buildx icon indicating copy to clipboard operation
buildx copied to clipboard
verified publisher icon docker

bake doesn't handle tilde expansion

Open dvdksn opened this issue 2 years ago • 4 comments

Contributing guidelines

I've found a bug and checked that ...

  • [X] ... the documentation does not mention anything about my problem
  • [X] ... there are no open or closed issues that are related to my problem

Description

Maybe intentional, but Bake is not able to resolve tilde expansion to mean the user's home directory when used in a bake attribute value.

For example:

$ stat -F ~/token
-rw-r--r-- 1 david david 5 Apr 15 21:51:35 2023 /Users/david/token
$ docker buildx bake
[+] Building 0.0s (0/0)                                                                                                                                                                                
ERROR: failed to stat ~/token: stat ~/token: no such file or directory

Expected behaviour

I expected tilde expansion to resolve to the home directory

Actual behaviour

Tilde is not expanded

Buildx version

github.com/docker/buildx v0.10.4 c513d34049e499c53468deac6c4267ee72948f02

Docker info

No response

Builders list

NAME/NODE       DRIVER/ENDPOINT STATUS  BUILDKIT                         PLATFORMS
default *       docker                                                   
  default       default         running 22.06.0-beta.0-926-g914b02ebaf.m linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/mips64le, linux/mips64
desktop-linux   docker                                                   
  desktop-linux desktop-linux   running 22.06.0-beta.0-926-g914b02ebaf.m linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/mips64le, linux/mips64

Configuration

target "default" {
  secret = [
    "type=file,id=token,src=~/token"
  ]
}

FROM alpine
RUN --mount=type=secret,id=token \
    cat /run/secrets/token > /token

Build logs

No response

Additional info

No response

dvdksn avatar Apr 17 '23 07:04 dvdksn

I just realized that it doesn't work with the regular --secret flag for build either.

--secret id=foo,src=~/token expands to $PWD/~/token

dvdksn avatar Sep 04 '24 15:09 dvdksn

Not just bake but also build:

docker buildx build --secret=id=token,src=~/.token .
ERROR: failed to build: failed to stat ~/.token: stat ~/.token: no such file or directory

Needs changes in secret store on BuildKit to handle this.

crazy-max avatar Jul 02 '25 10:07 crazy-max

Since https://github.com/docker/buildx/pull/3351 you can use homedir() func as a workaround:

target "default" {
  secret = [
    "type=file,id=token,src=${homedir()}/token"
  ]
}

crazy-max avatar Aug 25 '25 14:08 crazy-max

That's fantastic, thanks! 🙂

dvdksn avatar Aug 26 '25 07:08 dvdksn