Notable Changes:
Builtin Dockerfile frontend has been updated to v1.24.0 changelog
BuildKit now supports the concept of "compatibility version" for improved reproducible builds support across different BuildKit versions. This allows users to specify a version for which the build should be compatible with, and BuildKit will attempt to maintain compatibility with that version when possible. Compatibility version will be stored in the provenance attestation of the build and can be used to independently verify the artifacts of the build on other BuildKit versions. The current compatibility version and backward compatibility with old versions are defined in Build reproducibility docs #6681
Git sources now support fetch-by-commit option where commit is fetched by the SHA and then associated with the reference. This is useful when checking out mutable references refs/NR/merge where the commit SHA may change during invocation and cause checksum mismatch error #6708
The LLB API now supports Git bundle format. Git bundles can be loaded from registry or OCI layout blobs and Git sources can be checked out into bundle format for snapshotting #6711
Provenance attestations for multi-pass or chained builds now include request details for root requests and individual input requests, allowing full reconstruction of such complex builds #6739
The version of the built-in Dockerfile frontend that was used is now included in the provenance metadata and reported via worker info APIs. #6705
Improve error reporting for registry errors on cache export #6762
S3 cache now supports additional options retry_mode and retry_max_attempts to configure retry behavior of S3 client #6657
S3 cache now supports disable_accept_encoding option for GCS interoperability #6642
Reduce potential lock contention in gateway forwarder for improved performance on parallel builds #6741
A new log level option has been added to the buildkitd TOML configuration; previous "debug" and "trace" options have been deprecated #6732
Allow gateway frontend requests to forward to the built-in Dockerfile frontend the same way as to external frontends #6643
Session connection health checks have been improved to better detect loss of connectivity and avoid stuck builds #6649
Fix issue with Git subdirectory value not being included in ConfigSource section of SLSA provenance for builds from Git sources #6724
Avoid potential deadlock if the credential helper in the client is misbehaving and never returns credentials #6709
Fix possible data race in provenance computation on parallel builds #6758
Fix possible provenance capture race in concurrent no-cache builds that could leave source pins empty and fail with an invalid checksum digest error #6764
Fix possible data race in progress writer #6679
Fix data race in S3 cache reader #6675
Fix possible Git config lookup errors on Windows #6639
Fix build cancellation not working properly when blocked on credential callback #6641
Deployment:
- gitlab-cloud-runners staging
- gitlab-cloud-runners production
- WMCS and Trusted runners