Docker Bake Now Stable: A Declarative Alternative for Build Management

Docker Bake is now officially ready for production use.

This declarative configuration management tool for builds has spent several years in its experimental phase. Integrated into the Buildx engine, it offers an alternative to using the docker build command, particularly in complex deployments.

Docker Bake supports three file formats: HCL (HashiCorp Configuration Language), JSON, and YAML. Targets are its basic unit. They contain the information that would otherwise be conveyed via flags in the docker build command.

These targets can be grouped and inherit from one another. The HCL format also allows evaluating expressions and using functions to manipulate values beyond simple concatenation and interpolation. The concept of a build matrix helps to construct, in a single command, multiple variants of an image.

Composable attributes and finer-grained access control

Among the latest features is the deduplication of redundant transfers when several targets share a context. There is also a noticeable alignment with docker build when it comes to controlling privileged operations (running without a sandbox, exposing the SSH agent, granting read and/or write access to files outside the working directory, etc.). Other enhancements include composable attributes (defined as structured objects rather than CSV), variable validation (modeled after Terraform), and a -list option to ease the discovery of targets and variables.

For additional reading, a recap from Believe, where the platform team uses Docker Bake to provide developers with variants of its base images (CLI, FPM, with or without Composer…).