Add version override

.github/workflows/release-buildx.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v0.10.0)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false

.github/workflows/release-compose.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v2.15.1)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false
@@ -33,6 +37,7 @@ jobs:
       name: compose
       release: ${{ inputs.release }}
       envs: |
+        PKG_VERSION=${{ inputs.version }}
         PKG_REPO=${{ inputs.repo }}
         PKG_REF=${{ inputs.ref }}
     secrets: inherit

.github/workflows/release-containerd.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v1.6.15)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false
@@ -33,6 +37,7 @@ jobs:
       name: containerd
       release: ${{ inputs.release }}
       envs: |
+        PKG_VERSION=${{ inputs.version }}
         PKG_REPO=${{ inputs.repo }}
         PKG_REF=${{ inputs.ref }}
     secrets: inherit

.github/workflows/release-credential-helpers.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v1.7.0)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false
@@ -33,6 +37,7 @@ jobs:
       name: credential-helpers
       release: ${{ inputs.release }}
       envs: |
+        PKG_VERSION=${{ inputs.version }}
         PKG_REPO=${{ inputs.repo }}
         PKG_REF=${{ inputs.ref }}
     secrets: inherit

.github/workflows/release-docker-cli.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v23.0.0)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false
@@ -33,6 +37,7 @@ jobs:
       name: docker-cli
       release: ${{ inputs.release }}
       envs: |
+        PKG_VERSION=${{ inputs.version }}
         PKG_REPO=${{ inputs.repo }}
         PKG_REF=${{ inputs.ref }}
     secrets: inherit

.github/workflows/release-docker-engine.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v23.0.0)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false
@@ -33,6 +37,7 @@ jobs:
       name: docker-engine
       release: ${{ inputs.release }}
       envs: |
+        PKG_VERSION=${{ inputs.version }}
         PKG_REPO=${{ inputs.repo }}
         PKG_REF=${{ inputs.ref }}
     secrets: inherit

.github/workflows/release-model.yml

@@ -11,6 +11,10 @@ on:
         description: 'Ref (e.g. v0.1.30)'
         required: true
         type: string
+      version:
+        description: 'Override default version'
+        required: false
+        type: string
       repo:
         description: 'Override default repo'
         required: false
@@ -33,6 +37,7 @@ jobs:
       name: model
       release: ${{ inputs.release }}
       envs: |
+        PKG_VERSION=${{ inputs.version }}
         PKG_REPO=${{ inputs.repo }}
         PKG_REF=${{ inputs.ref }}
     secrets: inherit

docker-bake.hcl

@@ -129,6 +129,11 @@ variable "PKG_RPM_RELEASE" {
   default = null
 }
 
+variable "PKG_VERSION" {
+  description = "Version of the package to build."
+  default = null
+}
+
 variable "NIGHTLY_BUILD" {
   description = "Set to 1 to enforce nightly build."
   default = null
@@ -491,6 +496,7 @@ target "_pkg-buildx" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.24.7" # https://github.com/docker/buildx/blob/0c747263ef1426f5fa217fcdb616eddf33da6c2d/Dockerfile#L3
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -502,6 +508,7 @@ target "_pkg-compose" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.23.12" # https://github.com/docker/compose/blob/c2cb0aef6bbbe1afc8c9e81267621655ac90c5f6/Dockerfile#L18
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -513,6 +520,7 @@ target "_pkg-containerd" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.24.7" # https://github.com/containerd/containerd/blame/822fb144732946f2a6f7998bfe748ed175674ade/.github/workflows/release.yml#L16
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -524,6 +532,7 @@ target "_pkg-credential-helpers" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.23.12" # https://github.com/docker/docker-credential-helpers/blob/f9d3010165b642df37215b1be945552f2c6f0e3b/Dockerfile#L3
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -535,6 +544,7 @@ target "_pkg-docker-cli" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.24.7" # https://github.com/docker/cli/blob/d16defd9e237a02e4e8b8710d9ce4a15472e60c8/Dockerfile#L11
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -546,6 +556,7 @@ target "_pkg-docker-engine" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.24.7" # https://github.com/moby/moby/blob/4b978319922166bab9116b3e60e716a62b9cf130/Dockerfile#L3
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -557,6 +568,7 @@ target "_pkg-model" {
     GO_VERSION = GO_VERSION != null && GO_VERSION != "" ? GO_VERSION : "1.24.7" # https://github.com/docker/model-cli/blob/301126afc8ef4b8330de56db5d2889ddbc978022/Dockerfile#L3
     GO_IMAGE_VARIANT = GO_IMAGE_VARIANT != null && GO_IMAGE_VARIANT != "" ? GO_IMAGE_VARIANT : "bookworm"
     PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : "5"
+    PKG_VERSION = PKG_VERSION != null ? PKG_VERSION : ""
   }
 }
 
@@ -603,6 +615,7 @@ target "_common" {
     PKG_DEB_EPOCH = PKG_DEB_EPOCH
     PKG_RPM_BUILDFLAGS = PKG_RPM_BUILDFLAGS
     PKG_RPM_RELEASE = PKG_RPM_RELEASE
+    PKG_VERSION = PKG_VERSION
   }
 }
 

hack/scripts/gen-ver.sh

@@ -20,10 +20,15 @@ if [ -z "$srcdir" ]; then
   exit 1
 fi
 
-version=$(git -C "${srcdir}" describe --match 'v[0-9]*' --always --tags)
 commit="$(git --git-dir "${srcdir}/.git" rev-parse HEAD)"
 commitShort=${commit:0:7}
 
+if [ -n "$PKG_VERSION" ]; then
+  version="$PKG_VERSION"
+else
+  version=$(git -C "${srcdir}" describe --match 'v[0-9]*' --always --tags)
+fi
+
 # rpm "Release:" field ($rpmRelease) is used to set the "_release" macro, which
 # is an incremental number for builds of the same release (Version: / #rpmVersion).
 #
@@ -55,25 +60,27 @@ commitShort=${commit:0:7}
 # Docker 22.06.0-dev:     version=0.0.0~YYYYMMDDHHMMSS.gitHASH, release=0
 rpmRelease=1
 
-# if NIGHTLY_BUILD=1, or we have a "-dev" suffix or a commit not pointing to a
-# tag, this is a nightly build, and we'll create a pseudo version based on
-# commit-date and -sha.
-if [[ "$NIGHTLY_BUILD" == "1" ]] || [[ "$version" == *-dev ]] || [[ -z "$(git -C "${srcdir}" tag --points-at HEAD --sort -version:refname)" ]]; then
-  # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
-  #
-  # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefa,
-  # where the time is the commit time in UTC and the final suffix is the prefix
-  # of the commit hash. The time portion ensures that two pseudo-versions can
-  # be compared to determine which happened later, the commit hash identifes
-  # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
-  # as a pre-release before version v0.0.0, so that the go command prefers any
-  # tagged release over any pseudo-version.
-  gitUnix="$(git --git-dir "${srcdir}/.git" log -1 --pretty='%ct')"
-  gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
-  # generated version is now something like 'v0.0.0-20180719213702-cd5e2db'
-  version="v0.0.0-${gitDate}-${commitShort}" # (using hyphens)
-  pkgVersion="v0.0.0~${gitDate}.${commitShort}"  # (using tilde and periods)
-  rpmRelease=0
+if [ -z "$PKG_VERSION" ]; then
+  # if NIGHTLY_BUILD=1, or we have a "-dev" suffix or a commit not pointing to a
+  # tag, this is a nightly build, and we'll create a pseudo version based on
+  # commit-date and -sha.
+  if [[ "$NIGHTLY_BUILD" == "1" ]] || [[ "$version" == *-dev ]] || [[ -z "$(git -C "${srcdir}" tag --points-at HEAD --sort -version:refname)" ]]; then
+    # based on golang's pseudo-version: https://groups.google.com/forum/#!topic/golang-dev/a5PqQuBljF4
+    #
+    # using a "pseudo-version" of the form v0.0.0-yyyymmddhhmmss-abcdefa,
+    # where the time is the commit time in UTC and the final suffix is the prefix
+    # of the commit hash. The time portion ensures that two pseudo-versions can
+    # be compared to determine which happened later, the commit hash identifes
+    # the underlying commit, and the v0.0.0- prefix identifies the pseudo-version
+    # as a pre-release before version v0.0.0, so that the go command prefers any
+    # tagged release over any pseudo-version.
+    gitUnix="$(git --git-dir "${srcdir}/.git" log -1 --pretty='%ct')"
+    gitDate="$(TZ=UTC date -u --date "@$gitUnix" +'%Y%m%d%H%M%S')"
+    # generated version is now something like 'v0.0.0-20180719213702-cd5e2db'
+    version="v0.0.0-${gitDate}-${commitShort}" # (using hyphens)
+    pkgVersion="v0.0.0~${gitDate}.${commitShort}"  # (using tilde and periods)
+    rpmRelease=0
+  fi
 fi
 
 # deb and rpm packages require a tilde (~) instead of a hyphen (-) as separator

pkg/buildx/Dockerfile

@@ -62,6 +62,7 @@ RUN --mount=from=src,source=/src,target=/buildx \
 FROM src-base AS metadata-builder
 ARG PKG_REPO
 ARG PKG_REF
+ARG PKG_VERSION
 ARG NIGHTLY_BUILD
 RUN --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
     --mount=type=bind,from=src,source=/src,target=/src <<EOT
@@ -107,6 +108,7 @@ ARG PKG_PACKAGER
 ARG PKG_DEB_BUILDFLAGS
 ARG PKG_DEB_REVISION
 ARG PKG_DEB_EPOCH
+ARG PKG_VERSION
 ARG SOURCE_DATE_EPOCH
 RUN --mount=type=bind,source=scripts/pkg-deb-build.sh,target=/usr/local/bin/pkg-deb-build \
     --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
@@ -144,6 +146,7 @@ ARG PKG_REF
 ARG PKG_PACKAGER
 ARG PKG_RPM_BUILDFLAGS
 ARG PKG_RPM_RELEASE
+ARG PKG_VERSION
 ARG SOURCE_DATE_EPOCH
 RUN --mount=type=bind,source=scripts/pkg-rpm-build.sh,target=/usr/local/bin/pkg-rpm-build \
     --mount=type=bind,from=scripts,source=gen-ver.sh,target=/usr/local/bin/gen-ver \
@@ -167,6 +170,7 @@ ENV CGO_ENABLED="0"
 ARG NIGHTLY_BUILD
 ARG PKG_NAME
 ARG PKG_REF
+ARG PKG_VERSION
 WORKDIR /build
 ARG TARGETPLATFORM
 RUN --mount=type=bind,source=scripts/pkg-static-build.sh,target=/usr/local/bin/pkg-static-build \

pkg/buildx/verify.Dockerfile

@@ -15,6 +15,7 @@
 # limitations under the License.
 
 ARG XX_VERSION="1.6.1"
+ARG PKG_VERSION
 
 ARG DISTRO_TYPE="deb"
 ARG DISTRO_IMAGE="debian:bookworm"
@@ -34,6 +35,7 @@ ARG DISTRO_RELEASE
 ARG DISTRO_ID
 ARG DISTRO_SUITE
 ARG TARGETPLATFORM
+ARG PKG_VERSION
 RUN --mount=from=bin,target=/build <<EOT
   set -e
   targetplatform=$(xx-info os)_$(xx-info arch)
@@ -53,7 +55,16 @@ RUN --mount=from=bin,target=/build <<EOT
     )
   done
   set -x
-  /usr/libexec/docker/cli-plugins/docker-buildx version
+  actual_version=$(/usr/libexec/docker/cli-plugins/docker-buildx version | awk '{print $2}' | sed 's/^v//')
+  echo "Detected version: $actual_version"
+  if [ -n "$PKG_VERSION" ]; then
+    expected_version=$(echo "$PKG_VERSION" | sed 's/^v//')
+    if [ "$actual_version" != "$expected_version" ]; then
+      echo "ERROR: Version mismatch! Expected: $expected_version, Got: $actual_version"
+      exit 1
+    fi
+    echo "SUCCESS: Version verification passed"
+  fi
 EOT
 
 FROM base AS verify-rpm
@@ -62,6 +73,7 @@ ARG DISTRO_NAME
 ARG DISTRO_RELEASE
 ARG DISTRO_ID
 ARG DISTRO_SUITE
+ARG PKG_VERSION
 RUN --mount=type=bind,from=scripts,source=verify-rpm-init.sh,target=/usr/local/bin/verify-rpm-init \
   verify-rpm-init $DISTRO_NAME
 ARG TARGETPLATFORM
@@ -84,7 +96,16 @@ RUN --mount=from=bin,target=/build <<EOT
     )
   done
   set -x
-  /usr/libexec/docker/cli-plugins/docker-buildx version
+  actual_version=$(/usr/libexec/docker/cli-plugins/docker-buildx version | awk '{print $2}' | sed 's/^v//')
+  echo "Detected version: $actual_version"
+  if [ -n "$PKG_VERSION" ]; then
+    expected_version=$(echo "$PKG_VERSION" | sed 's/^v//')
+    if [ "$actual_version" != "$expected_version" ]; then
+      echo "ERROR: Version mismatch! Expected: $expected_version, Got: $actual_version"
+      exit 1
+    fi
+    echo "SUCCESS: Version verification passed"
+  fi
 EOT
 
 FROM base AS verify-static
@@ -94,6 +115,7 @@ ARG DISTRO_RELEASE
 ARG DISTRO_ID
 ARG DISTRO_SUITE
 ARG TARGETPLATFORM
+ARG PKG_VERSION
 RUN --mount=from=bin,target=/build <<EOT
   set -e
   targetplatform=$(xx-info os)_$(xx-info arch)
@@ -112,7 +134,16 @@ RUN --mount=from=bin,target=/build <<EOT
     )
   done
   set -x
-  docker-buildx version
+  actual_version=$(docker-buildx version | awk '{print $2}' | sed 's/^v//')
+  echo "Detected version: $actual_version"
+  if [ -n "$PKG_VERSION" ]; then
+    expected_version=$(echo "$PKG_VERSION" | sed 's/^v//')
+    if [ "$actual_version" != "$expected_version" ]; then
+      echo "ERROR: Version mismatch! Expected: $expected_version, Got: $actual_version"
+      exit 1
+    fi
+    echo "SUCCESS: Version verification passed"
+  fi
 EOT
 
 FROM verify-${DISTRO_TYPE}