `refs/heads/releases/v1`      | `releases-v1`                       |
-| `push tag`      | `refs/tags/v1.2.3`            | `v1.2.3`, `latest`                  |
-| `push tag`      | `refs/tags/v2.0.8-beta.67`    | `v2.0.8-beta.67`, `latest`          |
+| Event               | Ref                           | Docker Tags                |
+|---------------------|-------------------------------|----------------------------|
+| `pull_request`      | `refs/pull/2/merge`           | `pr-2`                     |
+| `push`              | `refs/heads/master`           | `master`                   |
+| `push`              | `refs/heads/releases/v1`      | `releases-v1`              |
+| `push tag`          | `refs/tags/v1.2.3`            | `v1.2.3`, `latest`         |
+| `push tag`          | `refs/tags/v2.0.8-beta.67`    | `v2.0.8-beta.67`, `latest` |
+| `workflow_dispatch` | `refs/heads/master`           | `master`                   |

 ### Semver

@@ -121,11 +131,11 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            name/app
@@ -137,13 +147,13 @@ jobs:
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
@@ -162,8 +172,8 @@ jobs:
 ### Bake definition

 This action also handles a bake definition file that can be used with the
-[Docker Bake action](https://github.com/docker/bake-action). You just have to declare an empty target named
-`docker-metadata-action` and inherit from it.
+[Docker Bake action](https://github.com/docker/bake-action). You just have to
+declare an empty target named `docker-metadata-action` and inherit from it.

 ```hcl
 // docker-bake.hcl
@@ -197,13 +207,10 @@ jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            name/app
@@ -215,15 +222,16 @@ jobs:
            type=sha
      -
        name: Build
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v6
        with:
          files: |
            ./docker-bake.hcl
-            ${{ steps.meta.outputs.bake-file }}
+            cwd://${{ steps.meta.outputs.bake-file }}
          targets: build
 ```

-Content of `${{ steps.meta.outputs.bake-file }}` file will look like this with `refs/tags/v1.2.3` ref:
+Content of `${{ steps.meta.outputs.bake-file }}` file, combining tags and
+labels, will look like this with `refs/tags/v1.2.3` ref:

 ```json
 {
@@ -254,12 +262,29 @@ Content of `${{ steps.meta.outputs.bake-file }}` file will look like this with `
 }
 ```

+You can also use the `bake-file-tags` and `bake-file-labels` outputs if you
+just want to use tags and/or labels respectively. The following example is
+similar to the previous one:
+
+```yaml
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-tags }}
+            cwd://${{ steps.meta.outputs.bake-file-labels }}
+          targets: build
+```
+
 ## Customizing

 ### inputs

-Following inputs can be used as `step.with` keys
+The following inputs can be used as `step.with` keys:

+> [!NOTE]
 > `List` type is a newline-delimited string
 > ```yaml
 > labels: |
@@ -268,27 +293,76 @@ Following inputs can be used as `step.with` keys
 >   org.opencontainers.image.vendor=MyCompany
 > ```

-| Name                | Type   | Description                                              |
-|---------------------|--------|----------------------------------------------------------|
-| `images`            | List   | List of Docker images to use as base name for tags       |
-| `tags`              | List   | List of [tags](#tags-input) as key-value pair attributes |
-| `flavor`            | List   | [Flavor](#flavor-input) to apply                         |
-| `labels`            | List   | List of custom labels                                    |
-| `sep-tags`          | String | Separator to use for tags output (default `\n`)          |
-| `sep-labels`        | String | Separator to use for labels output (default `\n`)        |
-| `bake-target`       | String | Bake target name (default `docker-metadata-action`)      |
+| Name              | Type   | Description                                                                  |
+|-------------------|--------|------------------------------------------------------------------------------|
+| `context`         | String | Where to get context data. Allowed options are: `workflow` (default), `git`. |
+| `images`          | List   | List of Docker images to use as base name for tags                           |
+| `tags`            | List   | List of [tags](#tags-input) as key-value pair attributes                     |
+| `flavor`          | List   | [Flavor](#flavor-input) to apply                                             |
+| `labels`          | List   | List of custom labels                                                        |
+| `annotations`     | List   | List of custom annotations                                                   |
+| `sep-tags`        | String | Separator to use for tags output (default `\n`)                              |
+| `sep-labels`      | String | Separator to use for labels output (default `\n`)                            |
+| `sep-annotations` | String | Separator to use for annotations output (default `\n`)                       |
+| `bake-target`     | String | Bake target name (default `docker-metadata-action`)                          |

 ### outputs

-Following outputs are available
+The following outputs are available:

-| Name          | Type    | Description                                                                   |
-|---------------|---------|-------------------------------------------------------------------------------|
-| `version`     | String  | Docker image version                                                          |
-| `tags`        | String  | Docker tags                                                                   |
-| `labels`      | String  | Docker labels                                                                 |
-| `json`        | String  | JSON output of tags and labels                                                |
-| `bake-file`   | File    | [Bake definition file](https://github.com/docker/buildx#file-definition) path |
+| Name                    | Type   | Description                                                                                                                                                     |
+|-------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `version`               | String | Docker image version                                                                                                                                            |
+| `tags`                  | String | Docker tags                                                                                                                                                     |
+| `labels`                | String | Docker labels                                                                                                                                                   |
+| `annotations`           | String | [Annotations](https://github.com/moby/buildkit/blob/master/docs/annotations.md)                                                                                 |
+| `json`                  | String | JSON output of tags and labels                                                                                                                                  |
+| `bake-file-tags`        | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with tags                                                                            |
+| `bake-file-labels`      | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with labels                                                                          |
+| `bake-file-annotations` | File   | [Bake file definition](https://docs.docker.com/build/bake/reference/) path with [annotations](https://github.com/moby/buildkit/blob/master/docs/annotations.md) |
+
+Alternatively, each output is also exported as an environment variable when `DOCKER_METADATA_SET_OUTPUT_ENV` is `true`:
+
+* `DOCKER_METADATA_OUTPUT_VERSION`
+* `DOCKER_METADATA_OUTPUT_TAGS`
+* `DOCKER_METADATA_OUTPUT_LABELS`
+* `DOCKER_METADATA_OUTPUT_ANNOTATIONS`
+* `DOCKER_METADATA_OUTPUT_JSON`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_TAGS`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_LABELS`
+* `DOCKER_METADATA_OUTPUT_BAKE_FILE_ANNOTATIONS`
+
+So it can be used with our [Docker Build Push action](https://github.com/docker/build-push-action/):
+
+```yaml
+- uses: docker/build-push-action@v6
+  with:
+    build-args: |
+      DOCKER_METADATA_OUTPUT_JSON
+```
+
+### environment variables
+
+| Name                                 | Type   | Description                                                                                                                                  |
+|--------------------------------------|--------|----------------------------------------------------------------------------------------------------------------------------------------------|
+| `DOCKER_METADATA_PR_HEAD_SHA`        | Bool   | If `true`, set associated head SHA instead of commit SHA that triggered the workflow on pull request event                                   |
+| `DOCKER_METADATA_SHORT_SHA_LENGTH`   | Number | Specifies the length of the [short commit SHA](#typesha) to ensure uniqueness. Default is `7`, but can be increased for larger repositories. |
+| `DOCKER_METADATA_ANNOTATIONS_LEVELS` | String | Comma separated list of annotations levels to set for annotations output separated (default `manifest`)                                      |
+| `DOCKER_METADATA_SET_OUTPUT_ENV`     | Bool   | If `true`, sets each output as an environment variable (default `true`)                                                                      |
+
+## `context` input
+
+`context` defines where to get context metadata:
+
+```yaml
+# default
+context: workflow
+# or
+context: git
+```
+
+* `workflow`: Get context metadata from the workflow (GitHub context). See https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+* `git`: Get context metadata from the workflow and overrides some of them with current Git context, such as `ref` and `sha`.

 ## `images` input

@@ -313,6 +387,8 @@ images: |
 * `name=<string>` image base name
 * `enable=<true|false>` enable this entry (default `true`)

+If `images` is empty, tags will be generated without base name.
+
 ## `flavor` input

 `flavor` defines a global behavior for [`tags`](#tags-input):
@@ -325,13 +401,16 @@ flavor: |
 ```

 * `latest=<auto|true|false>`: Handle [latest tag](#latest-tag) (default `auto`)
-* `prefix=<string>,onlatest=<true|false>`: A global prefix for each generated tag and optionally for `latest`
-* `suffix=<string>,onlatest=<true|false>`: A global suffix for each generated tag and optionally for `latest`
+* `prefix=<string>,onlatest=<true|false>`: A global prefix for each generated
+  tag and optionally for `latest`
+* `suffix=<string>,onlatest=<true|false>`: A global suffix for each generated
+  tag and optionally for `latest`

 ## `tags` input

-`tags` is the core input of this action as everything related to it will reflect the output metadata. This one is in
-the form of a key-value pair list in CSV format to remove limitations intrinsically linked to GitHub Actions
+`tags` is the core input of this action as everything related to it will
+reflect the output metadata. This one is in the form of a key-value pair list
+in CSV format to remove limitations intrinsically linked to GitHub Actions
 (only string format is handled in the input fields). Here is an example:

 ```yaml
@@ -359,7 +438,7 @@ Each entry is defined by a `type`, which are:
 And global attributes:

 * `enable=<true|false>` enable this entry (default `true`)
-* `priority=<number>` priority to manage the order of tags
+* `priority=<number>` set tag [priority](#priority-attribute) order
 * `prefix=<string>` add prefix
 * `suffix=<string>` add suffix

@@ -383,18 +462,23 @@ tags: |
  type=schedule,pattern=nightly
  # handlebars
  type=schedule,pattern={{date 'YYYYMMDD'}}
+  # handlebars with timezone
+  type=schedule,pattern={{date 'YYYYMMDD-hhmmss' tz='Asia/Tokyo'}}
 ```

-Will be used on [schedule event](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#schedule).
+Will be used on [schedule event](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule).

-`pattern` is a specially crafted attribute to support [Handlebars' template](https://handlebarsjs.com/guide/) with
-the following expressions:
-* `date 'format'` ; render date by its [moment format](https://momentjs.com/docs/#/displaying/format/)
+`pattern` is a specially crafted attribute to support [Handlebars' template](https://handlebarsjs.com/guide/)
+with the following expressions:

-| Pattern                  | Output               |
-|--------------------------|----------------------|
-| `nightly`                | `nightly`            |
-| `{{date 'YYYYMMDD'}}`    | `20210326`           |
+* `date 'format' tz='Timezone'` ; render date by its [moment format](https://momentjs.com/docs/#/displaying/format/).
+  Default `tz` is UTC.
+
+| Pattern                                      | Output            |
+|----------------------------------------------|-------------------|
+| `nightly`                                    | `nightly`         |
+| `{{date 'YYYYMMDD'}}`                        | `20200110`        |
+| `{{date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000` |

 Extended attributes and default values:

@@ -411,40 +495,48 @@ tags: |
  type=semver,pattern={{version}}
  # use custom value instead of git tag
  type=semver,pattern={{version}},value=v1.0.0
+  # use custom value and match part of it
+  type=semver,pattern={{version}},value=p1/v1.0.0,match=v(\d.\d.\d)$
 ```

-Will be used on a [push tag event](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push)
-and requires a valid [semver](https://semver.org/) Git tag, but you can also use a custom value through `value`
-attribute.
+Will be used on a [push tag event](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
+and requires a valid [semver](https://semver.org/) Git tag, but you can also
+use a custom value through `value` attribute.
+
+`pattern` attribute supports [Handlebars template](https://handlebarsjs.com/guide/)
+with the following expressions:

-`pattern` attribute supports [Handlebars template](https://handlebarsjs.com/guide/) with the following expressions:
 * `raw` ; the actual tag
 * `version` ; shorthand for `{{major}}.{{minor}}.{{patch}}` (can include pre-release)
 * `major` ; major version identifier
 * `minor` ; minor version identifier
 * `patch` ; patch version identifier

-| Git tag            | Pattern                                                  | Output               |
-|--------------------|----------------------------------------------------------|----------------------|
-| `v1.2.3`           | `{{raw}}`                                                | `v1.2.3`             |
-| `v1.2.3`           | `{{version}}`                                            | `1.2.3`              |
-| `v1.2.3`           | `{{major}}.{{minor}}`                                    | `1.2`                |
-| `v1.2.3`           | `v{{major}}`                                             | `v1`                 |
-| `v1.2.3`           | `{{minor}}`                                              | `2`                  |
-| `v1.2.3`           | `{{patch}}`                                              | `3`                  |
-| `v2.0.8-beta.67`   | `{{raw}}`                                                | `v2.0.8-beta.67`     |
-| `v2.0.8-beta.67`   | `{{version}}`                                            | `2.0.8-beta.67`      |
-| `v2.0.8-beta.67`   | `{{major}}.{{minor}}`                                    | `2.0.8-beta.67`*     |
+| Git tag          | Pattern               | Match          | Output           |
+|------------------|-----------------------|----------------|------------------|
+| `v1.2.3`         | `{{raw}}`             |                | `v1.2.3`         |
+| `v1.2.3`         | `{{version}}`         |                | `1.2.3`          |
+| `v1.2.3`         | `{{major}}.{{minor}}` |                | `1.2`            |
+| `v1.2.3`         | `v{{major}}`          |                | `v1`             |
+| `v1.2.3`         | `{{minor}}`           |                | `2`              |
+| `v1.2.3`         | `{{patch}}`           |                | `3`              |
+| `p1/v1.2.3`      | `{{version}}`         | `v(\d.\d.\d)$` | `1.2.3`          |
+| `v2.0.8-beta.67` | `{{raw}}`             |                | `v2.0.8-beta.67` |
+| `v2.0.8-beta.67` | `{{version}}`         |                | `2.0.8-beta.67`  |
+| `v2.0.8-beta.67` | `{{major}}`           |                | `2.0.8-beta.67`* |
+| `v2.0.8-beta.67` | `{{major}}.{{minor}}` |                | `2.0.8-beta.67`* |

-> *Pre-release (rc, beta, alpha) will only extend `{{version}}` (or `{{raw}}` if specified) as tag
-> because they are updated frequently, and contain many breaking changes that are (by the author's design)
-> not yet fit for public consumption.
+> [!IMPORTANT]
+> *Pre-release (rc, beta, alpha) will only extend `{{version}}` (or `{{raw}}`
+> if specified) as tag because they are updated frequently, and contain many
+> breaking changes that are (by the author's design) not yet fit for public
+> consumption.

 Extended attributes and default values:

 ```yaml
 tags: |
-  type=semver,enable=true,priority=900,prefix=,suffix=,pattern=,value=
+  type=semver,enable=true,priority=900,prefix=,suffix=,pattern=,value=,match=
 ```

 ### `type=pep440`
@@ -455,36 +547,43 @@ tags: |
  type=pep440,pattern={{version}}
  # use custom value instead of git tag
  type=pep440,pattern={{version}},value=1.0.0
+  # use custom value and match part of it
+  type=pep440,pattern={{version}},value=p1/v1.0.0,match=v(\d.\d.\d)$
 ```

-Will be used on a [push tag event](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push)
-and requires a Git tag that conforms to [PEP 440](https://www.python.org/dev/peps/pep-0440/), but you can also use a
-custom value through `value` attribute.
+Will be used on a [push tag event](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
+and requires a Git tag that conforms to [PEP 440](https://www.python.org/dev/peps/pep-0440/),
+but you can also use a custom value through `value` attribute.
+
+`pattern` attribute supports [Handlebars template](https://handlebarsjs.com/guide/)
+with the following expressions:

-`pattern` attribute supports [Handlebars template](https://handlebarsjs.com/guide/) with the following expressions:
 * `raw` ; the actual tag
 * `version` ; cleaned version
 * `major` ; major version identifier
 * `minor` ; minor version identifier
 * `patch` ; patch version identifier

-| Git tag            | Pattern                                                  | Output               |
-|--------------------|----------------------------------------------------------|----------------------|
-| `1.2.3`            | `{{raw}}`                                                | `1.2.3`              |
-| `1.2.3`            | `{{version}}`                                            | `1.2.3`              |
-| `v1.2.3`           | `{{version}}`                                            | `1.2.3`              |
-| `1.2.3`            | `{{major}}.{{minor}}`                                    | `1.2`                |
-| `1.2.3`            | `v{{major}}`                                             | `v1`                 |
-| `v1.2.3rc2`        | `{{raw}}`                                                | `v1.2.3rc2`          |
-| `1.2.3rc2`         | `{{version}}`                                            | `1.2.3rc2`           |
-| `1.2.3rc2`         | `{{major}}.{{minor}}`                                    | `1.2.3rc2`*          |
-| `1.2.3post1`       | `{{major}}.{{minor}}`                                    | `1.2.3.post1`*       |
-| `1.2.3beta2`       | `{{major}}.{{minor}}`                                    | `1.2.3b2`*           |
-| `1.0dev4`          | `{{major}}.{{minor}}`                                    | `1.0.dev4`*          |
+| Git tag      | Pattern               | Match          | Output         |
+|--------------|-----------------------|----------------|----------------|
+| `1.2.3`      | `{{raw}}`             |                | `1.2.3`        |
+| `1.2.3`      | `{{version}}`         |                | `1.2.3`        |
+| `v1.2.3`     | `{{version}}`         |                | `1.2.3`        |
+| `1.2.3`      | `{{major}}.{{minor}}` |                | `1.2`          |
+| `1.2.3`      | `v{{major}}`          |                | `v1`           |
+| `v1.2.3rc2`  | `{{raw}}`             |                | `v1.2.3rc2`    |
+| `1.2.3rc2`   | `{{version}}`         |                | `1.2.3rc2`     |
+| `p1/v1.2.3`  | `{{version}}`         | `v(\d.\d.\d)$` | `1.2.3`        |
+| `1.2.3rc2`   | `{{major}}.{{minor}}` |                | `1.2.3rc2`*    |
+| `1.2.3post1` | `{{major}}.{{minor}}` |                | `1.2.3.post1`* |
+| `1.2.3beta2` | `{{major}}.{{minor}}` |                | `1.2.3b2`*     |
+| `1.0dev4`    | `{{major}}.{{minor}}` |                | `1.0.dev4`*    |

-> *dev/pre/post release will only extend `{{version}}` (or `{{raw}}` if specified) as tag
-> because they are updated frequently, and contain many breaking changes that are (by the author's design)
-> not yet fit for public consumption.
+> [!IMPORTANT]
+> *dev/pre/post release will only extend `{{version}}` (or `{{raw}}` if
+> specified) as tag because they are updated frequently, and contain many
+> breaking changes that are (by the author's design) not yet fit for public
+> consumption.

 Extended attributes and default values:

@@ -505,9 +604,9 @@ tags: |
  type=match,pattern=v(.*),group=1,value=v1.0.0
 ```

-Can create a regular expression for matching Git tag with a pattern and capturing group. Will be used on a
-[push tag event](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push) but, you can also use
-a custom value through `value` attribute.
+Can create a regular expression for matching Git tag with a pattern and
+capturing group. Will be used on a [push tag event](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)
+but, you can also use a custom value through `value` attribute.

 | Git tag                 | Pattern          | Group   | Output                 |
 |-------------------------|------------------|---------|------------------------|
@@ -534,9 +633,9 @@ tags: |
  type=edge,branch=main
 ```

-An `edge` tag reflects the last commit of the active branch on your Git repository. I usually prefer to use `edge`
-as a Docker tag for a better distinction or common pattern. This is also used by official images
-like [Alpine](https://hub.docker.com/_/alpine).
+An `edge` tag reflects the last commit of the active branch on your Git
+repository. I usually prefer to use `edge` as a Docker tag for a better
+distinction or common pattern. This is also used by official images like [Alpine](https://hub.docker.com/_/alpine).

 Extended attributes and default values:

@@ -558,17 +657,19 @@ tags: |
 ```

 This type handles Git ref (or reference) for the following events:
+
 * `branch` ; eg. `refs/heads/master`
 * `tag` ; eg. `refs/tags/v1.0.0`
 * `pr` ; eg. `refs/pull/318/merge`

-| Event           | Ref                           | Output                        |
-|-----------------|-------------------------------|-------------------------------|
-| `pull_request`  | `refs/pull/2/merge`           | `pr-2`                        |
-| `push`          | `refs/heads/master`           | `master`                      |
-| `push`          | `refs/heads/my/branch`        | `my-branch`                   |
-| `push tag`      | `refs/tags/v1.2.3`            | `v1.2.3`                      |
-| `push tag`      | `refs/tags/v2.0.8-beta.67`    | `v2.0.8-beta.67`              |
+| Event               | Ref                           | Output           |
+|---------------------|-------------------------------|------------------|
+| `pull_request`      | `refs/pull/2/merge`           | `pr-2`           |
+| `push`              | `refs/heads/master`           | `master`         |
+| `push`              | `refs/heads/my/branch`        | `my-branch`      |
+| `push tag`          | `refs/tags/v1.2.3`            | `v1.2.3`         |
+| `push tag`          | `refs/tags/v2.0.8-beta.67`    | `v2.0.8-beta.67` |
+| `workflow_dispatch` | `refs/heads/master`           | `master`         |

 Extended attributes and default values:

@@ -615,7 +716,26 @@ tags: |
  type=sha,format=long
 ```

-Output Git short commit (or long if specified) as Docker tag like `sha-ad132f5`.
+Output Git short commit (or long if specified) as Docker tag like
+`sha-860c190`.
+
+By default, the length of the short commit SHA is `7` characters. You can
+increase this length for larger repositories by setting the
+[`DOCKER_METADATA_SHORT_SHA_LENGTH` environment variable](#environment-variables):
+
+```yaml
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name/app
+          tags: |
+            type=sha
+        env:
+          DOCKER_METADATA_SHORT_SHA_LENGTH: 12
+```

 Extended attributes and default values:

@@ -628,7 +748,7 @@ tags: |

 ### Image name and tag sanitization

-In order to comply with [the specification](https://docs.docker.com/engine/reference/commandline/tag/#extended-description),
+In order to comply with [the specification](https://docs.docker.com/engine/reference/commandline/tag/#description),
 the image name components may contain lowercase letters, digits and separators.
 A separator is defined as a period, one or two underscores, or one or more
 dashes. A name component may not start or end with a separator.
@@ -644,9 +764,12 @@ To ease the integration in your workflow, this action will automatically:

 ### Latest tag

-`latest` tag is handled through the [`flavor` input](#flavor-input). It will be generated by default (`auto` mode) for:
+`latest` tag is handled through the [`flavor` input](#flavor-input). It will be
+generated by default (`auto` mode) for:
+
 * [`type=ref,event=tag`](#typeref)
 * [`type=semver,pattern=...`](#typesemver)
+* [`type=pep440,pattern=...`](#typepep440)
 * [`type=match,pattern=...`](#typematch)

 For conditionally tagging with latest for a specific branch name, e.g. if your
@@ -667,10 +790,29 @@ tags: |
  type=raw,value=latest,enable={{is_default_branch}}
 ```

+### `priority` attribute
+
+`priority=<int>` attribute is used to sort tags in the final list. The higher
+the value, the higher the priority. The first tag in the list (higher priority)
+will be used as the image version for generated OCI label and [`version` output](#outputs).
+Each tags `type` attribute has a default priority:
+
+| Attribute  | Default priority |
+|------------|------------------|
+| `schedule` | `1000`           |
+| `semver`   | `900`            |
+| `pep440`   | `900`            |
+| `match`    | `800`            |
+| `edge`     | `700`            |
+| `ref`      | `600`            |
+| `raw`      | `200`            |
+| `sha`      | `100`            |
+
 ### Global expressions

 The following [Handlebars' template](https://handlebarsjs.com/guide/) expressions
-for `prefix`, `suffix`, `value` and `enable` attributes are available:
+for `prefix`, `suffix`, `value` and `enable` attributes of `tags` input are
+available:

 ```yaml
 tags: |
@@ -680,17 +822,24 @@ tags: |
  type=raw,value=mytag-{{branch}}-{{sha}}
 ```

+They can also be applied to `labels` and `annotations` inputs:
+
+```yaml
+labels: |
+  org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
+```
+
 #### `{{branch}}`

 Returns the branch name that triggered the workflow run. Will be empty if not 
 a branch reference:

-| Event           | Ref                           | Output              |
-|-----------------|-------------------------------|---------------------|
-| `pull_request`  | `refs/pull/2/merge`           |                     |
-| `push`          | `refs/heads/master`           | `master`            |
-| `push`          | `refs/heads/my/branch`        | `my-branch`         |
-| `push tag`      | `refs/tags/v1.2.3`            |                     |
+| Event          | Ref                    | Output      |
+|----------------|------------------------|-------------|
+| `pull_request` | `refs/pull/2/merge`    |             |
+| `push`         | `refs/heads/master`    | `master`    |
+| `push`         | `refs/heads/my/branch` | `my-branch` |
+| `push tag`     | `refs/tags/v1.2.3`     |             |

 #### `{{tag}}`

@@ -720,6 +869,7 @@ workflow run. Will be empty for a branch reference:
 | `push`         | `refs/heads/my/branch`        |                    |
 | `push tag`*    | `refs/tags/v1.2.3`            | `master`           |

+> [!IMPORTANT]
 > *`base_ref` is available in the push payload but doesn't always seem to 
 > return the expected branch when the push tag event occurs. It's also
 > [not documented in GitHub docs](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push).
@@ -731,22 +881,43 @@ workflow run. Will be empty for a branch reference:
 Returns `true` if the branch that triggered the workflow run is the default
 one, otherwise `false`.

-#### `{{date '<format>'}}`
+#### `{{is_not_default_branch}}`
+
+Returns `true` if the branch that triggered the workflow run is not the default
+one, otherwise `false`.
+
+#### `{{date '<format>' tz='<timezone>'}}`

 Returns the current date rendered by its [moment format](https://momentjs.com/docs/#/displaying/format/).
+Default `tz` is UTC.

-| Expression                                 | Output example                          |
-|--------------------------------------------|-----------------------------------------|
-| `{{date 'YYYYMMDD'}}`                      | `20200110`                              |
-| `{{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}` | `Friday, January 10th 2020, 3:25:50 pm` |
+| Expression                                   | Output example                          |
+|----------------------------------------------|-----------------------------------------|
+| `{{date 'YYYYMMDD'}}`                        | `20200110`                              |
+| `{{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}`   | `Friday, January 10th 2020, 3:25:50 pm` |
+| `{{date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000`                       |
+
+#### `{{commit_date '<format>' tz='<timezone>'}}`
+
+Returns the date when the current git commit is committed, rendered by its
+[moment format](https://momentjs.com/docs/#/displaying/format/). It falls back
+to the current date if the commit date is not available.
+
+Default `tz` is UTC.
+
+| Expression                                          | Output example                          |
+|-----------------------------------------------------|-----------------------------------------|
+| `{{commit_date 'YYYYMMDD'}}`                        | `20200110`                              |
+| `{{commit_date 'dddd, MMMM Do YYYY, h:mm:ss a'}}`   | `Friday, January 10th 2020, 3:25:50 pm` |
+| `{{commit_date 'YYYYMMDD-HHmmss' tz='Asia/Tokyo'}}` | `20200110-093000`                       |

 ### Major version zero

-Major version zero (`0.y.z`) is for initial development and **may** change at any time. This means the public API
-[**should not** be considered stable](https://semver.org/#spec-item-4).
+Major version zero (`0.y.z`) is for initial development and **may** change at
+any time. This means the public API [**should not** be considered stable](https://semver.org/#spec-item-4).

-In this case, Docker tag `0` **should not** be generated if you're using [`type=semver`](#typesemver) with `{{major}}`
-pattern. You can manage this behavior like this:
+In this case, Docker tag `0` **should not** be generated if you're using [`type=semver`](#typesemver)
+with `{{major}}` pattern. You can manage this behavior like this:

 ```yaml
 # refs/tags/v0.1.2
@@ -761,19 +932,19 @@ tags: |

 ### JSON output object

-The `json` output is a JSON object composed of the generated tags and labels so that you can reuse them further in your
-workflow using the [`fromJSON` function](https://docs.github.com/en/actions/learn-github-actions/expressions#fromjson):
+The `json` output is a JSON object composed of the generated tags and labels so
+that you can reuse them further in your workflow using the [`fromJSON` function](https://docs.github.com/en/actions/learn-github-actions/expressions#fromjson):

 ```yaml
      -
        name: Docker meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        id: meta
        with:
          images: name/app
      -
        name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
        with:
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
@@ -783,16 +954,17 @@ workflow using the [`fromJSON` function](https://docs.github.com/en/actions/lear
            REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
 ```

-### Overwrite labels
+### Overwrite labels and annotations

 If some [OCI Image Format Specification](https://github.com/opencontainers/image-spec/blob/master/annotations.md)
-labels generated are not suitable, you can overwrite them like this:
+generated are not suitable as labels/annotations, you can overwrite them like
+this:

 ```yaml
      -
        name: Docker meta
        id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: name/app
          labels: |
@@ -802,18 +974,79 @@ labels generated are not suitable, you can overwrite them like this:
            org.opencontainers.image.vendor=MyCompany
 ```

-## Keep up-to-date with GitHub Dependabot
+### Annotations

-Since [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot)
-has [native GitHub Actions support](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem),
-to enable it on your GitHub repo all you need to do is add the `.github/dependabot.yml` file:
+Since Buildx 0.12, it is possible to set annotations to your image through the
+`--annotation` flag.
+
+With the [`build-push-action`](https://github.com/docker/build-push-action/),
+you can set the `annotations` input with the value of the `annotations` output
+of the `metadata-action`:

 ```yaml
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
 ```
+
+The same can be done with the [`bake-action`](https://github.com/docker/bake-action/):
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+      -
+        name: Build
+        uses: docker/bake-action@v6
+        with:
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file-tags }}
+            cwd://${{ steps.meta.outputs.bake-file-annotations }}
+          targets: build
+```
+
+Note that annotations can be attached at many different levels within a manifest.
+By default, the generated annotations will be attached to image manifests,
+but different registries may expect annotations at different places;
+a common practice is to read annotations at _image indexes_ if present,
+which are often used by multi-arch builds to index platform-specific images.
+If you want to specify level(s) for your annotations, you can use the
+[`DOCKER_METADATA_ANNOTATIONS_LEVELS` environment variable](#environment-variables)
+with a comma separated list of all levels the annotations should be attached to (defaults to `manifest`).
+The following configuration demonstrates the ability to attach annotations to both image manifests and image indexes,
+though your registry may only need annotations at the index level. (That is, `index` alone may be enough.)
+Please consult the documentation of your registry.
+
+```yaml
+      -
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: name/app
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          tags: ${{ steps.meta.outputs.tags }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+```
+
+More information about annotations in the [BuildKit documentation](https://github.com/moby/buildkit/blob/master/docs/annotations.md).
+
+## Contributing
+
+Want to contribute? Awesome! You can find information about contributing to
+this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md)
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -1,299 +0,0 @@
-# Upgrade notes
-
-## v2 to v3
-
-* Repository has been moved to docker org. Replace `crazy-max/ghaction-docker-meta@v2` with `docker/metadata-action@v4`
-* The default bake target has been changed: `ghaction-docker-meta` > `docker-metadata-action`
-
-## v1 to v2
-
-* [inputs](#inputs)
-  * [`tag-sha`](#tag-sha)
-  * [`tag-edge` / `tag-edge-branch`](#tag-edge--tag-edge-branch)
-  * [`tag-semver`](#tag-semver)
-  * [`tag-match` / `tag-match-group`](#tag-match--tag-match-group)
-  * [`tag-latest`](#tag-latest)
-  * [`tag-schedule`](#tag-schedule)
-  * [`tag-custom` / `tag-custom-only`](#tag-custom--tag-custom-only)
-  * [`label-custom`](#label-custom)
-* [Basic workflow](#basic-workflow)
-* [Semver workflow](#semver-workflow)
-
-### inputs
-
-| New        | Unchanged       | Removed            |
-|------------|-----------------|--------------------|
-| `tags`     | `images`        | `tag-sha`          |
-| `flavor`   | `sep-tags`      | `tag-edge`         |
-| `labels`   | `sep-labels`    | `tag-edge-branch`  |
-|            |                 | `tag-semver`       |
-|            |                 | `tag-match`        |
-|            |                 | `tag-match-group`  |
-|            |                 | `tag-latest`       |
-|            |                 | `tag-schedule`     |
-|            |                 | `tag-custom`       |
-|            |                 | `tag-custom-only`  |
-|            |                 | `label-custom`     |
-
-#### `tag-sha`
-
-```yaml
-tags: |
-  type=sha
-```
-
-#### `tag-edge` / `tag-edge-branch`
-
-```yaml
-tags: |
-  # default branch
-  type=edge
-  # specify branch
-  type=edge,branch=main
-```
-
-#### `tag-semver`
-
-```yaml
-tags: |
-  type=semver,pattern={{version}}
-```
-
-#### `tag-match` / `tag-match-group`
-
-```yaml
-tags: |
-  type=match,pattern=v(.*),group=1
-```
-
-#### `tag-latest`
-
-`tag-latest` is now handled through the [`flavor` input](README.md#flavor-input):
-
-```yaml
-flavor: |
-  latest=auto
-```
-
-See also the notes about ["latest tag" behavior](README.md#latest-tag)
-
-#### `tag-schedule`
-
-```yaml
-tags: |
-  # default tag (nightly)
-  type=schedule
-  # specific pattern
-  type=schedule,pattern={{date 'YYYYMMDD'}}
-```
-
-#### `tag-custom` / `tag-custom-only`
-
-```yaml
-tags: |
-  type=raw,value=foo
-  type=raw,value=bar
-  # or
-  type=raw,foo
-  type=raw,bar
-  # or
-  foo
-  bar
-```
-
-#### `label-custom`
-
-Same behavior for `labels`:
-
-```yaml
-labels: |
-  maintainer=CrazyMax
-```
-
-### Basic workflow
-
-```yaml
-# v1
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v1
-        with:
-          images: name/app
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-```yaml
-# v2
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: name/app
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-### Semver workflow
-
-```yaml
-# v1
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v1
-        with:
-          images: name/app
-          tag-semver: |
-            {{version}}
-            {{major}}.{{minor}}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
-
-```yaml
-# v2
-name: ci
-
-on:
-  push:
-    branches:
-      - 'master'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'master'
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: name/app
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-      -
-        name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-```
--- a/mocks/@actions/github.ts
+++ b/mocks/@actions/github.ts
@@ -0,0 +1,223 @@
+import {jest} from '@jest/globals';
+
+export const context = {
+  repo: {
+    owner: 'docker',
+    repo: 'actions-toolkit'
+  },
+  ref: 'refs/heads/master',
+  runId: 123,
+  payload: {
+    after: '860c1904a1ce19322e91ac35af1ab07466440c37',
+    base_ref: null,
+    before: '5f3331d7f7044c18ca9f12c77d961c4d7cf3276a',
+    commits: [
+      {
+        author: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        committer: {
+          email: 'crazy-max@users.noreply.github.com',
+          name: 'CrazyMax',
+          username: 'crazy-max'
+        },
+        distinct: true,
+        id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+        message: 'hello dev',
+        timestamp: '2022-04-19T11:27:24+02:00',
+        tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+        url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+      }
+    ],
+    compare: 'https://github.com/docker/test-docker-action/compare/5f3331d7f704...860c1904a1ce',
+    created: false,
+    deleted: false,
+    forced: false,
+    head_commit: {
+      author: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      committer: {
+        email: 'crazy-max@users.noreply.github.com',
+        name: 'CrazyMax',
+        username: 'crazy-max'
+      },
+      distinct: true,
+      id: '860c1904a1ce19322e91ac35af1ab07466440c37',
+      message: 'hello dev',
+      timestamp: '2022-04-19T11:27:24+02:00',
+      tree_id: 'd2c60af597e863787d2d27f569e30495b0b92820',
+      url: 'https://github.com/docker/test-docker-action/commit/860c1904a1ce19322e91ac35af1ab07466440c37'
+    },
+    organization: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+      description: 'Docker helps developers bring their ideas to life by conquering the complexity of app development.',
+      events_url: 'https://api.github.com/orgs/docker/events',
+      hooks_url: 'https://api.github.com/orgs/docker/hooks',
+      id: 5429470,
+      issues_url: 'https://api.github.com/orgs/docker/issues',
+      login: 'docker',
+      members_url: 'https://api.github.com/orgs/docker/members{/member}',
+      node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+      public_members_url: 'https://api.github.com/orgs/docker/public_members{/member}',
+      repos_url: 'https://api.github.com/orgs/docker/repos',
+      url: 'https://api.github.com/orgs/docker'
+    },
+    pusher: {
+      email: 'github@crazymax.dev',
+      name: 'crazy-max'
+    },
+    ref: 'refs/heads/dev',
+    repository: {
+      allow_forking: true,
+      archive_url: 'https://api.github.com/repos/docker/test-docker-action/{archive_format}{/ref}',
+      archived: false,
+      assignees_url: 'https://api.github.com/repos/docker/test-docker-action/assignees{/user}',
+      blobs_url: 'https://api.github.com/repos/docker/test-docker-action/git/blobs{/sha}',
+      branches_url: 'https://api.github.com/repos/docker/test-docker-action/branches{/branch}',
+      clone_url: 'https://github.com/docker/test-docker-action.git',
+      collaborators_url: 'https://api.github.com/repos/docker/test-docker-action/collaborators{/collaborator}',
+      comments_url: 'https://api.github.com/repos/docker/test-docker-action/comments{/number}',
+      commits_url: 'https://api.github.com/repos/docker/test-docker-action/commits{/sha}',
+      compare_url: 'https://api.github.com/repos/docker/test-docker-action/compare/{base}...{head}',
+      contents_url: 'https://api.github.com/repos/docker/test-docker-action/contents/{+path}',
+      contributors_url: 'https://api.github.com/repos/docker/test-docker-action/contributors',
+      created_at: 1596792180,
+      default_branch: 'master',
+      deployments_url: 'https://api.github.com/repos/docker/test-docker-action/deployments',
+      description: 'Test "Docker" Actions',
+      disabled: false,
+      downloads_url: 'https://api.github.com/repos/docker/test-docker-action/downloads',
+      events_url: 'https://api.github.com/repos/docker/test-docker-action/events',
+      fork: false,
+      forks: 1,
+      forks_count: 1,
+      forks_url: 'https://api.github.com/repos/docker/test-docker-action/forks',
+      full_name: 'docker/test-docker-action',
+      git_commits_url: 'https://api.github.com/repos/docker/test-docker-action/git/commits{/sha}',
+      git_refs_url: 'https://api.github.com/repos/docker/test-docker-action/git/refs{/sha}',
+      git_tags_url: 'https://api.github.com/repos/docker/test-docker-action/git/tags{/sha}',
+      git_url: 'git://github.com/docker/test-docker-action.git',
+      has_downloads: true,
+      has_issues: true,
+      has_pages: false,
+      has_projects: true,
+      has_wiki: true,
+      homepage: '',
+      hooks_url: 'https://api.github.com/repos/docker/test-docker-action/hooks',
+      html_url: 'https://github.com/docker/test-docker-action',
+      id: 285789493,
+      is_template: false,
+      issue_comment_url: 'https://api.github.com/repos/docker/test-docker-action/issues/comments{/number}',
+      issue_events_url: 'https://api.github.com/repos/docker/test-docker-action/issues/events{/number}',
+      issues_url: 'https://api.github.com/repos/docker/test-docker-action/issues{/number}',
+      keys_url: 'https://api.github.com/repos/docker/test-docker-action/keys{/key_id}',
+      labels_url: 'https://api.github.com/repos/docker/test-docker-action/labels{/name}',
+      language: 'JavaScript',
+      languages_url: 'https://api.github.com/repos/docker/test-docker-action/languages',
+      license: {
+        key: 'mit',
+        name: 'MIT License',
+        node_id: 'MDc6TGljZW5zZTEz',
+        spdx_id: 'MIT',
+        url: 'https://api.github.com/licenses/mit'
+      },
+      master_branch: 'master',
+      merges_url: 'https://api.github.com/repos/docker/test-docker-action/merges',
+      milestones_url: 'https://api.github.com/repos/docker/test-docker-action/milestones{/number}',
+      mirror_url: null,
+      name: 'test-docker-action',
+      node_id: 'MDEwOlJlcG9zaXRvcnkyODU3ODk0OTM=',
+      notifications_url: 'https://api.github.com/repos/docker/test-docker-action/notifications{?since,all,participating}',
+      open_issues: 6,
+      open_issues_count: 6,
+      organization: 'docker',
+      owner: {
+        avatar_url: 'https://avatars.githubusercontent.com/u/5429470?v=4',
+        email: 'info@docker.com',
+        events_url: 'https://api.github.com/users/docker/events{/privacy}',
+        followers_url: 'https://api.github.com/users/docker/followers',
+        following_url: 'https://api.github.com/users/docker/following{/other_user}',
+        gists_url: 'https://api.github.com/users/docker/gists{/gist_id}',
+        gravatar_id: '',
+        html_url: 'https://github.com/docker',
+        id: 5429470,
+        login: 'docker',
+        name: 'docker',
+        node_id: 'MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=',
+        organizations_url: 'https://api.github.com/users/docker/orgs',
+        received_events_url: 'https://api.github.com/users/docker/received_events',
+        repos_url: 'https://api.github.com/users/docker/repos',
+        site_admin: false,
+        starred_url: 'https://api.github.com/users/docker/starred{/owner}{/repo}',
+        subscriptions_url: 'https://api.github.com/users/docker/subscriptions',
+        type: 'Organization',
+        url: 'https://api.github.com/users/docker'
+      },
+      private: true,
+      pulls_url: 'https://api.github.com/repos/docker/test-docker-action/pulls{/number}',
+      pushed_at: 1650360446,
+      releases_url: 'https://api.github.com/repos/docker/test-docker-action/releases{/id}',
+      size: 796,
+      ssh_url: 'git@github.com:docker/test-docker-action.git',
+      stargazers: 0,
+      stargazers_count: 0,
+      stargazers_url: 'https://api.github.com/repos/docker/test-docker-action/stargazers',
+      statuses_url: 'https://api.github.com/repos/docker/test-docker-action/statuses/{sha}',
+      subscribers_url: 'https://api.github.com/repos/docker/test-docker-action/subscribers',
+      subscription_url: 'https://api.github.com/repos/docker/test-docker-action/subscription',
+      svn_url: 'https://github.com/docker/test-docker-action',
+      tags_url: 'https://api.github.com/repos/docker/test-docker-action/tags',
+      teams_url: 'https://api.github.com/repos/docker/test-docker-action/teams',
+      topics: [],
+      trees_url: 'https://api.github.com/repos/docker/test-docker-action/git/trees{/sha}',
+      updated_at: '2022-04-19T09:05:09Z',
+      url: 'https://github.com/docker/test-docker-action',
+      visibility: 'private',
+      watchers: 0,
+      watchers_count: 0
+    },
+    sender: {
+      avatar_url: 'https://avatars.githubusercontent.com/u/1951866?v=4',
+      events_url: 'https://api.github.com/users/crazy-max/events{/privacy}',
+      followers_url: 'https://api.github.com/users/crazy-max/followers',
+      following_url: 'https://api.github.com/users/crazy-max/following{/other_user}',
+      gists_url: 'https://api.github.com/users/crazy-max/gists{/gist_id}',
+      gravatar_id: '',
+      html_url: 'https://github.com/crazy-max',
+      id: 1951866,
+      login: 'crazy-max',
+      node_id: 'MDQ6VXNlcjE5NTE4NjY=',
+      organizations_url: 'https://api.github.com/users/crazy-max/orgs',
+      received_events_url: 'https://api.github.com/users/crazy-max/received_events',
+      repos_url: 'https://api.github.com/users/crazy-max/repos',
+      site_admin: false,
+      starred_url: 'https://api.github.com/users/crazy-max/starred{/owner}{/repo}',
+      subscriptions_url: 'https://api.github.com/users/crazy-max/subscriptions',
+      type: 'User',
+      url: 'https://api.github.com/users/crazy-max'
+    }
+  }
+};
+
+export const getOctokit = jest.fn(() => ({
+  rest: {
+    repos: {
+      getCommit: jest.fn(() =>
+        Promise.resolve({
+          data: {
+            commit: {
+              committer: {
+                date: '2024-11-13T13:42:28Z'
+              }
+            }
+          }
+        })
+      )
+    }
+  }
+}));
--- a/tests/context.test.ts
+++ b/tests/context.test.ts
@@ -1,192 +1,141 @@
-import {beforeEach, describe, expect, it, jest} from '@jest/globals';
+import {afterEach, beforeEach, describe, expect, test, it, jest} from '@jest/globals';
+import * as dotenv from 'dotenv';
 import * as fs from 'fs';
-import * as os from 'os';
 import * as path from 'path';
+import {Context} from '@actions/github/lib/context';
+import {Git} from '@docker/actions-toolkit/lib/git';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';

-import * as context from '../src/context';
+import {ContextSource, getContext, getInputs, Inputs} from '../src/context';

-jest.spyOn(context, 'tmpDir').mockImplementation((): string => {
-  const tmpDir = path.join('/tmp/.docker-metadata-action-jest').split(path.sep).join(path.posix.sep);
-  if (!fs.existsSync(tmpDir)) {
-    fs.mkdirSync(tmpDir, {recursive: true});
-  }
-  return tmpDir;
-});
+const toolkit = new Toolkit({githubToken: 'fake-github-token'});

-describe('getInputList', () => {
-  it('single line correctly', async () => {
-    await setInput('foo', 'bar');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar']);
-  });
-
-  it('multiline correctly', async () => {
-    setInput('foo', 'bar\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty lines correctly', async () => {
-    setInput('foo', 'bar\n\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('comment correctly', async () => {
-    setInput('foo', 'bar\n#com\n"#taken"\nhello#comment\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', '#taken', 'hello', 'baz']);
-  });
-
-  it('comma correctly', async () => {
-    setInput('foo', 'bar,baz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('empty result correctly', async () => {
-    setInput('foo', 'bar,baz,');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines correctly', async () => {
-    setInput('foo', 'bar\r\nbaz');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz']);
-  });
-
-  it('different new lines and comma correctly', async () => {
-    setInput('foo', 'bar\r\nbaz,bat');
-    const res = context.getInputList('foo');
-    expect(res).toEqual(['bar', 'baz', 'bat']);
-  });
-
-  it('multiline and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\ntype=local,src=path/to/dir');
-    const res = context.getInputList('cache-from', true);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('different new lines and ignoring comma correctly', async () => {
-    setInput('cache-from', 'user/app:cache\r\ntype=local,src=path/to/dir');
-    const res = context.getInputList('cache-from', true);
-    expect(res).toEqual(['user/app:cache', 'type=local,src=path/to/dir']);
-  });
-
-  it('multiline values', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
-  });
-
-  it('multiline values with empty lines', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc"
-FOO=bar
-"EMPTYLINE=aaaa
-
-bbbb
-ccc"`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc`,
-      'FOO=bar',
-      `EMPTYLINE=aaaa
-
-bbbb
-ccc`
-    ]);
-  });
-
-  it('multiline values without quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-MYSECRET=aaaaaaaa
-bbbbbbb
-ccccccccc
-FOO=bar`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual(['GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789', 'MYSECRET=aaaaaaaa', 'bbbbbbb', 'ccccccccc', 'FOO=bar']);
-  });
-
-  it('multiline values escape quotes', async () => {
-    setInput(
-      'secrets',
-      `GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789
-"MYSECRET=aaaaaaaa
-bbbb""bbb
-ccccccccc"
-FOO=bar`
-    );
-    const res = context.getInputList('secrets', true);
-    expect(res).toEqual([
-      'GIT_AUTH_TOKEN=abcdefgh,ijklmno=0123456789',
-      `MYSECRET=aaaaaaaa
-bbbb"bbb
-ccccccccc`,
-      'FOO=bar'
-    ]);
+beforeEach(() => {
+  jest.clearAllMocks();
+  jest.spyOn(GitHub, 'context', 'get').mockImplementation((): Context => {
+    return new Context();
  });
 });

-describe('asyncForEach', () => {
-  it('executes async tasks sequentially', async () => {
-    const testValues = [1, 2, 3, 4, 5];
-    const results: number[] = [];
-
-    await context.asyncForEach(testValues, async value => {
-      results.push(value);
-    });
-
-    expect(results).toEqual(testValues);
-  });
-});
-
-describe('setOutput', () => {
+describe('getInputs', () => {
  beforeEach(() => {
-    process.stdout.write = jest.fn() as typeof process.stdout.write;
+    process.env = Object.keys(process.env).reduce((object, key) => {
+      if (!key.startsWith('INPUT_')) {
+        object[key] = process.env[key];
+      }
+      return object;
+    }, {});
  });

-  // eslint-disable-next-line jest/expect-expect
-  it('setOutput produces the correct command', () => {
-    context.setOutput('some output', 'some value');
-    assertWriteCalls([`::set-output name=some output::some value${os.EOL}`]);
+  // prettier-ignore
+  test.each([
+    [
+      0,
+      new Map<string, string>([
+        ['images', 'moby/buildkit\nghcr.io/moby/mbuildkit'],
+      ]),
+      {
+        context: ContextSource.workflow,
+        bakeTarget: 'docker-metadata-action',
+        flavor: [],
+        githubToken: '',
+        images: ['moby/buildkit', 'ghcr.io/moby/mbuildkit'],
+        labels: [],
+        annotations: [],
+        sepLabels: '\n',
+        sepTags: '\n',
+        sepAnnotations: '\n',
+        tags: [],
+      } as Inputs
+    ],
+    [
+      1,
+      new Map<string, string>([
+        ['bake-target', 'metadata'],
+        ['images', 'moby/buildkit'],
+        ['sep-labels', ','],
+        ['sep-tags', ','],
+        ['sep-annotations', ',']
+      ]),
+      {
+        context: ContextSource.workflow,
+        bakeTarget: 'metadata',
+        flavor: [],
+        githubToken: '',
+        images: ['moby/buildkit'],
+        labels: [],
+        annotations: [],
+        sepLabels: ',',
+        sepTags: ',',
+        sepAnnotations: ',',
+        tags: [],
+      } as Inputs
+    ],
+    [
+      2,
+      new Map<string, string>([
+        ['images', 'moby/buildkit\n#comment\nghcr.io/moby/mbuildkit'],
+      ]),
+      {
+        context: ContextSource.workflow,
+        bakeTarget: 'docker-metadata-action',
+        flavor: [],
+        githubToken: '',
+        images: ['moby/buildkit', 'ghcr.io/moby/mbuildkit'],
+        labels: [],
+        annotations: [],
+        sepLabels: '\n',
+        sepTags: '\n',
+        sepAnnotations: '\n',
+        tags: [],
+      } as Inputs
+    ],
+  ])(
+    '[%d] given %p as inputs, returns %p',
+    async (num: number, inputs: Map<string, string>, expected: Inputs) => {
+      inputs.forEach((value: string, name: string) => {
+        setInput(name, value);
+      });
+      expect(await getInputs()).toEqual(expected);
+    }
+  );
+});
+
+describe('getContext', () => {
+  const originalEnv = process.env;
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = {
+      ...originalEnv,
+      ...dotenv.parse(fs.readFileSync(path.join(__dirname, 'fixtures/event_create_branch.env')))
+    };
+  });
+  afterEach(() => {
+    process.env = originalEnv;
  });

-  // eslint-disable-next-line jest/expect-expect
-  it('setOutput handles bools', () => {
-    context.setOutput('some output', false);
-    assertWriteCalls([`::set-output name=some output::false${os.EOL}`]);
+  it('workflow', async () => {
+    const context = await getContext(ContextSource.workflow, toolkit);
+    expect(context.ref).toEqual('refs/heads/dev');
+    expect(context.sha).toEqual('5f3331d7f7044c18ca9f12c77d961c4d7cf3276a');
+    expect(context.commitDate).toEqual(new Date('2024-11-13T13:42:28.000Z'));
  });

-  // eslint-disable-next-line jest/expect-expect
-  it('setOutput handles numbers', () => {
-    context.setOutput('some output', 1.01);
-    assertWriteCalls([`::set-output name=some output::1.01${os.EOL}`]);
+  it('git', async () => {
+    jest.spyOn(Git, 'context').mockImplementation((): Promise<Context> => {
+      return Promise.resolve({
+        ref: 'refs/heads/git-test',
+        sha: 'git-test-sha'
+      } as Context);
+    });
+    jest.spyOn(Git, 'commitDate').mockImplementation(async (): Promise<Date> => {
+      return new Date('2023-01-01T13:42:28.000Z');
+    });
+    const context = await getContext(ContextSource.git, toolkit);
+    expect(context.ref).toEqual('refs/heads/git-test');
+    expect(context.sha).toEqual('git-test-sha');
+    expect(context.commitDate).toEqual(new Date('2023-01-01T13:42:28.000Z'));
  });
 });

@@ -198,11 +147,3 @@ function getInputName(name: string): string {
 function setInput(name: string, value: string): void {
  process.env[getInputName(name)] = value;
 }
-
-// Assert that process.stdout.write calls called only with the given arguments.
-function assertWriteCalls(calls: string[]): void {
-  expect(process.stdout.write).toHaveBeenCalledTimes(calls.length);
-  for (let i = 0; i < calls.length; i++) {
-    expect(process.stdout.write).toHaveBeenNthCalledWith(i + 1, calls[i]);
-  }
-}
--- a/tests/flavor.test.ts
+++ b/tests/flavor.test.ts
@@ -1,4 +1,5 @@
 import {describe, expect, test} from '@jest/globals';
+
 import {Flavor, Transform} from '../src/flavor';

 describe('transform', () => {
--- a/tests/github.test.ts
+++ b/tests/github.test.ts
@@ -1,14 +0,0 @@
-import {describe, expect, jest, it} from '@jest/globals';
-import * as github from '../src/github';
-
-import * as repoFixture from './fixtures/repo.json';
-jest.spyOn(github, 'repo').mockImplementation((): Promise<github.ReposGetResponseData> => {
-  return <Promise<github.ReposGetResponseData>>(repoFixture as unknown);
-});
-
-describe('repo', () => {
-  it('returns GitHub repository', async () => {
-    const repo = await github.repo(process.env.GITHUB_TOKEN || '');
-    expect(repo.name).not.toBeNull();
-  });
-});
--- a/tests/image.test.ts
+++ b/tests/image.test.ts
@@ -1,4 +1,5 @@
 import {describe, expect, test} from '@jest/globals';
+
 import {Transform, Image} from '../src/image';

 describe('transform', () => {
@@ -86,7 +87,7 @@ describe('transform', () => {
    [
      [`name/foo,name=name/bar,enable=true`], undefined, true
    ]
-  ])('given %p', async (l: string[], expected: Image[], invalid: boolean) => {
+  ])('given %p', async (l: string[], expected: Image[] | undefined, invalid: boolean) => {
    try {
      const images = Transform(l);
      expect(images).toEqual(expected);
--- a/tests/meta.test.ts
+++ b/tests/meta.test.ts
--- a/tests/tag.test.ts
+++ b/tests/tag.test.ts
@@ -1,4 +1,5 @@
 import {describe, expect, test} from '@jest/globals';
+
 import {Transform, Parse, Tag, Type, RefEvent, ShaFormat, DefaultPriorities} from '../src/tag';

 describe('transform', () => {
@@ -31,7 +32,8 @@ describe('transform', () => {
            "priority": DefaultPriorities[Type.Semver],
            "enable": "true",
            "pattern": "{{version}}",
-            "value": ""
+            "value": "",
+            "match": ""
          }
        },
        {
@@ -126,6 +128,18 @@ describe('parse', () => {
      } as Tag,
      false
    ],
+    [
+      `type=schedule,enable=true,pattern={{date 'YYYYMMDD' tz='Asia/Tokyo'}}`,
+      {
+        type: Type.Schedule,
+        attrs: {
+          "priority": DefaultPriorities[Type.Schedule],
+          "enable": "true",
+          "pattern": `{{date 'YYYYMMDD' tz='Asia/Tokyo'}}`
+        }
+      } as Tag,
+      false
+    ],
    [
      `type=semver,enable=true,pattern={{version}}`,
      {
@@ -134,7 +148,8 @@ describe('parse', () => {
          "priority": DefaultPriorities[Type.Semver],
          "enable": "true",
          "pattern": "{{version}}",
-          "value": ""
+          "value": "",
+          "match": ""
        }
      } as Tag,
      false
@@ -147,7 +162,8 @@ describe('parse', () => {
          "priority": "1",
          "enable": "true",
          "pattern": "{{version}}",
-          "value": ""
+          "value": "",
+          "match": ""
        }
      } as Tag,
      false
@@ -160,7 +176,22 @@ describe('parse', () => {
          "priority": "1",
          "enable": "true",
          "pattern": "{{version}}",
-          "value": "v1.0.0"
+          "value": "v1.0.0",
+          "match": ""
+        }
+      } as Tag,
+      false
+    ],
+    [
+      `type=semver,priority=1,enable=true,pattern={{version}},value=p1/v1.0.0,"match=v(\\d.\\d.\\d)$"`,
+      {
+        type: Type.Semver,
+        attrs: {
+          "priority": "1",
+          "enable": "true",
+          "pattern": "{{version}}",
+          "value": "p1/v1.0.0",
+          "match": "v(\\d.\\d.\\d)$"
        }
      } as Tag,
      false
--- a/action.yml
+++ b/action.yml
@@ -7,9 +7,13 @@ branding:
  color: 'blue'

 inputs:
+  context:
+    description: 'Where to get context data. Allowed options are "workflow"  (default), "git".'
+    default: "workflow"
+    required: true
  images:
    description: 'List of Docker images to use as base name for tags'
-    required: true
+    required: false
  tags:
    description: 'List of tags as key-value pair attributes'
    required: false
@@ -19,12 +23,18 @@ inputs:
  labels:
    description: 'List of custom labels'
    required: false
+  annotations:
+    description: 'List of custom annotations'
+    required: false
  sep-tags:
    description: 'Separator to use for tags output (default \n)'
    required: false
  sep-labels:
    description: 'Separator to use for labels output (default \n)'
    required: false
+  sep-annotations:
+    description: 'Separator to use for annotations output (default \n)'
+    required: false
  bake-target:
    description: 'Bake target name (default docker-metadata-action)'
    required: false
@@ -40,11 +50,19 @@ outputs:
    description: 'Generated Docker tags'
  labels:
    description: 'Generated Docker labels'
-  bake-file:
-    description: 'Bake definiton file'
+  annotations:
+    description: 'Generated annotations'
  json:
    description: 'JSON output of tags and labels'
+  bake-file-tags:
+    description: 'Bake definition file with tags'
+  bake-file-labels:
+    description: 'Bake definition file with labels'
+  bake-file-annotations:
+    description: 'Bake definition file with annotations'
+  bake-file:
+    description: 'Bake definition file with tags and labels'

 runs:
-  using: 'node16'
+  using: 'node20'
  main: 'dist/index.js'
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@@ -1,13 +1,20 @@
 # syntax=docker/dockerfile:1

-ARG NODE_VERSION=16
+ARG NODE_VERSION=20

 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
 WORKDIR /src
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache <<EOT
+  corepack enable
+  yarn --version
+  yarn config set --home enableTelemetry 0
+EOT

 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn install && mkdir /vendor && cp yarn.lock /vendor

@@ -16,18 +23,19 @@ COPY --from=deps /vendor /

 FROM deps AS vendor-validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
-git add -A
-cp -rf /vendor/* .
-if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
-  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
-  git status --porcelain -- yarn.lock
-  exit 1
-fi
+  set -e
+  git add -A
+  cp -rf /vendor/* .
+  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor"'
+    git status --porcelain -- yarn.lock
+    exit 1
+  fi
 EOT

 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run build && mkdir /out && cp -Rf dist /out/

@@ -36,36 +44,37 @@ COPY --from=build /out /

 FROM build AS build-validate
 RUN --mount=type=bind,target=.,rw <<EOT
-set -e
-git add -A
-cp -rf /out/* .
-if [ -n "$(git status --porcelain -- dist)" ]; then
-  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
-  git status --porcelain -- dist
-  exit 1
-fi
+  set -e
+  git add -A
+  cp -rf /out/* .
+  if [ -n "$(git status --porcelain -- dist)" ]; then
+    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+    git status --porcelain -- dist
+    exit 1
+  fi
 EOT

 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run format \
-  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' | cpio -pdm /out
+  && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out

 FROM scratch AS format-update
 COPY --from=format /out /

 FROM deps AS lint
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
  yarn run lint

 FROM deps AS test
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
 RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn run test --coverageDirectory=/tmp/coverage
+  yarn run test --coverage --coverageDirectory=/tmp/coverage

 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/sourcemap-register.js
+++ b/dist/sourcemap-register.js
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,9 +1,15 @@
+target "_common" {
+  args = {
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
+  }
+}
+
 group "default" {
  targets = ["build"]
 }

 group "pre-checkin" {
-  targets = ["vendor-update", "format", "build"]
+  targets = ["vendor", "format", "build"]
 }

 group "validate" {
@@ -11,42 +17,49 @@ group "validate" {
 }

 target "build" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "build-update"
  output = ["."]
 }

 target "build-validate" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "build-validate"
  output = ["type=cacheonly"]
 }

 target "format" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "format-update"
  output = ["."]
 }

 target "lint" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "lint"
  output = ["type=cacheonly"]
 }

-target "vendor-update" {
+target "vendor" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "vendor-update"
  output = ["."]
 }

 target "vendor-validate" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "vendor-validate"
  output = ["type=cacheonly"]
 }

 target "test" {
+  inherits = ["_common"]
  dockerfile = "dev.Dockerfile"
  target = "test-coverage"
  output = ["./coverage"]
--- a/jest.config.ts
+++ b/jest.config.ts
@@ -1,5 +1,21 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-metadata-action-'));
+
+process.env = Object.assign({}, process.env, {
+  TEMP: tmpDir,
+  GITHUB_REPOSITORY: 'docker/metadata-action',
+  RUNNER_TEMP: path.join(tmpDir, 'runner-temp'),
+  RUNNER_TOOL_CACHE: path.join(tmpDir, 'runner-tool-cache')
+}) as {
+  [key: string]: string;
+};
+
 module.exports = {
  clearMocks: true,
+  testEnvironment: 'node',
  moduleFileExtensions: ['js', 'ts'],
  setupFiles: ['dotenv/config'],
  testMatch: ['**/*.test.ts'],
@@ -9,5 +25,7 @@ module.exports = {
  moduleNameMapper: {
    '^csv-parse/sync': '<rootDir>/node_modules/csv-parse/dist/cjs/sync.cjs'
  },
+  collectCoverageFrom: ['src/**/{!(main.ts),}.ts'],
+  coveragePathIgnorePatterns: ['lib/', 'node_modules/', '__mocks__/', '__tests__/'],
  verbose: true
 };
--- a/package.json
+++ b/package.json
@@ -1,13 +1,16 @@
 {
  "name": "docker-metadata-action",
  "description": "GitHub Action to extract metadata (tags, labels) for Docker",
-  "main": "lib/main.js",
+  "main": "src/main.ts",
  "scripts": {
-    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
-    "lint": "eslint src/**/*.ts __tests__/**/*.ts",
-    "format": "eslint --fix src/**/*.ts __tests__/**/*.ts",
-    "test": "jest --coverage",
-    "all": "yarn run build && yarn run format && yarn test"
+    "build": "ncc build --source-map --minify --license licenses.txt",
+    "lint": "yarn run prettier && yarn run eslint",
+    "format": "yarn run prettier:fix && yarn run eslint:fix",
+    "eslint": "eslint --max-warnings=0 .",
+    "eslint:fix": "eslint --fix .",
+    "prettier": "prettier --check \"./**/*.ts\"",
+    "prettier:fix": "prettier --write \"./**/*.ts\"",
+    "test": "jest"
  },
  "repository": {
    "type": "git",
@@ -20,39 +23,36 @@
    "tag",
    "label"
  ],
-  "author": "Docker",
-  "contributors": [
-    {
-      "name": "CrazyMax",
-      "url": "https://crazymax.dev"
-    }
-  ],
+  "author": "Docker Inc.",
  "license": "Apache-2.0",
+  "packageManager": "yarn@3.6.3",
  "dependencies": {
-    "@actions/core": "^1.6.0",
-    "@actions/github": "^5.0.1",
+    "@actions/core": "^1.11.1",
+    "@actions/github": "^6.0.1",
+    "@docker/actions-toolkit": "^0.62.1",
    "@renovate/pep440": "^1.0.0",
-    "csv-parse": "^5.0.4",
-    "handlebars": "^4.7.7",
-    "moment": "^2.29.3",
-    "semver": "^7.3.7"
+    "csv-parse": "^5.6.0",
+    "handlebars": "^4.7.8",
+    "moment": "^2.30.1",
+    "moment-timezone": "^0.6.0",
+    "semver": "^7.7.2"
  },
  "devDependencies": {
    "@types/csv-parse": "^1.2.2",
-    "@types/node": "^16.11.26",
-    "@types/semver": "^7.3.9",
-    "@typescript-eslint/eslint-plugin": "^5.14.0",
-    "@typescript-eslint/parser": "^5.14.0",
-    "@vercel/ncc": "^0.33.3",
-    "dotenv": "^16.0.0",
-    "eslint": "^8.11.0",
-    "eslint-config-prettier": "^8.5.0",
-    "eslint-plugin-jest": "^26.1.1",
-    "eslint-plugin-prettier": "^4.0.0",
-    "jest": "^27.2.5",
-    "prettier": "^2.3.1",
-    "ts-jest": "^27.1.2",
-    "ts-node": "^10.7.0",
-    "typescript": "^4.4.4"
+    "@types/node": "^20.12.12",
+    "@types/semver": "^7.7.0",
+    "@typescript-eslint/eslint-plugin": "^7.9.0",
+    "@typescript-eslint/parser": "^7.9.0",
+    "@vercel/ncc": "^0.38.1",
+    "dotenv": "^16.4.5",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-jest": "^28.5.0",
+    "eslint-plugin-prettier": "^5.1.3",
+    "jest": "^29.7.0",
+    "prettier": "^3.2.5",
+    "ts-jest": "^29.1.2",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.4.5"
  }
 }
--- a/src/context.ts
+++ b/src/context.ts
@@ -1,80 +1,136 @@
-import {parse} from 'csv-parse/sync';
 import * as core from '@actions/core';
-import {issueCommand} from '@actions/core/lib/command';
-import * as fs from 'fs';
-import * as os from 'os';
-import * as path from 'path';
+import {Context as GithubContext} from '@actions/github/lib/context';
+import {Util} from '@docker/actions-toolkit/lib/util';
+import {Git} from '@docker/actions-toolkit/lib/git';
+import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';

-let _tmpDir: string;
+export interface Context extends GithubContext {
+  commitDate: Date;
+}

 export interface Inputs {
+  context: ContextSource;
  images: string[];
  tags: string[];
  flavor: string[];
  labels: string[];
+  annotations: string[];
  sepTags: string;
  sepLabels: string;
+  sepAnnotations: string;
  bakeTarget: string;
  githubToken: string;
 }

-export function tmpDir(): string {
-  if (!_tmpDir) {
-    _tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'docker-metadata-action-')).split(path.sep).join(path.posix.sep);
-  }
-  return _tmpDir;
-}
-
 export function getInputs(): Inputs {
  return {
-    images: getInputList('images', true),
-    tags: getInputList('tags', true),
-    flavor: getInputList('flavor', true),
-    labels: getInputList('labels', true),
-    sepTags: core.getInput('sep-tags') || `\n`,
-    sepLabels: core.getInput('sep-labels') || `\n`,
+    context: (core.getInput('context') || ContextSource.workflow) as ContextSource,
+    images: Util.getInputList('images', {ignoreComma: true, comment: '#'}),
+    tags: Util.getInputList('tags', {ignoreComma: true, comment: '#'}),
+    flavor: Util.getInputList('flavor', {ignoreComma: true, comment: '#'}),
+    labels: Util.getInputList('labels', {ignoreComma: true, comment: '#'}),
+    annotations: Util.getInputList('annotations', {ignoreComma: true, comment: '#'}),
+    sepTags: core.getInput('sep-tags', {trimWhitespace: false}) || `\n`,
+    sepLabels: core.getInput('sep-labels', {trimWhitespace: false}) || `\n`,
+    sepAnnotations: core.getInput('sep-annotations', {trimWhitespace: false}) || `\n`,
    bakeTarget: core.getInput('bake-target') || `docker-metadata-action`,
    githubToken: core.getInput('github-token')
  };
 }

-export function getInputList(name: string, ignoreComma?: boolean): string[] {
-  const res: Array<string> = [];
+export enum ContextSource {
+  workflow = 'workflow',
+  git = 'git'
+}

-  const items = core.getInput(name);
-  if (items == '') {
-    return res;
+export async function getContext(source: ContextSource, toolkit: Toolkit): Promise<Context> {
+  switch (source) {
+    case ContextSource.workflow:
+      return await getContextFromWorkflow(toolkit);
+    case ContextSource.git:
+      return await getContextFromGit();
+    default:
+      throw new Error(`Invalid context source: ${source}`);
+  }
+}
+
+async function getContextFromWorkflow(toolkit: Toolkit): Promise<Context> {
+  const context = GitHub.context;
+
+  // Needs to override Git reference with pr ref instead of upstream branch ref
+  // for pull_request_target event
+  // https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
+  if (/pull_request_target/.test(context.eventName)) {
+    context.ref = `refs/pull/${context.payload.number}/merge`;
  }

-  const records = parse(items, {
-    columns: false,
-    relaxQuotes: true,
-    comment: '#',
-    relaxColumnCount: true,
-    skipEmptyLines: true
-  });
-
-  for (const record of records as Array<string[]>) {
-    if (record.length == 1) {
-      res.push(record[0]);
-      continue;
-    } else if (!ignoreComma) {
-      res.push(...record);
-      continue;
+  // DOCKER_METADATA_PR_HEAD_SHA env var can be used to set associated head
+  // SHA instead of commit SHA that triggered the workflow on pull request
+  // event.
+  if (/true/i.test(process.env.DOCKER_METADATA_PR_HEAD_SHA || '')) {
+    if ((/pull_request/.test(context.eventName) || /pull_request_target/.test(context.eventName)) && context.payload?.pull_request?.head?.sha != undefined) {
+      context.sha = context.payload.pull_request.head.sha;
    }
-    res.push(record.join(','));
  }

-  return res.filter(item => item).map(pat => pat.trim());
+  return {
+    commitDate: await getCommitDateFromWorkflow(context.sha, toolkit),
+    ...context
+  } as Context;
 }

-export const asyncForEach = async (array, callback) => {
-  for (let index = 0; index < array.length; index++) {
-    await callback(array[index], index, array);
+async function getContextFromGit(): Promise<Context> {
+  const ctx = await Git.context();
+
+  return {
+    commitDate: await Git.commitDate(ctx.sha),
+    ...ctx
+  } as Context;
+}
+
+async function getCommitDateFromWorkflow(sha: string, toolkit: Toolkit): Promise<Date> {
+  const event = GitHub.context.payload as unknown as {
+    // branch push
+    commits?: Array<{
+      timestamp: string;
+      // commit sha
+      id: string;
+    }>;
+    // tags
+    head_commit?: {
+      timestamp: string;
+      // commit sha
+      id: string;
+    };
+  };
+
+  if (event.commits) {
+    const commitDate = event.commits.find(x => x.id === sha)?.timestamp;
+    if (commitDate) {
+      return new Date(commitDate);
+    }
  }
-};

-// FIXME: Temp fix https://github.com/actions/toolkit/issues/777
-export function setOutput(name: string, value: unknown): void {
-  issueCommand('set-output', {name}, value);
+  if (event.head_commit) {
+    if (event.head_commit.id === sha) {
+      return new Date(event.head_commit.timestamp);
+    }
+  }
+
+  // fallback to github api for commit date
+  try {
+    const commit = await toolkit.github.octokit.rest.repos.getCommit({
+      owner: GitHub.context.repo.owner,
+      repo: GitHub.context.repo.repo,
+      ref: sha
+    });
+    if (commit.data.commit.committer?.date) {
+      return new Date(commit.data.commit.committer.date);
+    }
+    throw new Error('Committer date not found');
+  } catch (error) {
+    core.debug(`Failed to get commit date from GitHub API: ${error.message}`);
+    return new Date();
+  }
 }
--- a/src/github.ts
+++ b/src/github.ts
@@ -1,16 +0,0 @@
-import * as github from '@actions/github';
-import {Context} from '@actions/github/lib/context';
-import {components as OctoOpenApiTypes} from '@octokit/openapi-types';
-
-export type ReposGetResponseData = OctoOpenApiTypes['schemas']['repository'];
-
-export function context(): Context {
-  return github.context;
-}
-
-export async function repo(token: string): Promise<ReposGetResponseData> {
-  return github
-    .getOctokit(token)
-    .rest.repos.get({...github.context.repo})
-    .then(response => response.data as ReposGetResponseData);
-}
--- a/src/main.ts
+++ b/src/main.ts
@@ -1,34 +1,37 @@
 import * as fs from 'fs';
-import {getInputs, Inputs, setOutput} from './context';
-import * as github from './github';
-import {Meta, Version} from './meta';
 import * as core from '@actions/core';
-import {Context} from '@actions/github/lib/context';
+import * as actionsToolkit from '@docker/actions-toolkit';
+import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
+import {Util} from '@docker/actions-toolkit/lib/util';

-async function run() {
-  try {
-    const inputs: Inputs = await getInputs();
-    if (inputs.images.length == 0) {
-      throw new Error(`images input required`);
-    }
+import {getContext, getInputs, Inputs} from './context';
+import {Meta, Version} from './meta';

-    const context: Context = github.context();
-    const repo: github.ReposGetResponseData = await github.repo(inputs.githubToken);
-    core.startGroup(`Context info`);
-    core.info(`eventName: ${context.eventName}`);
-    core.info(`sha: ${context.sha}`);
-    core.info(`ref: ${context.ref}`);
-    core.info(`workflow: ${context.workflow}`);
-    core.info(`action: ${context.action}`);
-    core.info(`actor: ${context.actor}`);
-    core.info(`runNumber: ${context.runNumber}`);
-    core.info(`runId: ${context.runId}`);
-    core.endGroup();
+actionsToolkit.run(
+  // main
+  async () => {
+    const inputs: Inputs = getInputs();
+    const toolkit = new Toolkit({githubToken: inputs.githubToken});
+    const context = await getContext(inputs.context, toolkit);
+    const repo = await toolkit.github.repoData();
+    const setOutput = outputEnvEnabled() ? setOutputAndEnv : core.setOutput;
+
+    await core.group(`Context info`, async () => {
+      core.info(`eventName: ${context.eventName}`);
+      core.info(`sha: ${context.sha}`);
+      core.info(`ref: ${context.ref}`);
+      core.info(`workflow: ${context.workflow}`);
+      core.info(`action: ${context.action}`);
+      core.info(`actor: ${context.actor}`);
+      core.info(`runNumber: ${context.runNumber}`);
+      core.info(`runId: ${context.runId}`);
+      core.info(`commitDate: ${context.commitDate}`);
+    });

    if (core.isDebug()) {
-      core.startGroup(`Webhook payload`);
-      core.info(JSON.stringify(context.payload, null, 2));
-      core.endGroup();
+      await core.group(`Webhook payload`, async () => {
+        core.info(JSON.stringify(context.payload, null, 2));
+      });
    }

    const meta: Meta = new Meta(inputs, context, repo);
@@ -37,9 +40,9 @@ async function run() {
    if (meta.version.main == undefined || meta.version.main.length == 0) {
      core.warning(`No Docker image version has been generated. Check tags input.`);
    } else {
-      core.startGroup(`Docker image version`);
-      core.info(version.main || '');
-      core.endGroup();
+      await core.group(`Docker image version`, async () => {
+        core.info(version.main || '');
+      });
    }
    setOutput('version', version.main || '');

@@ -48,39 +51,70 @@ async function run() {
    if (tags.length == 0) {
      core.warning('No Docker tag has been generated. Check tags input.');
    } else {
-      core.startGroup(`Docker tags`);
-      for (const tag of tags) {
-        core.info(tag);
-      }
-      core.endGroup();
+      await core.group(`Docker tags`, async () => {
+        for (const tag of tags) {
+          core.info(tag);
+        }
+      });
    }
    setOutput('tags', tags.join(inputs.sepTags));

    // Docker labels
    const labels: Array<string> = meta.getLabels();
-    core.startGroup(`Docker labels`);
-    for (const label of labels) {
-      core.info(label);
-    }
-    core.endGroup();
-    setOutput('labels', labels.join(inputs.sepLabels));
+    await core.group(`Docker labels`, async () => {
+      for (const label of labels) {
+        core.info(label);
+      }
+      setOutput('labels', labels.join(inputs.sepLabels));
+    });
+
+    // Annotations
+    const annotationsRaw: Array<string> = meta.getAnnotations();
+    const annotationsLevels = process.env.DOCKER_METADATA_ANNOTATIONS_LEVELS || 'manifest';
+    await core.group(`Annotations`, async () => {
+      const annotations: Array<string> = [];
+      for (const level of annotationsLevels.split(',')) {
+        annotations.push(
+          ...annotationsRaw.map(label => {
+            const v = `${level}:${label}`;
+            core.info(v);
+            return v;
+          })
+        );
+      }
+      setOutput(`annotations`, annotations.join(inputs.sepAnnotations));
+    });

    // JSON
-    const jsonOutput = meta.getJSON();
-    core.startGroup(`JSON output`);
-    core.info(JSON.stringify(jsonOutput, null, 2));
-    core.endGroup();
-    setOutput('json', jsonOutput);
+    const jsonOutput = meta.getJSON(annotationsLevels.split(','));
+    await core.group(`JSON output`, async () => {
+      core.info(JSON.stringify(jsonOutput, null, 2));
+      setOutput('json', JSON.stringify(jsonOutput));
+    });

-    // Bake definition file
-    const bakeFile: string = meta.getBakeFile();
-    core.startGroup(`Bake definition file`);
-    core.info(fs.readFileSync(bakeFile, 'utf8'));
-    core.endGroup();
-    setOutput('bake-file', bakeFile);
-  } catch (error) {
-    core.setFailed(error.message);
+    // Bake files
+    for (const kind of ['tags', 'labels', 'annotations:' + annotationsLevels]) {
+      const outputName = kind.split(':')[0];
+      const bakeFile: string = meta.getBakeFile(kind);
+      await core.group(`Bake file definition (${outputName})`, async () => {
+        core.info(fs.readFileSync(bakeFile, 'utf8'));
+        setOutput(`bake-file-${outputName}`, bakeFile);
+      });
+    }
+
+    // Bake file with tags and labels
+    setOutput(`bake-file`, `${meta.getBakeFileTagsLabels()}`);
  }
+);
+
+function setOutputAndEnv(name: string, value: string) {
+  core.setOutput(name, value);
+  core.exportVariable(`DOCKER_METADATA_OUTPUT_${name.replace(/\W/g, '_').toUpperCase()}`, value);
 }

-run();
+function outputEnvEnabled(): boolean {
+  if (process.env.DOCKER_METADATA_SET_OUTPUT_ENV) {
+    return Util.parseBool(process.env.DOCKER_METADATA_SET_OUTPUT_ENV);
+  }
+  return true;
+}
--- a/src/meta.ts
+++ b/src/meta.ts
@@ -1,16 +1,19 @@
 import * as handlebars from 'handlebars';
 import * as fs from 'fs';
 import * as path from 'path';
-import moment from 'moment';
+import moment from 'moment-timezone';
 import * as pep440 from '@renovate/pep440';
 import * as semver from 'semver';
-import {Inputs, tmpDir} from './context';
-import {ReposGetResponseData} from './github';
+import * as core from '@actions/core';
+import {Context as ToolkitContext} from '@docker/actions-toolkit/lib/context';
+import {GitHubRepo} from '@docker/actions-toolkit/lib/types/github';
+
+import {Inputs, Context} from './context';
 import * as icl from './image';
 import * as tcl from './tag';
 import * as fcl from './flavor';
-import * as core from '@actions/core';
-import {Context} from '@actions/github/lib/context';
+
+const defaultShortShaLength = 7;

 export interface Version {
  main: string | undefined;
@@ -23,20 +26,13 @@ export class Meta {

  private readonly inputs: Inputs;
  private readonly context: Context;
-  private readonly repo: ReposGetResponseData;
+  private readonly repo: GitHubRepo;
  private readonly images: icl.Image[];
  private readonly tags: tcl.Tag[];
  private readonly flavor: fcl.Flavor;
  private readonly date: Date;

-  constructor(inputs: Inputs, context: Context, repo: ReposGetResponseData) {
-    // Needs to override Git reference with pr ref instead of upstream branch ref
-    // for pull_request_target event
-    // https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
-    if (/pull_request_target/.test(context.eventName)) {
-      context.ref = `refs/pull/${context.payload.number}/merge`;
-    }
-
+  constructor(inputs: Inputs, context: Context, repo: GitHubRepo) {
    this.inputs = inputs;
    this.context = context;
    this.repo = repo;
@@ -118,10 +114,36 @@ export class Meta {
    }

    const currentDate = this.date;
+    const commitDate = this.context.commitDate;
    const vraw = this.setValue(
      handlebars.compile(tag.attrs['pattern'])({
-        date: function (format) {
-          return moment(currentDate).utc().format(format);
+        date: function (format, options) {
+          const m = moment(currentDate);
+          let tz = 'UTC';
+          Object.keys(options.hash).forEach(key => {
+            switch (key) {
+              case 'tz':
+                tz = options.hash[key];
+                break;
+              default:
+                throw new Error(`Unknown ${key} attribute`);
+            }
+          });
+          return m.tz(tz).format(format);
+        },
+        commit_date: function (format, options) {
+          const m = moment(commitDate);
+          let tz = 'UTC';
+          Object.keys(options.hash).forEach(key => {
+            switch (key) {
+              case 'tz':
+                tz = options.hash[key];
+                break;
+              default:
+                throw new Error(`Unknown ${key} attribute`);
+            }
+          });
+          return m.tz(tz).format(format);
        }
      }),
      tag
@@ -139,8 +161,20 @@ export class Meta {
    if (tag.attrs['value'].length > 0) {
      vraw = this.setGlobalExp(tag.attrs['value']);
    } else {
-      vraw = this.context.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-');
+      vraw = this.context.ref.replace(/^refs\/tags\//g, '');
    }
+
+    if (tag.attrs['match'].length > 0) {
+      const tmatch = vraw.match(tag.attrs['match']);
+      if (!tmatch) {
+        core.warning(`${tag.attrs['match']} does not match ${vraw}.`);
+      } else {
+        vraw = tmatch[1];
+      }
+    }
+
+    vraw = vraw.replace(/\//g, '-');
+
    if (!semver.valid(vraw)) {
      core.warning(`${vraw} is not a valid semver. More info: https://semver.org/`);
      return version;
@@ -148,7 +182,7 @@ export class Meta {

    let latest = false;
    const sver = semver.parse(vraw, {
-      includePrerelease: true
+      loose: true
    });
    if (semver.prerelease(vraw)) {
      if (Meta.isRawStatement(tag.attrs['pattern'])) {
@@ -173,8 +207,20 @@ export class Meta {
    if (tag.attrs['value'].length > 0) {
      vraw = this.setGlobalExp(tag.attrs['value']);
    } else {
-      vraw = this.context.ref.replace(/^refs\/tags\//g, '').replace(/\//g, '-');
+      vraw = this.context.ref.replace(/^refs\/tags\//g, '');
    }
+
+    if (tag.attrs['match'].length > 0) {
+      const tmatch = vraw.match(tag.attrs['match']);
+      if (!tmatch) {
+        core.warning(`${tag.attrs['match']} does not match ${vraw}.`);
+      } else {
+        vraw = tmatch[1];
+      }
+    }
+
+    vraw = vraw.replace(/\//g, '-');
+
    if (!pep440.valid(vraw)) {
      core.warning(`${vraw} does not conform to PEP 440. More info: https://www.python.org/dev/peps/pep-0440`);
      return version;
@@ -301,7 +347,7 @@ export class Meta {

    let val = this.context.sha;
    if (tag.attrs['format'] === tcl.ShaFormat.Short) {
-      val = this.context.sha.substr(0, 7);
+      val = Meta.shortSha(this.context.sha);
    }

    const vraw = this.setValue(val, tag);
@@ -312,6 +358,7 @@ export class Meta {
    if (val.length == 0) {
      return version;
    }
+    val = Meta.sanitizeTag(val);
    if (version.main == undefined) {
      version.main = val;
    } else if (val !== version.main) {
@@ -349,60 +396,89 @@ export class Meta {
    return val;
  }

-  private setGlobalExp(val): string {
-    const ctx = this.context;
+  private setGlobalExp(val: string): string {
+    const context = this.context;
    const currentDate = this.date;
+    const commitDate = this.context.commitDate;
    return handlebars.compile(val)({
      branch: function () {
-        if (!/^refs\/heads\//.test(ctx.ref)) {
+        if (!/^refs\/heads\//.test(context.ref)) {
          return '';
        }
-        return ctx.ref.replace(/^refs\/heads\//g, '');
+        return context.ref.replace(/^refs\/heads\//g, '');
      },
      tag: function () {
-        if (!/^refs\/tags\//.test(ctx.ref)) {
+        if (!/^refs\/tags\//.test(context.ref)) {
          return '';
        }
-        return ctx.ref.replace(/^refs\/tags\//g, '');
+        return context.ref.replace(/^refs\/tags\//g, '');
      },
      sha: function () {
-        return ctx.sha.substr(0, 7);
+        return Meta.shortSha(context.sha);
      },
      base_ref: function () {
-        if (/^refs\/tags\//.test(ctx.ref) && ctx.payload?.base_ref != undefined) {
-          return ctx.payload.base_ref.replace(/^refs\/heads\//g, '');
+        if (/^refs\/tags\//.test(context.ref) && context.payload?.base_ref != undefined) {
+          return context.payload.base_ref.replace(/^refs\/heads\//g, '');
        }
        // FIXME: keep this for backward compatibility even if doesn't always seem
        //  to return the expected branch. See the comment below.
-        if (/^refs\/pull\//.test(ctx.ref) && ctx.payload?.pull_request?.base?.ref != undefined) {
-          return ctx.payload.pull_request.base.ref;
+        if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) {
+          return context.payload.pull_request.base.ref;
        }
        return '';
      },
+      commit_date: function (format, options) {
+        const m = moment(commitDate);
+        let tz = 'UTC';
+        Object.keys(options.hash).forEach(key => {
+          switch (key) {
+            case 'tz':
+              tz = options.hash[key];
+              break;
+            default:
+              throw new Error(`Unknown ${key} attribute`);
+          }
+        });
+        return m.tz(tz).format(format);
+      },
      is_default_branch: function () {
-        const branch = ctx.ref.replace(/^refs\/heads\//g, '');
+        const branch = context.ref.replace(/^refs\/heads\//g, '');
        // TODO: "base_ref" is available in the push payload but doesn't always seem to
        //  return the expected branch when the push tag event occurs. It's also not
        //  documented in GitHub docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
        //  more context: https://github.com/docker/metadata-action/pull/192#discussion_r854673012
-        // if (/^refs\/tags\//.test(ctx.ref) && ctx.payload?.base_ref != undefined) {
-        //   branch = ctx.payload.base_ref.replace(/^refs\/heads\//g, '');
+        // if (/^refs\/tags\//.test(context.ref) && context.payload?.base_ref != undefined) {
+        //   branch = context.payload.base_ref.replace(/^refs\/heads\//g, '');
        // }
        if (branch == undefined || branch.length == 0) {
          return 'false';
        }
-        if (ctx.payload?.repository?.default_branch == branch) {
+        if (context.payload?.repository?.default_branch == branch) {
          return 'true';
        }
        // following events always trigger for last commit on default branch
        // https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
-        if (/create/.test(ctx.eventName) || /discussion/.test(ctx.eventName) || /issues/.test(ctx.eventName) || /schedule/.test(ctx.eventName)) {
+        if (/create/.test(context.eventName) || /discussion/.test(context.eventName) || /issues/.test(context.eventName) || /schedule/.test(context.eventName)) {
          return 'true';
        }
        return 'false';
      },
-      date: function (format) {
-        return moment(currentDate).utc().format(format);
+      is_not_default_branch: function () {
+        return this.is_default_branch() === 'false' ? 'true' : 'false';
+      },
+      date: function (format, options) {
+        const m = moment(currentDate);
+        let tz = 'UTC';
+        Object.keys(options.hash).forEach(key => {
+          switch (key) {
+            case 'tz':
+              tz = options.hash[key];
+              break;
+            default:
+              throw new Error(`Unknown ${key} attribute`);
+          }
+        });
+        return m.tz(tz).format(format);
      }
    });
  }
@@ -422,22 +498,43 @@ export class Meta {
    if (!this.version.main) {
      return [];
    }
-    const tags: Array<string> = [];
-    for (const imageName of this.getImageNames()) {
-      tags.push(`${imageName}:${Meta.sanitizeTag(this.version.main)}`);
+
+    const generateTags = (imageName: string, version: string): Array<string> => {
+      const tags: Array<string> = [];
+      const prefix = imageName !== '' ? `${imageName}:` : '';
+      tags.push(`${prefix}${version}`);
      for (const partial of this.version.partial) {
-        tags.push(`${imageName}:${Meta.sanitizeTag(partial)}`);
+        tags.push(`${prefix}${partial}`);
      }
      if (this.version.latest) {
        const latestTag = `${this.flavor.prefixLatest ? this.flavor.prefix : ''}latest${this.flavor.suffixLatest ? this.flavor.suffix : ''}`;
-        tags.push(`${imageName}:${Meta.sanitizeTag(latestTag)}`);
+        tags.push(`${prefix}${Meta.sanitizeTag(latestTag)}`);
      }
+      return tags;
+    };
+
+    const tags: Array<string> = [];
+    const images = this.getImageNames();
+    if (images.length > 0) {
+      for (const imageName of images) {
+        tags.push(...generateTags(imageName, this.version.main));
+      }
+    } else {
+      tags.push(...generateTags('', this.version.main));
    }
    return tags;
  }

  public getLabels(): Array<string> {
-    const labels: Array<string> = [
+    return this.getOCIAnnotationsWithCustoms(this.inputs.labels);
+  }
+
+  public getAnnotations(): Array<string> {
+    return this.getOCIAnnotationsWithCustoms(this.inputs.annotations);
+  }
+
+  private getOCIAnnotationsWithCustoms(extra: string[]): Array<string> {
+    const res: Array<string> = [
      `org.opencontainers.image.title=${this.repo.name || ''}`,
      `org.opencontainers.image.description=${this.repo.description || ''}`,
      `org.opencontainers.image.url=${this.repo.html_url || ''}`,
@@ -447,11 +544,28 @@ export class Meta {
      `org.opencontainers.image.revision=${this.context.sha || ''}`,
      `org.opencontainers.image.licenses=${this.repo.license?.spdx_id || ''}`
    ];
-    labels.push(...this.inputs.labels);
-    return labels;
+    extra.forEach(label => {
+      res.push(this.setGlobalExp(label));
+    });
+
+    return Array.from(
+      new Map<string, string>(
+        res
+          .map(label => label.split('='))
+          // eslint-disable-next-line @typescript-eslint/no-unused-vars
+          .filter(([_key, ...values]) => values.length > 0)
+          .map(([key, ...values]) => [key, values.join('=')] as [string, string])
+      )
+    )
+      .sort((a, b) => a[0].localeCompare(b[0]))
+      .map(([key, value]) => `${key}=${value}`);
  }

-  public getJSON(): unknown {
+  public getJSON(alevels: string[]): unknown {
+    const annotations: Array<string> = [];
+    for (const level of alevels) {
+      annotations.push(...this.getAnnotations().map(label => `${level}:${label}`));
+    }
    return {
      tags: this.getTags(),
      labels: this.getLabels().reduce((res, label) => {
@@ -461,39 +575,74 @@ export class Meta {
        }
        res[matches[1]] = matches[2];
        return res;
-      }, {})
+      }, {}),
+      annotations: annotations
    };
  }

-  public getBakeFile(): string {
-    const bakeFile = path.join(tmpDir(), 'docker-metadata-action-bake.json').split(path.sep).join(path.posix.sep);
-    fs.writeFileSync(
-      bakeFile,
-      JSON.stringify(
+  public getBakeFile(kind: string): string {
+    if (kind == 'tags') {
+      return this.generateBakeFile(
        {
-          target: {
-            [this.inputs.bakeTarget]: {
-              tags: this.getTags(),
-              labels: this.getLabels().reduce((res, label) => {
-                const matches = label.match(/([^=]*)=(.*)/);
-                if (!matches) {
-                  return res;
-                }
-                res[matches[1]] = matches[2];
-                return res;
-              }, {}),
-              args: {
-                DOCKER_META_IMAGES: this.getImageNames().join(','),
-                DOCKER_META_VERSION: this.version.main
-              }
-            }
+          tags: this.getTags(),
+          args: {
+            DOCKER_META_IMAGES: this.getImageNames().join(','),
+            DOCKER_META_VERSION: this.version.main
          }
        },
-        null,
-        2
-      )
-    );
+        kind
+      );
+    } else if (kind == 'labels') {
+      return this.generateBakeFile(
+        {
+          labels: this.getLabels().reduce((res, label) => {
+            const matches = label.match(/([^=]*)=(.*)/);
+            if (!matches) {
+              return res;
+            }
+            res[matches[1]] = matches[2];
+            return res;
+          }, {})
+        },
+        kind
+      );
+    } else if (kind.startsWith('annotations:')) {
+      const name = kind.split(':')[0];
+      const annotations: Array<string> = [];
+      for (const level of kind.split(':')[1].split(',')) {
+        annotations.push(...this.getAnnotations().map(label => `${level}:${label}`));
+      }
+      return this.generateBakeFile(
+        {
+          annotations: annotations
+        },
+        name
+      );
+    }
+    throw new Error(`Unknown bake file type: ${kind}`);
+  }

+  public getBakeFileTagsLabels(): string {
+    return this.generateBakeFile({
+      tags: this.getTags(),
+      labels: this.getLabels().reduce((res, label) => {
+        const matches = label.match(/([^=]*)=(.*)/);
+        if (!matches) {
+          return res;
+        }
+        res[matches[1]] = matches[2];
+        return res;
+      }, {}),
+      args: {
+        DOCKER_META_IMAGES: this.getImageNames().join(','),
+        DOCKER_META_VERSION: this.version.main
+      }
+    });
+  }
+
+  private generateBakeFile(dt, suffix?: string): string {
+    const bakeFile = path.join(ToolkitContext.tmpDir(), `docker-metadata-action-bake${suffix ? `-${suffix}` : ''}.json`);
+    fs.writeFileSync(bakeFile, JSON.stringify({target: {[this.inputs.bakeTarget]: dt}}, null, 2));
    return bakeFile;
  }

@@ -504,4 +653,18 @@ export class Meta {
  private static sanitizeTag(tag: string): string {
    return tag.replace(/[^a-zA-Z0-9._-]+/g, '-');
  }
+
+  private static shortSha(sha: string): string {
+    let shortShaLength = defaultShortShaLength;
+    if (process.env.DOCKER_METADATA_SHORT_SHA_LENGTH) {
+      if (isNaN(Number(process.env.DOCKER_METADATA_SHORT_SHA_LENGTH))) {
+        throw new Error(`DOCKER_METADATA_SHORT_SHA_LENGTH is not a valid number: ${process.env.DOCKER_METADATA_SHORT_SHA_LENGTH}`);
+      }
+      shortShaLength = Number(process.env.DOCKER_METADATA_SHORT_SHA_LENGTH);
+    }
+    if (shortShaLength >= sha.length) {
+      return sha;
+    }
+    return sha.substring(0, shortShaLength);
+  }
 }
--- a/src/tag.ts
+++ b/src/tag.ts
@@ -95,7 +95,7 @@ export function Parse(s: string): Tag {
  for (const field of fields) {
    const parts = field
      .toString()
-      .split('=')
+      .split(/(?<=^[^=]+?)=/)
      .map(item => item.trim());
    if (parts.length == 1) {
      tag.attrs['value'] = parts[0];
@@ -137,6 +137,9 @@ export function Parse(s: string): Tag {
      if (!Object.prototype.hasOwnProperty.call(tag.attrs, 'value')) {
        tag.attrs['value'] = '';
      }
+      if (!Object.prototype.hasOwnProperty.call(tag.attrs, 'match')) {
+        tag.attrs['match'] = '';
+      }
      break;
    }
    case Type.Match: {
--- a/test/Dockerfile
+++ b/test/Dockerfile
@@ -1,3 +1,3 @@
+# syntax=docker/dockerfile:1
 FROM alpine
-
 RUN echo "Hello world!"
--- a/test/output.Dockerfile
+++ b/test/output.Dockerfile
@@ -0,0 +1,14 @@
+# syntax=docker/dockerfile:1
+FROM alpine
+RUN apk add --no-cache coreutils jq
+ARG DOCKER_METADATA_OUTPUT_VERSION
+ARG DOCKER_METADATA_OUTPUT_TAGS
+ARG DOCKER_METADATA_OUTPUT_LABELS
+ARG DOCKER_METADATA_OUTPUT_ANNOTATIONS
+ARG DOCKER_METADATA_OUTPUT_JSON
+RUN printenv DOCKER_METADATA_OUTPUT_VERSION
+RUN printenv DOCKER_METADATA_OUTPUT_TAGS
+RUN printenv DOCKER_METADATA_OUTPUT_LABELS
+RUN printenv DOCKER_METADATA_OUTPUT_ANNOTATIONS
+RUN printenv DOCKER_METADATA_OUTPUT_JSON
+RUN echo $DOCKER_METADATA_OUTPUT_JSON | jq
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -1,20 +1,22 @@
 {
  "compilerOptions": {
+    "esModuleInterop": true,
    "target": "es6",
    "module": "commonjs",
+    "strict": true,
    "newLine": "lf",
    "outDir": "./lib",
    "rootDir": "./src",
-    "esModuleInterop": true,
    "forceConsistentCasingInFileNames": true,
-    "strict": true,
    "noImplicitAny": false,
    "resolveJsonModule": true,
    "useUnknownInCatchVariables": false,
  },
  "exclude": [
+    "./__mocks__/**/*",
+    "./__tests__/**/*",
+    "./lib/**/*",
    "node_modules",
-    "**/*.test.ts",
    "jest.config.ts"
  ]
 }
--- a/yarn.lock
+++ b/yarn.lock