Skip to content

docs: document inline --set override syntax for ssh and composable attributes #3882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mvanhorn wants to merge 1 commit into
base: master
Choose a base branch
from
+43 −0
Open

docs: document inline --set override syntax for ssh and composable attributes #3882

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions docs/bake-reference.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1016,6 +1016,12 @@ RUN --mount=type=ssh \
&& git clone git@github.com:user/my-private-repo.git
```

> [!NOTE]
> When overriding `ssh` from the command line with `--set`, use the inline
> `id=path` string form rather than the object form shown above, for example
> `docker buildx bake --set "*.ssh=default=$HOME/.ssh/id_ed25519"`. Separate
> multiple paths with commas. See [`bake --set`][set] for details.

### `target.tags`

Image names and tags to use for the build target.
Expand Down Expand Up @@ -1478,6 +1484,7 @@ target "webapp-dev" {
[platform]: https://docs.docker.com/reference/cli/docker/buildx/build/#platform
[run_mount_secret]: https://docs.docker.com/reference/dockerfile/#run---mounttypesecret
[secret]: https://docs.docker.com/reference/cli/docker/buildx/build/#secret
[set]: https://docs.docker.com/reference/cli/docker/buildx/bake/#set
[ssh]: https://docs.docker.com/reference/cli/docker/buildx/build/#ssh
[tag]: https://docs.docker.com/reference/cli/docker/image/build/#tag
[target]: https://docs.docker.com/reference/cli/docker/image/build/#target
Expand Down
36 changes: 36 additions & 0 deletions docs/reference/buildx_bake.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,3 +480,39 @@ You can append using `+=` operator for the following fields:

> [!NOTE]
> ¹ These fields already append by default.

#### Inline values for composable attributes

Some fields, such as `ssh`, `secret`, `output`, `cache-to`, `cache-from`,
`attest`, and `annotations`, are composable attributes that accept a list of
object values in a Bake file. When you override these fields with `--set`, you
provide each value using the same inline string syntax as the corresponding
build flag, not the HCL object form. The `--set` override replaces or appends
to the list as a whole; it doesn't address individual sub-fields with a
sub-selector. Only the map-valued fields `args`, `contexts`, `labels`, and
`extra-hosts` support targeting a specific entry with a sub-key (for example
`--set target.args.MYARG=value`).

For example, to set the SSH agent socket or key for a target, use the same
`id=path` form accepted by [`build --ssh`](buildx_build.md#ssh):

```console
$ docker buildx bake --set "*.ssh=default=$HOME/.ssh/id_ed25519"
```

To expose multiple paths for the same `id`, separate them with commas in the
second part:

```console
$ docker buildx bake --set "*.ssh=default=$HOME/.ssh/id_ed25519,$HOME/.ssh/id_rsa"
```

Your shell expands `$HOME` before buildx sees the value. The equivalent Bake
file definition uses the resolved paths directly (Bake doesn't expand `$HOME`
in HCL strings):

```hcl
target "default" {
ssh = [{ id = "default", paths = ["/home/user/.ssh/id_ed25519", "/home/user/.ssh/id_rsa"] }]
}
```