Docker has announced the general availability of Docker Bake, a build orchestration tool designed to simplify complex Docker image builds. The Bake functionality has been in an experimental phase for several years, and it aims to address common challenges in managing Docker build configurations by declaratively defining build stages and deployment environments.
Docker Bake is part of the newly released Docker Desktop 4.38, and is also available in the Docker Buildx CLI Plugin. Docker Bake functions similarly to Docker Compose but focuses on build processes rather than runtime environments. It replaces traditional methods of managing multiple docker build commands requiring different flags and environment variables, often needing tedious repetition to build multiple images or images for various environments. Historically, these would usually have been shell scripts written ad-hoc by engineers. Now, with Docker Bake, engineers can write portable code using HCL, YAML or JSON to describe those flags and environment variables.
Docker Bake also introduces several key features aimed at improving build efficiency. These include automatically parallelising independent builds and eliminating redundant operations by deduplicating contexts and intelligent caching. These optimisations benefit teams working with monorepos or managing multiple related Docker images from a single source repository.
There have been a number of improvements to Docker Bake added in the run-up to general availability:
- The deduplication of context transfers is a significant addition in the general availability release. Previously, when building targets concurrently, build contexts would load independently for each target, potentially leading to the same context being transferred multiple times. The new version automatically handles this deduplication, potentially reducing build times.
- Security is also improved by introducing entitlements, which provide fine-grained control over builder capabilities and resource access during the build process. The system now includes specific flags for controlling access to host networking, sandbox environments, file systems, and SSH agents.
- Docker Bake now supports composable attributes for configuration management, allowing engineers to define reusable attribute sets that can be combined and overridden across different targets. This is an improvement over the previous harder-to-use implementation, which used comma-separated values.
- The release also introduces variable validation capabilities similar to those found in Terraform. This feature helps developers identify and resolve configuration errors early in the development process. Developers can now define multiple validation rules for variables and create dependencies between different variables.
- Docker has added a new list option to improve usability that allows developers to quickly query available targets and variables in a Bake configuration. This information can be output in both standard and JSON formats for programmatic access.
The tool appears particularly valuable for organisations managing complex build configurations across multiple platforms and environments. It provides native compatibility with existing docker-compose.yml files, allowing teams to gradually adopt its advanced features while maintaining their current workflows.
Docker Bake also integrates with Docker Build Cloud, potentially enabling faster build times by parallelising matrix builds across cloud infrastructure. This capability could be particularly beneficial for remote teams and developers working with limited local computing resources.
In a blog post for Chainguard, Adrian Mouat provides a practical perspective on Docker Bake, highlighting its role as an alternative to managing Docker builds through shell scripts or Makefiles. Mouat demonstrates how a complex Docker build command can be transformed into a structured configuration file using HashiCorp Configuration Language (HCL), YAML, or JSON.
target "default" {
tags = ["amouat/multi-plat-test"]
platforms = [
"linux/amd64",
"linux/arm64",
]
output = ["type=registry"]
no-cache = true
dockerfile = "cross.Dockerfile"
context = "."
}
Mouat includes a detailed example of using Bake with Chainguard Images, showing how inheritance between build targets can reduce code duplication. For instance, a single configuration can define separate targets for development builds, multi-platform builds, and registry pushes, with each target inheriting and extending the properties of its predecessor.
“The most basic functionality of Docker Bake is to codify Docker builds, which can be done quickly and easily.”
– Adrian Mouat
Mouat continues by explaining how variables can be used to make configurations more flexible, such as changing registry destinations at runtime. He concludes that Bake is really useful in scenarios involving multi-stage builds and cross-platform development.
In a post on BlueSky, Mazlum Tosun from GroupBees shows his first experience with a Bake project.
“With Bake, the syntax become more easy and readable than classical Docker build commands”
– Mazlum Tosun
However, some commentators are critical of Docker’s claims of removing complexity of flags and environment variables by shifting these into HCL.
“as far as I can tell, all those flags and environment variables are still there, they’re just now defined even more verbosely in an HCL file…”
– Hacker News user lopkeny12ko
But others are already making significant gains, with user miiiiiike explaining how the new Bake contexts functionality has allowed him to retire a self-written tool to manage complex build dependencies:
“I’ve been playing with it for the past hour this morning. It looks like it does everything I want it to do and more.”
– Hacker News user miiiiiike
Organisations interested in implementing Docker Bake can access it by updating Docker Desktop to version 4.38, or by running the latest version of the Docker Buildx CLI plugin. Full documentation is available for teams looking to create their first Bake file and explore the tool’s capabilities.
