support metadata handlebars in build and bake inputs

.github/workflows/.test-bake.yml

@@ -39,6 +39,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello
       meta-images: |
         public.ecr.aws/q3b5f1u4/test-docker-action
@@ -90,6 +92,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello-cross
       meta-images: |
         public.ecr.aws/q3b5f1u4/test-docker-action
@@ -160,6 +164,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       sign: false
       target: hello-cross
       meta-images: |
@@ -210,6 +216,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello-cross
       meta-images: |
         registry-1-stage.docker.io/docker/github-builder-test
@@ -260,6 +268,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello-cross
       meta-images: |
         ghcr.io/docker/github-builder-test
@@ -460,6 +470,8 @@ jobs:
       context: test
       output: image
       push: false
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello-cross
       meta-images: |
         public.ecr.aws/q3b5f1u4/test-docker-action
@@ -492,6 +504,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello-cross
       meta-images: |
         public.ecr.aws/q3b5f1u4/test-docker-action
@@ -542,6 +556,8 @@ jobs:
       output: image
       push: ${{ github.event_name != 'pull_request' }}
       sbom: true
+      set: |
+        *.args.VERSION={{meta.version}}
       target: hello-cross
       meta-images: |
         registry-1-stage.docker.io/docker/github-builder-test

.github/workflows/.test-build.yml

@@ -33,6 +33,8 @@ jobs:
       contents: read
       id-token: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       cache: true
       cache-scope: build-aws-single
       file: test/hello.Dockerfile
@@ -84,6 +86,8 @@ jobs:
       contents: read
       id-token: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       cache: true
       cache-scope: build-aws
       file: test/hello.Dockerfile
@@ -154,6 +158,8 @@ jobs:
       contents: read
       id-token: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       cache: true
       cache-scope: build-aws-nosign
       file: test/hello.Dockerfile
@@ -207,6 +213,8 @@ jobs:
       id-token: write
       packages: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       file: test/hello.Dockerfile
       output: image
       platforms: linux/amd64,linux/arm64
@@ -255,6 +263,8 @@ jobs:
       contents: read
       id-token: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       file: test/hello.Dockerfile
       output: image
       platforms: linux/amd64,linux/arm64
@@ -304,6 +314,8 @@ jobs:
       id-token: write
       packages: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       file: test/hello.Dockerfile
       output: image
       platforms: linux/amd64,linux/arm64
@@ -504,6 +516,8 @@ jobs:
       id-token: write
     with:
       runner: amd64
+      build-args: |
+        VERSION={{meta.version}}
       file: test/hello.Dockerfile
       output: image
       platforms: linux/amd64,linux/arm64
@@ -532,6 +546,8 @@ jobs:
       id-token: write
     with:
       distribute: false
+      build-args: |
+        VERSION={{meta.version}}
       cache: true
       cache-scope: build-aws-nodistrib
       file: test/hello.Dockerfile
@@ -570,6 +586,8 @@ jobs:
       contents: read
       id-token: write
     with:
+      build-args: |
+        VERSION={{meta.version}}
       file: test/hello.Dockerfile
       output: image
       platforms: linux/amd64,linux/arm64

.github/workflows/bake.yml

@@ -154,6 +154,7 @@ env:
   SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0"
   BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65"
   DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0"
+  HANDLEBARS_MODULE: "handlebars@4.7.8"
   COSIGN_VERSION: "v3.0.2"
   LOCAL_EXPORT_DIR: "/tmp/buildx-output"
   MATRIX_SIZE_LIMIT: "20"
@@ -167,7 +168,7 @@ jobs:
       ghaCacheSign: ${{ steps.set.outputs.ghaCacheSign }}
     steps:
       -
-        name: Install @docker/actions-toolkit
+        name: Install dependencies
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           INPUT_DAT-MODULE: ${{ env.DOCKER_ACTIONS_TOOLKIT_MODULE }}
@@ -458,13 +459,20 @@ jobs:
       result_19: ${{ steps.result.outputs.result_19 }}
     steps:
       -
-        name: Install @docker/actions-toolkit
+        name: Install dependencies
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           INPUT_DAT-MODULE: ${{ env.DOCKER_ACTIONS_TOOLKIT_MODULE }}
+          INPUT_HANDLEBARS-MODULE: ${{ env.HANDLEBARS_MODULE }}
         with:
           script: |
-            await exec.exec('npm', ['install', '--prefer-offline', '--ignore-scripts', core.getInput('dat-module')]);
+            await exec.exec('npm', [
+              'install',
+              '--prefer-offline',
+              '--ignore-scripts',
+              core.getInput('dat-module'),
+              core.getInput('handlebars-module')
+            ]);
       -
         name: Docker meta
         id: meta
@@ -610,6 +618,8 @@ jobs:
           INPUT_TARGET: ${{ inputs.target }}
           INPUT_VARS: ${{ inputs.vars }}
           INPUT_META-IMAGES: ${{ inputs.meta-images }}
+          INPUT_META-VERSION: ${{ steps.meta.outputs.version }}
+          INPUT_META-TAGS: ${{ steps.meta.outputs.tags }}
           INPUT_SET-META-ANNOTATIONS: ${{ inputs.set-meta-annotations }}
           INPUT_SET-META-LABELS: ${{ inputs.set-meta-labels }}
           INPUT_BAKE-FILE-TAGS: ${{ steps.meta.outputs.bake-file-tags }}
@@ -619,6 +629,7 @@ jobs:
         with:
           script: |
             const os = require('os');
+            const Handlebars = require('handlebars');
             const { Build } = require('@docker/actions-toolkit/lib/buildx/build');
             const { GitHub } = require('@docker/actions-toolkit/lib/github/github');
             const { Util } = require('@docker/actions-toolkit/lib/util');
@@ -642,12 +653,20 @@ jobs:
             const inpTarget = core.getInput('target');
             const inpVars = Util.getInputList('vars');
             const inpMetaImages = core.getMultilineInput('meta-images');
+            const inpMetaVersion = core.getInput('meta-version');
+            const inpMetaTags = core.getMultilineInput('meta-tags');
             const inpSetMetaAnnotations = core.getBooleanInput('set-meta-annotations');
             const inpSetMetaLabels = core.getBooleanInput('set-meta-labels');
             const inpBakeFileTags = core.getInput('bake-file-tags');
             const inpBakeFileAnnotations = core.getInput('bake-file-annotations');
             const inpBakeFileLabels = core.getInput('bake-file-labels');
             const inpGitHubToken = core.getInput('github-token');
+
+            const meta = {
+              version: inpMetaVersion,
+              tags: inpMetaTags
+            };
+            const renderTemplate = value => Handlebars.compile(value, {noEscape: true})({meta});
 
             const bakeSource = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}.git#${process.env.GITHUB_REF}:${inpContext}`;
             await core.group(`Set source output`, async () => {
@@ -719,8 +738,15 @@ jobs:
                 return;
             }
 
-            let bakeOverrides = [...inpSet, outputOverride];
+            let bakeOverrides = [];
+            try {
+              bakeOverrides = inpSet.map(override => renderTemplate(override));
+            } catch (err) {
+              core.setFailed(`Failed to render Handlebars template: ${err.message}`);
+              return;
+            }
             await core.group(`Set bake overrides`, async () => {
+              bakeOverrides.push(outputOverride);
               bakeOverrides.push('*.tags=');
               if (GitHub.context.payload.repository?.private ?? false) {
                 // if this is a private repository, we set min provenance mode
@@ -915,7 +941,7 @@ jobs:
       - build
     steps:
       -
-        name: Install @docker/actions-toolkit
+        name: Install dependencies
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           INPUT_DAT-MODULE: ${{ env.DOCKER_ACTIONS_TOOLKIT_MODULE }}