ci: test bake reusable workflow

.github/workflows/build.yml

@@ -11,65 +11,48 @@ on:
       - main
   pull_request:
 
-env:
-  # Use edge release of buildx (latest RC, fallback to latest stable)
-  SETUP_BUILDX_VERSION: edge
-  SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest"
-
-permissions:
-  contents: read # to fetch code (actions/checkout)
-
 jobs:
   releaser:
-    runs-on: ubuntu-24.04
-    steps:
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: ${{ env.SETUP_BUILDX_VERSION }}
-          driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
-      -
-        name: Build
-        uses: docker/bake-action@v6
-        with:
-          files: |
-            docker-bake.hcl
-          targets: releaser-build
+    uses: docker/github-builder-experimental/.github/workflows/bake.yml@main
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    with:
+      output: local
+      target: releaser-build
 
   build:
-    runs-on: ubuntu-24.04
-    needs:
-      - releaser
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Build
-        uses: docker/bake-action@v6
-        with:
-          source: .
-          files: |
-            docker-bake.hcl
-          targets: release
-      -
-        name: Check Cloudfront config
-        uses: docker/bake-action@v6
-        with:
-          source: .
-          targets: aws-cloudfront-update
-        env:
-          DRY_RUN: true
-          AWS_REGION: us-east-1
-          AWS_CLOUDFRONT_ID: 0123456789ABCD
-          AWS_LAMBDA_FUNCTION: DockerDocsRedirectFunction-dummy
+    uses: docker/github-builder-experimental/.github/workflows/bake.yml@main
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    with:
+      output: local
+      target: release
+
+  check-cloudfront:
+    uses: docker/github-builder-experimental/.github/workflows/bake.yml@main
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    with:
+      output: local
+      target: aws-cloudfront-update
+      envs: |
+        DRY_RUN: true
+        AWS_REGION: us-east-1
+        AWS_CLOUDFRONT_ID: 0123456789ABCD
+        AWS_LAMBDA_FUNCTION: DockerDocsRedirectFunction-dummy
 
   validate:
-    runs-on: ubuntu-24.04
+    uses: docker/github-builder-experimental/.github/workflows/bake.yml@main
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
     strategy:
       fail-fast: false
       matrix:
@@ -82,29 +65,28 @@ jobs:
           - dockerfile-lint
           - path-warnings
           - validate-vendor
+    with:
+      output: local
+      target: ${{ matrix.target }}
+      artifact-name: ${{ matrix.target }}
+
+  reviewdog:
+    runs-on: ubuntu-24.04
+    needs: validate
+    if: ${{ github.event_name == 'pull_request' }}
     steps:
       -
-        name: Checkout
-        uses: actions/checkout@v5
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      -
-        name: Validate
-        uses: docker/bake-action@v6
+        name: Download vale output
+        uses: actions/download-artifact@v4
         with:
-          source: .
-          files: |
-            docker-bake.hcl
-          targets: ${{ matrix.target }}
+          name: vale
+          path: ./vale-output
       -
         name: Install reviewdog
-        if: ${{ matrix.target == 'vale' && github.event_name == 'pull_request' }}
         uses: reviewdog/action-setup@d8a7baabd7f3e8544ee4dbde3ee41d0011c3a93f # v1.5.0
       -
         name: Run reviewdog for vale
-        if: ${{ matrix.target == 'vale' && github.event_name == 'pull_request' }}
         run: |
-          cat ./tmp/vale.out | reviewdog -f=rdjsonl -name=vale -reporter=github-pr-annotations -fail-on-error=false -filter-mode=added -level=info -fail-level=warning
+          cat ./vale-output/vale.out | reviewdog -f=rdjsonl -name=vale -reporter=github-pr-annotations -fail-on-error=false -filter-mode=added -level=info -fail-level=warning
         env:
           REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

docker-bake.hcl

@@ -33,6 +33,7 @@ target "release" {
   args = {
     HUGO_ENV = HUGO_ENV
     DOCS_URL = DOCS_URL
+    BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1
   }
   target = "release"
   output = [DOCS_SITE_DIR]
@@ -44,6 +45,7 @@ group "validate" {
 }
 
 target "test" {
+  args = { BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1 }
   target = "test"
   output = ["type=cacheonly"]
   provenance = false
@@ -71,16 +73,19 @@ target "unused-media" {
 }
 
 target "test-go-redirects" {
+  args = { BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1 }
   target = "test-go-redirects"
   output = ["type=cacheonly"]
   provenance = false
 }
 
 target "dockerfile-lint" {
+  args = { BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1 }
   call = "check"
 }
 
 target "path-warnings" {
+  args = { BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1 }
   target = "path-warnings"
   output = ["type=cacheonly"]
 }
@@ -143,7 +148,7 @@ target "aws-cloudfront-update" {
   context = "hack/releaser"
   target = "aws-cloudfront-update"
   contexts = {
-    sitedir = DOCS_SITE_DIR
+    sitedir = "target:release"
   }
   no-cache-filter = ["aws-cloudfront-update"]
   output = ["type=cacheonly"]
@@ -163,6 +168,7 @@ target "vendor" {
 }
 
 target "validate-vendor" {
+  args = { BUILDKIT_CONTEXT_KEEP_GIT_DIR = 1 }
   target = "validate-vendor"
   output = ["type=cacheonly"]
 }