chore(deps): Bump undici from 5.28.3 to 5.28.4

Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/ci.yml

@@ -1274,9 +1274,10 @@ jobs:
         uses: docker/setup-buildx-action@v3
         with:
           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          # TODO: use buildx-stable-1 image when v0.13 promoted
           driver-opts: |
             network=host
-            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            image=moby/buildkit:v0.13.0
           buildkitd-flags: --debug
       -
         name: Build
@@ -1323,9 +1324,10 @@ jobs:
         uses: docker/setup-buildx-action@v3
         with:
           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          # TODO: use buildx-stable-1 image when v0.13 promoted
           driver-opts: |
             network=host
-            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            image=moby/buildkit:v0.13.0
           buildkitd-flags: --debug
       -
         name: Build

README.md

@@ -31,9 +31,6 @@ ___
   * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
   * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
   * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
-  * [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
-  * [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
-  * [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
 * [Customizing](#customizing)
   * [inputs](#inputs)
   * [outputs](#outputs)
@@ -121,6 +118,14 @@ to the default Git context:
           tags: user/app:latest
 ```
 
+> **Warning**
+>
+> Subdirectory for Git context is available from [BuildKit v0.9.0](https://github.com/moby/buildkit/releases/tag/v0.9.0).
+> If you're using the `docker` builder (default if `setup-buildx-action` not used),
+> then BuildKit in Docker Engine will be used. As Docker Engine < v22.x.x embeds
+> Buildkit 0.8.2 at the moment, it does not support this feature. It's therefore
+> required to use the `setup-buildx-action` at the moment.
+
 Building from the current repository automatically uses the [GitHub Token](https://docs.github.com/en/actions/security-guides/automatic-token-authentication),
 so it does not need to be passed. If you want to authenticate against another
 private repository, you have to use a [secret](https://docs.docker.com/build/ci/github-actions/secrets)
@@ -189,9 +194,6 @@ jobs:
 * [Named contexts](https://docs.docker.com/build/ci/github-actions/named-contexts/)
 * [Copy image between registries](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)
 * [Update Docker Hub repo description](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)
-* [SBOM and provenance attestations](https://docs.docker.com/build/ci/github-actions/attestations/)
-* [Annotations](https://docs.docker.com/build/ci/github-actions/annotations/)
-* [Reproducible builds](https://docs.docker.com/build/ci/github-actions/reproducible-builds/)
 
 ## Customizing
 
@@ -230,7 +232,7 @@ Following inputs can be used as `step.with` keys
 | `network`          | String      | Set the networking mode for the `RUN` instructions during build                                                                                                                   |
 | `no-cache`         | Bool        | Do not use cache when building the image (default `false`)                                                                                                                        |
 | `no-cache-filters` | List/CSV    | Do not cache specified stages                                                                                                                                                     |
-| `outputs`          | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         |
+| `outputs`¹         | List        | List of [output destinations](https://docs.docker.com/engine/reference/commandline/buildx_build/#output) (format: `type=local,dest=path`)                                         |
 | `platforms`        | List/CSV    | List of [target platforms](https://docs.docker.com/engine/reference/commandline/buildx_build/#platform) for build                                                                 |
 | `provenance`       | Bool/String | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`)                           |
 | `pull`             | Bool        | Always attempt to pull all referenced images (default `false`)                                                                                                                    |
@@ -246,6 +248,10 @@ Following inputs can be used as `step.with` keys
 | `ulimit`           | List        | [Ulimit](https://docs.docker.com/engine/reference/commandline/buildx_build/#ulimit) options (e.g., `nofile=1024:1024`)                                                            |
 | `github-token`     | String      | GitHub Token used to authenticate against a repository for [Git context](#git-context) (default `${{ github.token }}`)                                                            |
 
+> **Note**
+>
+> * ¹ multiple `outputs` are [not yet supported](https://github.com/moby/buildkit/issues/1555)
+
 ### outputs
 
 The following outputs are available:

__tests__/context.test.ts

@@ -481,7 +481,7 @@ nproc=3`],
       [
         'build',
         '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
@@ -500,7 +500,7 @@ nproc=3`],
       [
         'build',
         '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', `type=provenance,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        "--provenance", `builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
@@ -519,7 +519,7 @@ nproc=3`],
       [
         'build',
         '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        "--provenance", `mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
@@ -538,7 +538,7 @@ nproc=3`],
       [
         'build',
         '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', 'type=provenance,disabled=true',
+        "--provenance", 'false',
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
@@ -557,7 +557,7 @@ nproc=3`],
       [
         'build',
         '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', 'type=provenance,builder-id=foo',
+        "--provenance", 'builder-id=foo',
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
@@ -620,7 +620,7 @@ nproc=3`],
       ]
     ],
     [
-      26,
+      25,
       '0.10.0',
       new Map<string, string>([
         ['context', '.'],
@@ -642,7 +642,7 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
       ]
     ],
     [
-      27,
+      26,
       '0.10.0',
       new Map<string, string>([
         ['context', '.'],
@@ -663,7 +663,7 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
       ]
     ],
     [
-      28,
+      27,
       '0.11.0',
       new Map<string, string>([
         ['context', '.'],
@@ -677,13 +677,13 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
       [
         'build',
         '--output', 'type=local,dest=./release-out',
-        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
     ],
     [
-      29,
+      28,
       '0.12.0',
       new Map<string, string>([
         ['context', '.'],
@@ -701,13 +701,13 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         '--annotation', 'manifest:example3=yyy',
         '--annotation', 'manifest-descriptor[linux/amd64]:example4=zzz',
         '--output', 'type=local,dest=./release-out',
-        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
     ],
     [
-      30,
+      29,
       '0.12.0',
       new Map<string, string>([
         ['context', '.'],
@@ -721,71 +721,11 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`]
         'build',
         '--iidfile', path.join(tmpDir, 'iidfile'),
         "--output", `type=image,"name=localhost:5000/name/app:latest,localhost:5000/name/app:foo",push-by-digest=true,name-canonical=true,push=true`,
-        '--attest', `type=provenance,mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
+        "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
         '--metadata-file', path.join(tmpDir, 'metadata-file'),
         '.'
       ]
-    ],
-    [
-      31,
-      '0.13.1',
-      new Map<string, string>([
-        ['context', '.'],
-        ['load', 'false'],
-        ['no-cache', 'false'],
-        ['push', 'false'],
-        ['pull', 'false'],
-        ['provenance', 'mode=max'],
-        ['sbom', 'true'],
-      ]),
-      [
-        'build',
-        '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
-        '--attest', `type=sbom,disabled=false`,
-        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        '.'
-      ]
-    ],
-    [
-      32,
-      '0.13.1',
-      new Map<string, string>([
-        ['context', '.'],
-        ['load', 'false'],
-        ['no-cache', 'false'],
-        ['push', 'false'],
-        ['pull', 'false'],
-        ['attests', 'type=provenance,mode=min'],
-        ['provenance', 'mode=max'],
-      ]),
-      [
-        'build',
-        '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', `type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
-        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        '.'
-      ]
-    ],
-    [
-      33,
-      '0.13.1',
-      new Map<string, string>([
-        ['context', '.'],
-        ['load', 'false'],
-        ['no-cache', 'false'],
-        ['push', 'false'],
-        ['pull', 'false'],
-        ['attests', 'type=provenance,mode=min'],
-      ]),
-      [
-        'build',
-        '--iidfile', path.join(tmpDir, 'iidfile'),
-        '--attest', `type=provenance,mode=min,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`,
-        '--metadata-file', path.join(tmpDir, 'metadata-file'),
-        '.'
-      ]
-    ],
+    ]
   ])(
     '[%d] given %p with %p as inputs, returns %p',
     async (num: number, buildxVersion: string, inputs: Map<string, string>, expected: Array<string>) => {

docs/advanced/cache.md

@@ -0,0 +1,3 @@
+# Cache
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/cache/)

docs/advanced/copy-between-registries.md

@@ -0,0 +1,3 @@
+# Copy images between registries
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/copy-image-registries/)

docs/advanced/dockerhub-desc.md

@@ -0,0 +1,3 @@
+# Update Docker Hub repo description
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/)

docs/advanced/export-docker.md

@@ -0,0 +1,3 @@
+# Export image to Docker
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/export-docker/)

docs/advanced/isolated-builders.md

@@ -0,0 +1,3 @@
+# Isolated builders
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/configure-builder/#isolated-builders)

docs/advanced/local-registry.md

@@ -0,0 +1,3 @@
+# Local registry
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/local-registry/)

docs/advanced/multi-platform.md

@@ -0,0 +1,3 @@
+# Multi-platform image
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/multi-platform/)

docs/advanced/named-contexts.md

@@ -0,0 +1,3 @@
+# Named contexts
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/named-contexts/)

docs/advanced/push-multi-registries.md

@@ -0,0 +1,3 @@
+# Push to multi-registries
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/push-multi-registries/)

docs/advanced/secrets.md

@@ -0,0 +1,3 @@
+# Secrets
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/secrets/)

docs/advanced/share-image-jobs.md

@@ -0,0 +1,3 @@
+# Share built image between jobs
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/share-image-jobs/)

docs/advanced/tags-labels.md

@@ -0,0 +1,3 @@
+# Handle tags and labels
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/manage-tags-labels/)

docs/advanced/test-before-push.md

@@ -0,0 +1,3 @@
+# Test your image before pushing it
+
+This page has moved to [Docker Docs website](https://docs.docker.com/build/ci/github-actions/test-before-push/)

package.json

@@ -27,7 +27,7 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@actions/core": "^1.10.1",
-    "@docker/actions-toolkit": "0.22.0",
+    "@docker/actions-toolkit": "0.20.0",
     "handlebars": "^4.7.7"
   },
   "devDependencies": {

src/context.ts

@@ -1,9 +1,8 @@
 import * as core from '@actions/core';
 import * as handlebars from 'handlebars';
-
-import {Build} from '@docker/actions-toolkit/lib/buildx/build';
 import {Context} from '@docker/actions-toolkit/lib/context';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
 import {Util} from '@docker/actions-toolkit/lib/util';
 
@@ -63,7 +62,7 @@ export async function getInputs(): Promise<Inputs> {
     noCacheFilters: Util.getInputList('no-cache-filters'),
     outputs: Util.getInputList('outputs', {ignoreComma: true, quote: false}),
     platforms: Util.getInputList('platforms'),
-    provenance: Build.getProvenanceInput('provenance'),
+    provenance: BuildxInputs.getProvenanceInput('provenance'),
     pull: core.getBooleanInput('pull'),
     push: core.getBooleanInput('push'),
     sbom: core.getInput('sbom'),
@@ -99,6 +98,13 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
   if (inputs.allow.length > 0) {
     args.push('--allow', inputs.allow.join(','));
   }
+  if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
+    await Util.asyncForEach(inputs.attests, async attest => {
+      args.push('--attest', attest);
+    });
+  } else if (inputs.attests.length > 0) {
+    core.warning("Attestations are only supported by buildx >= 0.10.0; the input 'attests' is ignored.");
+  }
   if (await toolkit.buildx.versionSatisfies('>=0.12.0')) {
     await Util.asyncForEach(inputs.annotations, async annotation => {
       args.push('--annotation', annotation);
@@ -127,7 +133,7 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
   }
   await Util.asyncForEach(inputs.secretEnvs, async secretEnv => {
     try {
-      args.push('--secret', Build.resolveSecretEnv(secretEnv));
+      args.push('--secret', BuildxInputs.resolveBuildSecretEnv(secretEnv));
     } catch (err) {
       core.warning(err.message);
     }
@@ -135,8 +141,8 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
   if (inputs.file) {
     args.push('--file', inputs.file);
   }
-  if (!Build.hasLocalExporter(inputs.outputs) && !Build.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
-    args.push('--iidfile', Build.getImageIDFilePath());
+  if (!BuildxInputs.hasLocalExporter(inputs.outputs) && !BuildxInputs.hasTarExporter(inputs.outputs) && (inputs.platforms.length == 0 || (await toolkit.buildx.versionSatisfies('>=0.4.2')))) {
+    args.push('--iidfile', BuildxInputs.getBuildImageIDFilePath());
   }
   await Util.asyncForEach(inputs.labels, async label => {
     args.push('--label', label);
@@ -151,26 +157,43 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit):
     args.push('--platform', inputs.platforms.join(','));
   }
   if (await toolkit.buildx.versionSatisfies('>=0.10.0')) {
-    args.push(...(await getAttestArgs(inputs, toolkit)));
-  } else {
-    core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'attests', 'provenance' and 'sbom' are ignored.");
+    if (inputs.provenance) {
+      args.push('--provenance', inputs.provenance);
+    } else if ((await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !BuildxInputs.hasDockerExporter(inputs.outputs, inputs.load)) {
+      // if provenance not specified and BuildKit version compatible for
+      // attestation, set default provenance. Also needs to make sure user
+      // doesn't want to explicitly load the image to docker.
+      if (GitHub.context.payload.repository?.private ?? false) {
+        // if this is a private repository, we set the default provenance
+        // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
+        args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=min,inline-only=true`));
+      } else {
+        // for a public repository, we set max provenance mode.
+        args.push('--provenance', BuildxInputs.resolveProvenanceAttrs(`mode=max`));
+      }
+    }
+    if (inputs.sbom) {
+      args.push('--sbom', inputs.sbom);
+    }
+  } else if (inputs.provenance || inputs.sbom) {
+    core.warning("Attestations are only supported by buildx >= 0.10.0; the inputs 'provenance' and 'sbom' are ignored.");
   }
   await Util.asyncForEach(inputs.secrets, async secret => {
     try {
-      args.push('--secret', Build.resolveSecretString(secret));
+      args.push('--secret', BuildxInputs.resolveBuildSecretString(secret));
     } catch (err) {
       core.warning(err.message);
     }
   });
   await Util.asyncForEach(inputs.secretFiles, async secretFile => {
     try {
-      args.push('--secret', Build.resolveSecretFile(secretFile));
+      args.push('--secret', BuildxInputs.resolveBuildSecretFile(secretFile));
     } catch (err) {
       core.warning(err.message);
     }
   });
-  if (inputs.githubToken && !Build.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
-    args.push('--secret', Build.resolveSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
+  if (inputs.githubToken && !BuildxInputs.hasGitAuthTokenSecret(inputs.secrets) && context.startsWith(Context.gitContext())) {
+    args.push('--secret', BuildxInputs.resolveBuildSecretString(`GIT_AUTH_TOKEN=${inputs.githubToken}`));
   }
   if (inputs.shmSize) {
     args.push('--shm-size', inputs.shmSize);
@@ -199,7 +222,7 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
     args.push('--load');
   }
   if (await toolkit.buildx.versionSatisfies('>=0.6.0')) {
-    args.push('--metadata-file', Build.getMetadataFilePath());
+    args.push('--metadata-file', BuildxInputs.getBuildMetadataFilePath());
   }
   if (inputs.network) {
     args.push('--network', inputs.network);
@@ -215,52 +238,3 @@ async function getCommonArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<st
   }
   return args;
 }
-
-async function getAttestArgs(inputs: Inputs, toolkit: Toolkit): Promise<Array<string>> {
-  const args: Array<string> = [];
-
-  // check if provenance attestation is set in attests input
-  let hasAttestProvenance = false;
-  await Util.asyncForEach(inputs.attests, async (attest: string) => {
-    if (Build.hasAttestationType('provenance', attest)) {
-      hasAttestProvenance = true;
-    }
-  });
-
-  let provenanceSet = false;
-  let sbomSet = false;
-  if (inputs.provenance) {
-    args.push('--attest', Build.resolveAttestationAttrs(`type=provenance,${inputs.provenance}`));
-    provenanceSet = true;
-  } else if (!hasAttestProvenance && (await toolkit.buildkit.versionSatisfies(inputs.builder, '>=0.11.0')) && !Build.hasDockerExporter(inputs.outputs, inputs.load)) {
-    // if provenance not specified in provenance or attests inputs and BuildKit
-    // version compatible for attestation, set default provenance. Also needs
-    // to make sure user doesn't want to explicitly load the image to docker.
-    if (GitHub.context.payload.repository?.private ?? false) {
-      // if this is a private repository, we set the default provenance
-      // attributes being set in buildx: https://github.com/docker/buildx/blob/fb27e3f919dcbf614d7126b10c2bc2d0b1927eb6/build/build.go#L603
-      args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=min,inline-only=true`)}`);
-    } else {
-      // for a public repository, we set max provenance mode.
-      args.push('--attest', `type=provenance,${Build.resolveProvenanceAttrs(`mode=max`)}`);
-    }
-  }
-  if (inputs.sbom) {
-    args.push('--attest', Build.resolveAttestationAttrs(`type=sbom,${inputs.sbom}`));
-    sbomSet = true;
-  }
-
-  // set attests but check if provenance or sbom types already set as
-  // provenance and sbom inputs take precedence over attests input.
-  await Util.asyncForEach(inputs.attests, async (attest: string) => {
-    if (!Build.hasAttestationType('provenance', attest) && !Build.hasAttestationType('sbom', attest)) {
-      args.push('--attest', Build.resolveAttestationAttrs(attest));
-    } else if (!provenanceSet && Build.hasAttestationType('provenance', attest)) {
-      args.push('--attest', Build.resolveProvenanceAttrs(attest));
-    } else if (!sbomSet && Build.hasAttestationType('sbom', attest)) {
-      args.push('--attest', attest);
-    }
-  });
-
-  return args;
-}

src/main.ts

@@ -3,14 +3,12 @@ import * as path from 'path';
 import * as stateHelper from './state-helper';
 import * as core from '@actions/core';
 import * as actionsToolkit from '@docker/actions-toolkit';
-
-import {Build} from '@docker/actions-toolkit/lib/buildx/build';
 import {Context} from '@docker/actions-toolkit/lib/context';
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 import {Exec} from '@docker/actions-toolkit/lib/exec';
 import {GitHub} from '@docker/actions-toolkit/lib/github';
+import {Inputs as BuildxInputs} from '@docker/actions-toolkit/lib/buildx/inputs';
 import {Toolkit} from '@docker/actions-toolkit/lib/toolkit';
-
 import {ConfigFile} from '@docker/actions-toolkit/lib/types/docker';
 
 import * as context from './context';
@@ -91,9 +89,9 @@ actionsToolkit.run(
       }
     });
 
-    const imageID = Build.resolveImageID();
-    const metadata = Build.resolveMetadata();
-    const digest = Build.resolveDigest();
+    const imageID = BuildxInputs.resolveBuildImageID();
+    const metadata = BuildxInputs.resolveBuildMetadata();
+    const digest = BuildxInputs.resolveDigest();
 
     if (imageID) {
       await core.group(`ImageID`, async () => {
@@ -109,9 +107,8 @@ actionsToolkit.run(
     }
     if (metadata) {
       await core.group(`Metadata`, async () => {
-        const metadatadt = JSON.stringify(metadata, null, 2);
-        core.info(metadatadt);
-        core.setOutput('metadata', metadatadt);
+        core.info(metadata);
+        core.setOutput('metadata', metadata);
       });
     }
   },