docker
diff --git a/‎driver/docker-container/driver.go‎
Lines changed: 27 additions & 14 deletions b/‎driver/docker-container/driver.go‎
Lines changed: 27 additions & 14 deletions
diff --git a/‎driver/docker-container/factory.go‎
Lines changed: 9 additions & 3 deletions b/‎driver/docker-container/factory.go‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎tests/create.go‎
Lines changed: 30 additions & 0 deletions b/‎tests/create.go‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎util/ghutil/fixtures/ghactx_pr.env‎
Lines changed: 106 additions & 0 deletions b/‎util/ghutil/fixtures/ghactx_pr.env‎
Lines changed: 106 additions & 0 deletions
@@ -16,6 +16,7 @@ import (
 	"github.com/docker/buildx/driver"
 	"github.com/docker/buildx/driver/bkimage"
 	"github.com/docker/buildx/util/confutil"
+	"github.com/docker/buildx/util/ghutil"
 	"github.com/docker/buildx/util/imagetools"
 	"github.com/docker/buildx/util/progress"
 	"github.com/docker/cli/cli/context/docker"
@@ -43,20 +44,21 @@ type Driver struct {
 
 	// if you add fields, remember to update docs:
 	// https://github.com/docker/docs/blob/main/content/build/drivers/docker-container.md
-	netMode       string
-	image         string
-	memory        opts.MemBytes
-	memorySwap    opts.MemSwapBytes
-	cpuQuota      int64
-	cpuPeriod     int64
-	cpuShares     int64
-	cpusetCpus    string
-	cpusetMems    string
-	cgroupParent  string
-	restartPolicy container.RestartPolicy
-	env           []string
-	defaultLoad   bool
-	gpus          []container.DeviceRequest
+	netMode            string
+	image              string
+	memory             opts.MemBytes
+	memorySwap         opts.MemSwapBytes
+	cpuQuota           int64
+	cpuPeriod          int64
+	cpuShares          int64
+	cpusetCpus         string
+	cpusetMems         string
+	cgroupParent       string
+	restartPolicy      container.RestartPolicy
+	env                []string
+	defaultLoad        bool
+	gpus               []container.DeviceRequest
+	writeProvenanceGHA bool
 }
 
 func (d *Driver) IsMobyDriver() bool {
@@ -137,6 +139,17 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error {
 			},
 		}
 
+		if d.writeProvenanceGHA {
+			if ghactx, err := ghutil.GithubActionsContext(); err != nil {
+				return err
+			} else if ghactx != nil {
+				if d.Files == nil {
+					d.Files = make(map[string][]byte)
+				}
+				d.Files["provenance.d/github_actions_context.json"] = ghactx
+			}
+		}
+
 		// Mount WSL libaries if running in WSL environment and Docker context
 		// is a local socket as requesting GPU on container builder creation
 		// is not enough when generating the CDI specification for GPU devices.
 
@@ -47,9 +47,10 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 		return nil, err
 	}
 	d := &Driver{
-		factory:       f,
-		InitConfig:    cfg,
-		restartPolicy: rp,
+		factory:            f,
+		InitConfig:         cfg,
+		restartPolicy:      rp,
+		writeProvenanceGHA: true,
 	}
 	var gpus dockeropts.GpuOpts
 	if err := gpus.Set("all"); err == nil {
@@ -111,6 +112,11 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver
 				return nil, errors.Errorf("invalid env option %q, expecting env.FOO=bar", k)
 			}
 			d.env = append(d.env, fmt.Sprintf("%s=%s", envName, v))
+		case k == "provenance-add-gha":
+			d.writeProvenanceGHA, err = strconv.ParseBool(v)
+			if err != nil {
+				return nil, err
+			}
 		default:
 			return nil, errors.Errorf("invalid driver option %s for docker-container driver", k)
 		}
 
@@ -3,6 +3,7 @@ package tests
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 	"testing"
 
@@ -23,6 +24,7 @@ var createTests = []func(t *testing.T, sb integration.Sandbox){
 	testCreateMemoryLimit,
 	testCreateRestartAlways,
 	testCreateRemoteContainer,
+	testCreateWithProvenanceGHA,
 }
 
 func testCreateMemoryLimit(t *testing.T, sb integration.Sandbox) {
@@ -108,3 +110,31 @@ func testCreateRemoteContainer(t *testing.T, sb integration.Sandbox) {
 	}
 	require.Fail(t, "remote builder is not running")
 }
+
+func testCreateWithProvenanceGHA(t *testing.T, sb integration.Sandbox) {
+	if !isDockerContainerWorker(sb) {
+		t.Skip("only testing with docker-container worker")
+	}
+
+	var builderName string
+	t.Cleanup(func() {
+		if builderName == "" {
+			return
+		}
+		out, err := rmCmd(sb, withArgs(builderName))
+		require.NoError(t, err, out)
+	})
+
+	ghep := filepath.Join(t.TempDir(), "event.json")
+	require.NoError(t, os.WriteFile(ghep, []byte(`{"test":{"foo":"bar"}}`), 0644))
+
+	out, err := createCmd(sb,
+		withArgs("--driver", "docker-container"),
+		withEnv("GITHUB_ACTIONS=true", "GITHUB_EVENT_NAME=push", "GITHUB_EVENT_PATH="+ghep),
+	)
+	require.NoError(t, err, out)
+	builderName = strings.TrimSpace(out)
+
+	out, err = inspectCmd(sb, withArgs(builderName, "--bootstrap"))
+	require.NoError(t, err, out)
+}
@@ -0,0 +1,106 @@
+ACCEPT_EULA=Y
+ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE=/opt/actionarchivecache
+AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
+ANDROID_HOME=/usr/local/lib/android/sdk
+ANDROID_NDK=/usr/local/lib/android/sdk/ndk/27.3.13750724
+ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk/27.3.13750724
+ANDROID_NDK_LATEST_HOME=/usr/local/lib/android/sdk/ndk/28.2.13676358
+ANDROID_NDK_ROOT=/usr/local/lib/android/sdk/ndk/27.3.13750724
+ANDROID_SDK_ROOT=/usr/local/lib/android/sdk
+ANT_HOME=/usr/share/ant
+AZURE_EXTENSION_DIR=/opt/az/azcliextensions
+BOOTSTRAP_HASKELL_NONINTERACTIVE=1
+CHROMEWEBDRIVER=/usr/local/share/chromedriver-linux64
+CHROME_BIN=/usr/bin/google-chrome
+CI=true
+CONDA=/usr/share/miniconda
+DEBIAN_FRONTEND=noninteractive
+DOTNET_MULTILEVEL_LOOKUP=0
+DOTNET_NOLOGO=1
+DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1
+EDGEWEBDRIVER=/usr/local/share/edge_driver
+ENABLE_RUNNER_TRACING=true
+GECKOWEBDRIVER=/usr/local/share/gecko_driver
+GHCUP_INSTALL_BASE_PREFIX=/usr/local
+GITHUB_ACTION=__run
+GITHUB_ACTIONS=true
+GITHUB_ACTION_REF=
+GITHUB_ACTION_REPOSITORY=
+GITHUB_ACTOR=crazy-max
+GITHUB_ACTOR_ID=1951866
+GITHUB_API_URL=https://api.github.com
+GITHUB_BASE_REF=master
+GITHUB_ENV=/home/runner/work/_temp/_runner_file_commands/set_env_33a5ccf0-43cf-4794-91bc-98abed829158
+GITHUB_EVENT_NAME=pull_request
+GITHUB_EVENT_PATH=./fixtures/ghactx_pr_event.json
+GITHUB_GRAPHQL_URL=https://api.github.com/graphql
+GITHUB_HEAD_REF=ghutil
+GITHUB_JOB=ghutil
+GITHUB_OUTPUT=/home/runner/work/_temp/_runner_file_commands/set_output_33a5ccf0-43cf-4794-91bc-98abed829158
+GITHUB_PATH=/home/runner/work/_temp/_runner_file_commands/add_path_33a5ccf0-43cf-4794-91bc-98abed829158
+GITHUB_REF=refs/pull/55/merge
+GITHUB_REF_NAME=55/merge
+GITHUB_REF_PROTECTED=false
+GITHUB_REF_TYPE=branch
+GITHUB_REPOSITORY=docker/test-docker-action
+GITHUB_REPOSITORY_ID=285789493
+GITHUB_REPOSITORY_OWNER=docker
+GITHUB_REPOSITORY_OWNER_ID=5429470
+GITHUB_RETENTION_DAYS=90
+GITHUB_RUN_ATTEMPT=1
+GITHUB_RUN_ID=18774179609
+GITHUB_RUN_NUMBER=2
+GITHUB_SERVER_URL=https://github.com
+GITHUB_SHA=198c644a687204e604c8476ad23d7d5bbb0dc221
+GITHUB_STATE=/home/runner/work/_temp/_runner_file_commands/save_state_33a5ccf0-43cf-4794-91bc-98abed829158
+GITHUB_STEP_SUMMARY=/home/runner/work/_temp/_runner_file_commands/step_summary_33a5ccf0-43cf-4794-91bc-98abed829158
+GITHUB_TRIGGERING_ACTOR=crazy-max
+GITHUB_WORKFLOW=ghutil
+GITHUB_WORKFLOW_REF=docker/test-docker-action/.github/workflows/ghutil.yml@refs/pull/55/merge
+GITHUB_WORKFLOW_SHA=198c644a687204e604c8476ad23d7d5bbb0dc221
+GITHUB_WORKSPACE=/home/runner/work/test-docker-action/test-docker-action
+GOROOT_1_22_X64=/opt/hostedtoolcache/go/1.22.12/x64
+GOROOT_1_23_X64=/opt/hostedtoolcache/go/1.23.12/x64
+GOROOT_1_24_X64=/opt/hostedtoolcache/go/1.24.7/x64
+GRADLE_HOME=/usr/share/gradle-9.1.0
+HOME=/home/runner
+HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS=3650
+HOMEBREW_NO_AUTO_UPDATE=1
+INVOCATION_ID=d3fd0f4a6372458dbf53aa6d6abd62b0
+ImageOS=ubuntu24
+ImageVersion=20250929.60.1
+JAVA_HOME=/usr/lib/jvm/temurin-17-jdk-amd64
+JAVA_HOME_11_X64=/usr/lib/jvm/temurin-11-jdk-amd64
+JAVA_HOME_17_X64=/usr/lib/jvm/temurin-17-jdk-amd64
+JAVA_HOME_21_X64=/usr/lib/jvm/temurin-21-jdk-amd64
+JAVA_HOME_25_X64=/usr/lib/jvm/temurin-25-jdk-amd64
+JAVA_HOME_8_X64=/usr/lib/jvm/temurin-8-jdk-amd64
+JOURNAL_STREAM=9:12643
+LANG=C.UTF-8
+LOGNAME=runner
+MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/hosted-compute-agent.service/memory.pressure
+MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
+NVM_DIR=/home/runner/.nvm
+PATH=/snap/bin:/home/runner/.local/bin:/opt/pipx_bin:/home/runner/.cargo/bin:/home/runner/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/runner/.dotnet/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
+PIPX_BIN_DIR=/opt/pipx_bin
+PIPX_HOME=/opt/pipx
+POWERSHELL_DISTRIBUTION_CHANNEL=GitHub-Actions-ubuntu24
+RUNNER_ARCH=X64
+RUNNER_ENVIRONMENT=github-hosted
+RUNNER_NAME=GitHub Actions 1002237010
+RUNNER_OS=Linux
+RUNNER_TEMP=/home/runner/work/_temp
+RUNNER_TOOL_CACHE=/opt/hostedtoolcache
+RUNNER_TRACKING_ID=github_aef5ac41-9cf7-4195-9da9-851d8b29e68e
+RUNNER_WORKSPACE=/home/runner/work/test-docker-action
+SELENIUM_JAR_PATH=/usr/share/java/selenium-server.jar
+SGX_AESM_ADDR=1
+SHELL=/bin/bash
+SHLVL=1
+SWIFT_PATH=/usr/share/swift/usr/bin
+SYSTEMD_EXEC_PID=1762
+USER=runner
+VCPKG_INSTALLATION_ROOT=/usr/local/share/vcpkg
+XDG_CONFIG_HOME=/home/runner/.config
+XDG_RUNTIME_DIR=/run/user/1001
+_=/usr/bin/env