Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

bake: handle tilde expansion in filepaths #3409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dvdksn wants to merge 1 commit into docker:master
base: master
Choose a base branch
Loading
from dvdksn:bake-expand-tilde

Conversation

@dvdksn
Copy link
Contributor

@dvdksn dvdksn commented Sep 5, 2025
edited
Loading

Description

Adds tilde expansion for filepath attributes in bake files.

  • ~/path - expands to current user's home directory + path
  • ~ - expands to current user's home directory
  • ~username/path - expands to specified user's home directory + path

Note on Windows support:

  • ~ is equivalent to %USERPROFILE%
  • ~username is not supported

Related issues

 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
@dvdksn dvdksn marked this pull request as ready for review September 7, 2025 15:52
Copy link
Contributor Author

dvdksn commented Sep 7, 2025

cc @crazy-max ptal 🙂

Copy link
Member

@crazy-max crazy-max left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks!

Was wondering if fs entitlements would still be applied and looks like it as expansion happens when reading targets:

target "default" {
 output = ["~/bake"]
}
docker buildx bake --print
{
 "group": {
 "default": {
 "targets": [
 "default"
 ]
 }
 },
 "target": {
 "default": {
 "context": ".",
 "dockerfile": "Dockerfile",
 "output": [
 {
 "dest": "/home/crazy/bake",
 "type": "local"
 }
 ]
 }
 }
}

docker buildx bake
#0 building with "default" instance using docker driver
#1 [internal] load local bake definitions
#1 reading docker-bake.hcl 43B / 43B done
#1 DONE 0.0s
Your build is requesting privileges for following possibly insecure capabilities:
 - Write access to path /home/crazy
In order to not see this message in the future pass "--allow=fs.write=/home/crazy" to grant requested privileges.
Your full command with requested privileges:
docker buildx bake --allow=fs.write=/home/crazy
To disable filesystem entitlements checks, you can set BUILDX_BAKE_ENTITLEMENTS_FS=0 .
Do you want to grant requested privileges and continue? [y/N]

Copy link
Member

Slightly concerned if this will start users expecting ~ to work everywhere; I know we had similar cases in the docker cli, where (by design), paths were expected to be absolute in various flags; also having only support on Linux can mean that the bakefile is no longer portable. But now could become a sliding slope, where (e.g.) %APPDIR% and other similar vars are also expected to work.

Copy link
Contributor Author

dvdksn commented Sep 8, 2025

@thaJeztah that's a valid concern. For things like %APPDIR%, that's already supported via variables. There's just on syntactic sugar in the bake file format - you'd have to do $APPDIR, and then it should work (if set, as it would be on win)

I quite like the ~username syntax for things like builds though because it lets you map cache, output, etc without explicitly hardcoding the paths.

Copy link
Collaborator

I agree with @thaJeztah that adding support for a tilde expansion is a bit of a slippery slope. Tilde expansions are generally done as part of the shell program and it isn't supported by most command line tools. This shows up in cases where --path=~/foo doesn't work but --path ~/foo will work because the first gets passed with ~ verbatim.

Recently, @crazy-max added a homedir() function to bake. I think it would be better and more explicit if we suggested something like this:

variable "HOME" {
 default = homedir()
}

Then HOME can be expanded consistently with everything else and we don't have to add any extra code or wade into trying to expand tilde symbols everywhere.

Copy link
Collaborator

@jsternberg jsternberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Putting a request changes until we have a further discussion on if we want to merge this feature or not.

@tonistiigi tonistiigi removed this from the v0.29.0 milestone Sep 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsternberg jsternberg jsternberg requested changes

@crazy-max crazy-max crazy-max approved these changes

@tonistiigi tonistiigi Awaiting requested review from tonistiigi

Requested changes must be addressed to merge this pull request.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bake doesn't handle tilde expansion

AltStyle によって変換されたページ (->オリジナル) /