Skip to content

Enable Windows support for BuildKit integration tests #6230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Enable Windows support for BuildKit integration tests #6230

wants to merge 1 commit into from
+454 −151

Conversation

rzlink
Copy link

@rzlink rzlink commented Sep 19, 2025

This PR adds comprehensive Windows container support to BuildKit's integration test suite, enabling cross-platform testing while maintaining full Linux compatibility.

Changes

  • Updated 35+ integration tests to work on both Windows and Linux
  • Uses integration.UnixOrWindows() pattern for platform-specific logic
  • Windows: nanoserver images, cmd.exe commands, C:\ paths, CRLF handling
  • Linux: preserves existing alpine/busybox images and bash/sh commands
  • Added platform-specific adaptations for cache, export, frontend, and CLI tests

Tests requiring POSIX features (uid/gid, tmpfs, file modes) remain Linux-only.

Enable Windows support for BuildKit integration tests
8e616fb 
This PR adds comprehensive Windows container support to BuildKit's integration test suite,
enabling cross-platform testing while maintaining full Linux compatibility.

## Changes
- Updated 35+ integration tests to work on both Windows and Linux
- Uses integration.UnixOrWindows() pattern for platform-specific logic
- Windows: nanoserver images, cmd.exe commands, C:\ paths, CRLF handling
- Linux: preserves existing alpine/busybox images and bash/sh commands
- Added platform-specific adaptations for cache, export, frontend, and CLI tests

## Impact
- Files: 12 modified (+454/-151 lines)
- Coverage: Major test categories now cross-platform compatible
- Compatibility: 100% backward compatible, no breaking changes
- CI: Enables Windows testing in BuildKit pipeline

## Tests Enhanced
- Cache import/export (local, registry, multiple backends)
- Image exporters (containerd, OCI, tar, metadata)
- Dockerfile frontend parsing and builds
- buildctl CLI functionality
- Multi-stage builds and named contexts

Tests requiring POSIX features (uid/gid, tmpfs, file modes) remain Linux-only.
@rzlink
Copy link
Author

rzlink commented Sep 20, 2025
edited
Loading

Summary

  • Total Tests: 115 (currently skipped) + 14 (CI-failing) + 32 (fixed) = 161 total
  • Linux-Only Concept: 76
  • Command Complexity: 35
  • Conversion Issues: 2
  • Flaky on Windows: 2
  • Other Reasons: 0
  • Tests Fixed: 32 (12 unnecessary skips, 20 source code fixes)
  • CI-Failing Tests: 14 (work locally but fail in GitHub Actions)

Test Status Table

Test Name File Path Skip Reason Detailed Reason Test Category BuildKit Feature Windows Feasible Priority Effort Estimate
testCDI client/client_cdi_test.go Linux-Only Concept CDI (Container Device Interface) uses Linux-specific device access patterns (/dev/ files, Unix permissions). Windows containers use different isolation models and device driver interfaces. Container Runtime CDI Device Interface No Not Planned Very High
testCDINotAllowed client/client_cdi_test.go Linux-Only Concept CDI specification designed for Linux OCI runtimes. Windows container device access fundamentally different (Windows Driver Model vs Unix device nodes). Container Runtime CDI Device Interface No Not Planned Very High
testCDIEntitlement client/client_cdi_test.go Linux-Only Concept Tests device entitlements using Linux container runtime assumptions. Windows containers require different privilege/entitlement models for device access. Security/Permissions CDI Device Interface No Not Planned Very High
testCDIFirst client/client_cdi_test.go Linux-Only Concept CDI device injection assumes Linux-style device mounting and busybox container environment. Windows lacks equivalent CDI implementation. Container Runtime CDI Device Interface No Not Planned Very High
testCDIWildcard client/client_cdi_test.go Linux-Only Concept Tests CDI wildcard device matching using Linux device enumeration patterns. Windows device discovery and matching works differently. Container Runtime CDI Device Interface No Not Planned Very High
testCDIClass client/client_cdi_test.go Linux-Only Concept Tests CDI device class handling specific to Linux container runtimes. Windows would need separate CDI implementation for device classification. Container Runtime CDI Device Interface No Not Planned Very High
testAddGitSHA1 frontend/dockerfile/dockerfile_addgit_test.go Command Complexity Uses Alpine base image with apk add git and Linux shell commands. Requires Windows base images, Git for Windows installation, and PowerShell/cmd syntax conversion. Build Process Dockerfile ADD Git Yes Medium High
testAddGitSHA256 frontend/dockerfile/dockerfile_addgit_test.go Command Complexity Git checksum validation using Linux commands and Alpine package manager. Needs Windows container with Git, PowerShell commands, and Windows file permission handling. Build Process Dockerfile ADD Git Yes Medium High
testAddGitChecksumCache frontend/dockerfile/dockerfile_addgit_test.go Command Complexity Git repository caching with Linux-style paths and bash commands. Requires Windows Git installation, PowerShell syntax, and Windows path handling adaptations. Build Process Dockerfile ADD Git Yes Medium High
testGitQueryString frontend/dockerfile/dockerfile_addgit_test.go Command Complexity Git URL query string handling using Alpine + bash. Needs Windows base image, Git for Windows, and PowerShell command conversion for git operations. Build Process Dockerfile ADD Git Yes Medium High
testRunGlobalNetwork frontend/dockerfile/dockerfile_runnetwork_test.go Linux-Only Concept Tests network isolation using busybox + netcat (nc) commands. Windows containers have different networking architecture and lack netcat. Network entitlements work differently on Windows. Network/Registry RUN Network Modes No Low Very High
testSecretFileParams frontend/dockerfile/dockerfile_secrets_test.go Command Complexity Tests secret mounting with busybox + Unix file permission commands (stat -c, uid/gid/mode). Windows containers don't have stat command or Unix-style file permissions. Security/Permissions Secret Mounts Yes High High
testSecretRequiredWithoutValue frontend/dockerfile/dockerfile_secrets_test.go Command Complexity Basic secret mount error testing with busybox. Simpler than other secret tests but still uses Linux container and shell syntax. Security/Permissions Secret Mounts Yes High Medium
testSecretAsEnviron frontend/dockerfile/dockerfile_secrets_test.go Command Complexity Tests secret as environment variable with busybox + bash test syntax. Uses /run/secrets path and Linux shell operators that need PowerShell conversion. Security/Permissions Secret Mounts Yes High High
testSecretAsEnvironWithFileMount frontend/dockerfile/dockerfile_secrets_test.go Command Complexity Tests combined secret file + environment mounting with busybox + bash. Uses /run/secrets paths and Linux test operators requiring Windows command conversion. Security/Permissions Secret Mounts Yes High High
testChmodNonOctal frontend/dockerfile/dockerfile_chmod_non_octal_test.go Linux-Only Concept Tests COPY --chmod with symbolic permission modes (e.g., u+rwx, g-w) which are POSIX-specific. Windows has fundamentally different permission model and doesn't support symbolic chmod modes. File System COPY --chmod No Not Planned Very High
testMountTmpfs frontend/dockerfile/dockerfile_mount_test.go Linux-Only Concept Tests tmpfs (temporary filesystem) mounting which is a Linux kernel feature for RAM-based filesystems. Windows has no equivalent tmpfs concept or implementation. File System RUN Mount tmpfs No Not Planned Very High
testMountTmpfsSize frontend/dockerfile/dockerfile_mount_test.go Linux-Only Concept Tests tmpfs size limits, another Linux kernel-specific feature. Windows containers use different memory management and have no tmpfs equivalent for temporary RAM filesystems. File System RUN Mount tmpfs No Not Planned Very High
testCacheMountUser frontend/dockerfile/dockerfile_mount_test.go Linux-Only Concept Tests cache mount with POSIX-specific uid=1001, gid=1002, mode=0751 permissions. Windows containers don't have Unix user/group ID concepts or POSIX file permission modes. Cache Management RUN Mount Cache No Not Planned Very High
testCacheMountParallel frontend/dockerfile/dockerfile_mount_test.go Flaky on Windows Cache mount parallel execution test that works but produces unreliable results on Windows Server 2025. Needs investigation for Windows-specific timing or concurrency issues. Cache Management RUN Mount Cache Yes Low Medium
testSSHSocketParams frontend/dockerfile/dockerfile_ssh_test.go Linux-Only Concept Tests SSH socket mounting with Unix socket file descriptors. Windows containers don't support Unix domain sockets and use different SSH agent communication methods (named pipes). Security/Permissions RUN Mount SSH No Not Planned Very High
testSSHFileDescriptorsClosed frontend/dockerfile/dockerfile_ssh_test.go Linux-Only Concept Tests SSH file descriptor cleanup using Unix socket mechanisms. Windows SSH agent communication doesn't use Unix file descriptors and has different cleanup requirements. Security/Permissions RUN Mount SSH No Not Planned Very High
testOutlineSecrets frontend/dockerfile/dockerfile_outline_test.go Command Complexity Tests frontend outline parsing of secret/SSH mount syntax using busybox/alpine base images and bash commands. Frontend parsing should work on Windows but test uses Linux containers and syntax. Frontend/Dockerfile Frontend Outline Yes Medium Medium
testExcludedFilesOnCopy frontend/dockerfile/exclude_patterns_test.go Command Complexity Tests COPY/ADD --exclude functionality with file pattern exclusions and Git repository setup. Uses complex file operations and git commands that may behave differently on Windows paths and filesystem. Build Process COPY/ADD --exclude Yes High High
testGitProvenanceAttestation frontend/dockerfile/dockerfile_provenance_test.go Linux-Only Concept Tests SLSA provenance with Git working directory bind-mounts. Windows containerd lacks bind-mount support for Git operations, causing path/configuration errors in containers. Security/Permissions SLSA Provenance No Not Planned Very High
testMultiPlatformProvenance frontend/dockerfile/dockerfile_provenance_test.go Linux-Only Concept Tests provenance for multi-architecture builds (linux/amd64, linux/arm64) using busybox. Hardcoded to expect Linux platforms only, no Windows platform support. Build Process SLSA Provenance No Low Very High
testClientFrontendProvenance frontend/dockerfile/dockerfile_provenance_test.go Linux-Only Concept Tests provenance with client frontend using busybox and alpine. Hardcoded to expect Linux platforms and uses Linux-specific container assumptions. Frontend/Dockerfile SLSA Provenance No Low Very High
testSecretSSHProvenance frontend/dockerfile/dockerfile_provenance_test.go Linux-Only Concept Tests provenance for secret and SSH mounts using busybox. Validates SSH mount functionality which is Linux-specific (Unix sockets) and incompatible with Windows. Security/Permissions SLSA Provenance No Not Planned Very High
testOCILayoutProvenance frontend/dockerfile/dockerfile_provenance_test.go Command Complexity Tests SLSA provenance with OCI layout export using scratch base image and registry push operations. OCI layout export is supported on Windows but test uses scratch base image which is Linux-specific. Requires adaptation to use Windows base images and Windows-compatible provenance validation. Build Process SLSA Provenance Yes Medium High
testCommandSourceMapping frontend/dockerfile/dockerfile_provenance_test.go Command Complexity Tests provenance command source mapping using alpine base image. Core provenance functionality should work on Windows but requires Windows container adaptation. Build Process SLSA Provenance Yes Medium High
testDuplicateLayersProvenance frontend/dockerfile/dockerfile_provenance_test.go Command Complexity Tests provenance for duplicate layer detection using busybox. Provenance layer tracking should work on Windows with container adaptation. Build Process SLSA Provenance Yes Medium High
testProvenanceExportLocal frontend/dockerfile/dockerfile_provenance_test.go Command Complexity Tests local provenance export using busybox and scratch. Core export functionality should work on Windows with container/command adaptations. Build Process SLSA Provenance Yes Medium High
testProvenanceExportLocalForceSplit frontend/dockerfile/dockerfile_provenance_test.go Command Complexity Tests forced split provenance export using busybox and scratch. Export splitting logic should work on Windows with container adaptations. Build Process SLSA Provenance Yes Medium High
testProvenanceExportLocalMultiPlatform frontend/dockerfile/dockerfile_provenance_test.go Linux-Only Concept Tests multi-platform local provenance export with hardcoded Linux platform expectations. Platform-specific logic prevents Windows compatibility. Build Process SLSA Provenance No Low Very High
testProvenanceExportLocalMultiPlatformNoSplit frontend/dockerfile/dockerfile_provenance_test.go Linux-Only Concept Tests multi-platform provenance without splitting, hardcoded for Linux platforms. Platform validation logic incompatible with Windows. Build Process SLSA Provenance No Low Very High
testDefaultEnvWithArgs frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests Unix shell parameter expansion in ENV statements (${var#prefix}, ${var:-default}, ${var%%suffix}). Windows cmd.exe and PowerShell don't support these Unix-specific expansions. Frontend/Dockerfile ENV Variable Expansion No Not Planned Very High
testCopyLinkDotDestDir frontend/dockerfile/dockerfile_test.go Command Complexity Tests COPY --link functionality with dot destination directories using diffApply for file validation. diffApply utility requires complex Unix file system comparisons that would need Windows-specific adaptation. Build Process COPY --link Yes Medium High
testCopyLinkEmptyDestDir frontend/dockerfile/dockerfile_test.go Command Complexity Tests COPY --link with empty destination directories using diffApply for directory structure validation. Complex file system validation logic needs Windows-compatible implementation. Build Process COPY --link Yes Medium High
testTarExporterMulti frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests multi-platform TAR export with hardcoded verification for Linux/Darwin platforms (linux/amd64,darwin/amd64). Platform-specific paths like "linux_amd64/forlinux" are hardcoded, excluding Windows platform support. Build Process TAR Export Multi-Platform No Low Very High
testWorkdirSourceDateEpochReproducible frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests reproducible builds with SOURCE_DATE_EPOCH using alpine base image and OCI exporter features. Relies on Linux-specific SOURCE_DATE_EPOCH behavior and OCI export functionality not fully supported on Windows. Build Process Reproducible Builds No Not Planned Very High
testCopyChownExistingDir frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests COPY --chown functionality with complex POSIX ownership validation using busybox, chown commands, and stat -c "%u:%g" for uid:gid verification. Windows containers don't support Unix user/group ownership concepts. File System COPY --chown No Not Planned Very High
testWorkdirCopyIgnoreRelative frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests WORKDIR with COPY --from using scratch base image and relative path handling. Uses scratch base image which is fundamentally Linux-specific - Windows containers require a base layer with Windows runtime components. Build Process Multi-stage Builds No Not Planned Very High
testCopyChownCreateDest frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests COPY --chown with user/group creation using busybox, adduser commands, and stat -c "%U %G" for ownership verification. Windows containers use different user management and don't support Unix-style user/group ownership. File System COPY --chown No Not Planned Very High
testCopySocket frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests COPY of Unix domain sockets using fstest.CreateSocket() and socket file handling. Windows doesn't support Unix domain sockets in the same way - uses named pipes instead for IPC. File System COPY Operations No Not Planned Very High
testDefaultShellAndPath frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests multi-platform builds with hardcoded validation for Linux/Windows shell defaults (/bin/sh vs cmd). While test mentions Windows, it uses scratch base and validates platform-specific defaults that need separate Windows test logic. Build Process Multi-Platform Builds No Low Very High
testExportMultiPlatform frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests multi-platform export with platform-specific file creation (windows/amd64,linux/arm,linux/s390x) but uses scratch base and hardcoded platform combinations. Relies on Linux context and validation logic. Build Process Multi-Platform Builds No Low Very High
testPullScratch frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests pulling and building from scratch base image with registry operations. Scratch is Linux-specific base - Windows containers require actual base layer with Windows runtime components and registry functionality. Build Process Registry Operations No Not Planned Very High
testDockerfileADDFromURL frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ADD instruction with HTTP URL downloads using scratch base image and file validation. Scratch base is Linux-specific and file handling needs Windows container adaptation. Build Process ADD HTTP URLs No Low Very High
testDockerfileAddChownArchive frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ADD --chown with TAR archive extraction using scratch base and TAR header uid/gid validation. Windows containers don't support Unix ownership concepts and scratch base is Linux-specific. File System ADD --chown No Not Planned Very High
testDockerfileAddChownExpand frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ADD --chown with variable expansion using busybox, stat -c "%u %G" commands for ownership verification. Windows containers don't support Unix user/group concepts or stat command syntax. File System ADD --chown No Not Planned Very High
testSymlinkDestination frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ADD/COPY to symlink destinations using scratch base and TAR symlink creation. Windows has different symlink support and scratch base is Linux-specific. File System Symlink Handling No Not Planned Very High
testDockerfileCopyFromArgs frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests COPY --from with variable expansion error handling using scratch base. While test validates error cases, scratch base is fundamentally Linux-specific. Build Process COPY --from No Low Very High
testDockerfileScratchConfig frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests scratch image configuration and environment variables using containerd worker. Scratch image concept is Linux-specific - Windows containers need actual base layers. Build Process Image Configuration No Not Planned Very High
testExportedHistory frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests exported image history with multi-stage builds using busybox and containerd worker validation. Uses Linux container assumptions and containerd-specific image inspection. Build Process Image History No Low Very High
testUser frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests comprehensive USER directive functionality with extensive Unix user/group validation using busybox and commands like id -u, id -g, id -un, id -gn, id -G, id -Gn. Windows containers use fundamentally different user identity models (SIDs vs UIDs). Security/Permissions USER Directive No Not Planned Very High
testUserAdditionalGids frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests USER directive additional group IDs (CVE-2023-25173) using busybox and Unix id command validation. Windows doesn't have Unix group ID concepts - uses different group membership models. Security/Permissions USER Directive No Not Planned Very High
testCopyChown frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests COPY --chown with user/group ownership using busybox and stat -c "%U %G" for ownership validation. Despite comment suggesting Windows compatibility, requires fundamental rewrite from UIDs to SIDs - not simple adaptation. File System COPY --chown No Not Planned Very High
testCopyChmod frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests COPY --chmod with Unix file permissions using busybox and stat -c "%04a" for octal permission validation. Windows file permissions work differently (ACLs vs Unix modes) and don't use octal notation. File System COPY --chmod No Not Planned Very High
testCopyInvalidChmod frontend/dockerfile/dockerfile_test.go Command Complexity Tests COPY --chmod error handling with invalid permission syntax. Core error validation logic should work on Windows but needs adaptation for Windows permission validation instead of Unix octal modes. File System COPY --chmod Yes Medium High
testAddURLChmod frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ADD --chmod with HTTP URL downloads using busybox and stat -c "%%04a" for permission validation. Combines Unix permission concepts with URL downloading that needs Windows permission adaptation. Build Process ADD --chmod No Low Very High
testDockerfileFromGit frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests Dockerfile builds from Git repositories using HTTP server and Git context functionality. BuildKit's git utility (util/gitutil/git_cli.go) hardcodes HOME=/dev/null to disable user gitconfig, but /dev/null is Unix-specific and doesn't exist on Windows. This is a fundamental architectural issue requiring git utility rewrite for Windows compatibility. Build Process Git Context Integration No Not Planned Very High
testOnBuildWithChildStage frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ONBUILD functionality with multi-stage builds and registry operations using busybox base image and extensive Unix shell commands. Uses bash test operators [ -f ], [ ! -f ], Unix commands (mkdir -p, echo -n, touch, rm), and scratch base image. ONBUILD feature itself could work on Windows but test implementation is deeply Unix-dependent. Build Process ONBUILD Multi-Stage No Low Very High
testOnBuildNewDeps frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ONBUILD with cross-stage dependencies using busybox and alpine base images, Unix commands (cat for file processing), and scratch base image. ONBUILD copies /etc/alpine-release from alpine image, processes it with cat command, requires Linux containers and Unix file system paths. Build Process ONBUILD Dependencies No Low Very High
testCacheMultiPlatformImportExport frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests cache import/export across multiple platforms using busybox base image and Unix commands (/dev/urandom, head -c, sha256sum). Hardcoded for linux/amd64,linux/arm/v7 platforms with Linux-specific random data generation and scratch base image. Platform validation assumes Linux-only environments. Cache Management Cache Multi-Platform No Low Very High
testCacheMountModeNoCache frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests cache mount with no-cache mode using busybox base image and Unix commands (touch, ls -l, wc -l) with Unix file permission mode 0773. Validates cache behavior by counting directory entries and relies on Unix-specific file listing and permission concepts. Cache Management Cache Mount No-Cache No Low Very High
testPlatformArgsExplicit frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests platform argument handling with explicit platform targeting using busybox base image and Unix commands (mkdir, echo -n). Hardcoded to darwin/ppc64le platform validation and scratch base image. Platform testing logic assumes non-Windows environments and Linux container execution. Build Process Platform Arguments No Low Very High
testShmSize frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests shared memory size configuration using busybox base image and Linux-specific /dev/shm filesystem mount inspection. Uses mount command to grep /dev/shm and validate shm-size parameter. Windows containers don't have /dev/shm or equivalent shared memory filesystem concept. Container Runtime Shared Memory No Not Planned Very High
testUlimit frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests ulimit (user limits) configuration using busybox base image and Unix ulimit command to query file descriptor limits. Windows doesn't have ulimit concept - uses different resource limit management through Windows APIs and job objects. Container Runtime User Limits No Not Planned Very High
testCgroupParent frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests cgroup parent assignment using alpine base image and Linux cgroup v2 filesystem (/sys/fs/cgroup). Creates cgroup hierarchy, sets pids.max limit, and validates container execution within cgroup constraints. Windows containers use job objects, not cgroups. Container Runtime Cgroup Management No Not Planned Very High
testNamedImageContext frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests named image context functionality using busybox and alpine base images with Unix commands (cat /etc/alpine-release, env grep). Uses scratch base image and bash test operators [ -f ], [ ! -f ]. Complex registry operations with Linux-specific file paths and environment variable processing. Build Process Named Image Context No Low Very High
testNamedMultiplatformInputContext frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests named context with multi-platform input using alpine base image and hardcoded linux/amd64,linux/arm64 platforms. Uses scratch base image and TARGETARCH build arguments specific to Linux architectures. Platform resolution logic assumes Linux-only environments. Build Process Named Multi-Platform Context No Low Very High
testNamedFilteredContext frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests named context with filtering capabilities using alpine and scratch base images. Complex file transfer validation with regex patterns and mount operations. Uses Linux-specific file system operations and scratch base which is Linux-only. Build Process Named Filtered Context No Low Very High
testSourceDateEpochWithoutExporter frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests SOURCE_DATE_EPOCH functionality using scratch base image which is Linux-specific. While OCI exporter is supported on Windows, scratch base images are fundamentally incompatible with Windows containers which require actual base layers with Windows runtime components. Build Process SOURCE_DATE_EPOCH No Not Planned Very High
testSBOMScannerImage frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests SBOM (Software Bill of Materials) scanning using busybox base image and Unix shell script with heredoc syntax. Uses scratch base image and complex bash scripting for SBOM generation. SBOM attestation features may have platform-specific behavior differences on Windows. Security/Permissions SBOM Scanning No Low Very High
testSBOMScannerArgs frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests SBOM scanner with build arguments using busybox and scratch base images. Uses Unix shell commands and heredoc syntax for SBOM generation. SBOM attestation functionality and scanner execution model assumes Linux container environment. Security/Permissions SBOM Scanning No Low Very High
testOCILayoutMultiname frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests OCI layout export with multiple names using scratch base image. While Windows BuildKit does support OCI exporters, scratch base images are fundamentally Linux-specific and incompatible with Windows containers which require actual base layers with Windows runtime components. Build Process OCI Layout Export No Not Planned Very High
testReproSourceDateEpoch frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests reproducible builds with SOURCE_DATE_EPOCH using busybox base image and OCI exporter. Explicitly targets Linux platform and uses OCI format handling. SOURCE_DATE_EPOCH behavior and OCI export functionality not fully supported on Windows containers. Build Process Reproducible Builds No Not Planned Very High
testMultiNilRefsOCIExporter frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests multi-platform OCI export with nil references using scratch base image targeting linux/amd64,linux/arm64,linux/s390x platforms. Requires OCI exporter not supported on Windows BuildKit and uses scratch base incompatible with Windows containers. Build Process OCI Multi-Platform Export No Not Planned Very High
testEagerNamedContextLookup frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests eager named context lookup using alpine base image and extensive bash commands with complex shell scripting. Uses Unix-specific commands, file operations, and shell syntax incompatible with Windows container environments. Build Process Eager Context Lookup No Low Very High
testPlatformWithOSVersion frontend/dockerfile/dockerfile_test.go Linux-Only Concept Tests platform-specific OS version validation using scratch base image. Explicitly skipped on Windows: "FROM scratch and layer formatting not being supported on Windows." Platform targeting works but blocked by scratch base incompatibility. Build Process Platform OS Version No Not Planned Very High
testDeviceRunEnv frontend/dockerfile/dockerfile_rundevice_test.go Linux-Only Concept Tests CDI (Container Device Interface) device injection into RUN commands with vendor-specific device environment variables. CDI is Linux-specific technology not supported on Windows containers. Container Runtime CDI Device Injection No Not Planned Very High
testCopyHeredoc frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests COPY with heredoc syntax using busybox base and Unix commands (adduser -D, stat -c). Heredoc functionality works conceptually but needs Windows-compatible base images and permission handling. Build Process Heredoc COPY Yes Medium High
testCopyHeredocSpecialSymbols frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests COPY heredoc with special symbol handling using scratch base. Heredoc parsing supported but blocked by scratch base incompatibility and symbol handling differences. Build Process Heredoc COPY Yes Medium High
testRunBasicHeredoc frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests RUN with basic heredoc functionality using busybox and Unix commands (echo, whoami). Heredoc execution model needs Windows shell adaptation and compatible base images. Build Process Heredoc RUN Yes Medium High
testRunFakeHeredoc frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests heredoc with custom SHELL (awk) and scratch base. Heredoc functionality present but needs Windows-compatible interpreters and base images instead of scratch. Build Process Heredoc SHELL Yes Medium High
testRunShebangHeredoc frontend/dockerfile/dockerfile_heredoc_test.go Linux-Only Concept Tests heredoc with Unix shebang (#!/bin/awk -f) execution using busybox base. Shebang is Unix-specific concept not supported in Windows containers. Build Process Heredoc Shebang No Low Very High
testRunComplexHeredoc frontend/dockerfile/dockerfile_heredoc_test.go Linux-Only Concept Tests complex heredoc with Unix file descriptors (/proc/self/fd/3), pipes, and awk processing. File descriptor manipulation and /proc filesystem are Linux-specific. Build Process Heredoc Complex No Low Very High
testHeredocIndent frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests heredoc indentation handling (<<EOF vs <<-EOF) with busybox and scratch bases. Indentation processing supported but needs Windows-compatible base images. Build Process Heredoc Indentation Yes Medium High
testHeredocVarSubstitution frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests variable substitution in heredoc content using busybox base and Unix commands. Variable expansion works but needs Windows shell syntax adaptation. Build Process Heredoc Variables Yes Medium High
testOnBuildHeredoc frontend/dockerfile/dockerfile_heredoc_test.go Command Complexity Tests ONBUILD with heredoc using busybox base and registry operations. ONBUILD heredoc functionality should work with Windows-compatible base images and commands. Build Process ONBUILD Heredoc Yes Medium High
testParallelism solver/jobs_test.go Command Complexity Tests BuildKit job parallelism control using busybox base and Unix shell commands (/bin/sh -c, touch, while loops). Core parallelism functionality platform-agnostic but needs Windows-compatible base images and shell syntax. Container Runtime Job Parallelism Yes Medium High
testBridgeNetworkingDNSNoRootless client/client_test.go Linux-Only Concept Tests CNI bridge networking with DNS resolution using busybox base and netcat (nc -l) commands. CNI networking is Linux-specific container networking designed for non-Windows platforms. Container Runtime CNI Bridge Networking No Not Planned Very High
testExportBusyboxLocal client/client_test.go Linux-Only Concept Tests local export functionality using busybox base image and validating busybox binary presence (/bin/busybox). Uses Linux-specific busybox container not available on Windows platforms. Build Process Local Export No Low Very High
testSSHMount client/client_test.go Linux-Only Concept Tests SSH agent socket mounting using SSH agent keyring, RSA key generation, and Unix socket communication. SSH agent integration uses Unix domain sockets not supported on Windows containers. Security/Permissions SSH Mounting No Low Very High
testRawSocketMount client/client_test.go Linux-Only Concept Tests Unix domain socket mounting using net.Listen("unix") and curl --unix-socket commands with alpine base. Unix domain sockets are Linux-specific IPC mechanism not available on Windows. Container Runtime Unix Socket Mounting No Not Planned Very High
testExtraHosts client/client_test.go Command Complexity Tests extra hosts functionality (/etc/hosts manipulation) using busybox base and Unix commands (cat, grep). Extra hosts feature should work on Windows with compatible base images and Windows hosts file adaptation. Container Runtime Extra Hosts Yes Medium High
testShmSize client/client_test.go Linux-Only Concept Tests shared memory size configuration using /dev/shm tmpfs mount and busybox base with mount command validation. Windows containers don't have /dev/shm filesystem or tmpfs mount support. Container Runtime Shared Memory No Not Planned Very High
testUlimit client/client_test.go Linux-Only Concept Tests ulimit (user limits) configuration using busybox base and Unix ulimit command to query file descriptor limits. Windows doesn't have ulimit concept - uses different resource limit management through Windows APIs and job objects. Container Runtime User Limits No Not Planned Very High
testNetworkMode client/client_test.go Linux-Only Concept Tests network isolation modes (NetModeNone, NetModeHost) using busybox base with wget and ifconfig commands. Network isolation models are Linux-specific container networking concepts. Container Runtime Network Isolation No Not Planned Very High
testSecurityMode client/client_test.go Linux-Only Concept Tests container security modes (SecurityModeSandbox, SecurityModeInsecure) using busybox base and Linux capabilities inspection (/proc/self/status, CapEff). Linux capabilities and /proc filesystem are Unix-specific security concepts. Security/Permissions Security Modes No Not Planned Very High
testSecurityModeSysfs client/client_test.go Linux-Only Concept Tests security mode with sysfs filesystem access using Linux-specific filesystem checks. Sysfs (/sys) is Linux kernel virtual filesystem for device and driver information not available on Windows. Security/Permissions Security Modes Sysfs No Not Planned Very High
testSecurityModeErrors client/client_test.go Linux-Only Concept Tests security mode error handling and entitlement validation using busybox base. Security entitlement system designed around Linux container security models and capabilities framework. Security/Permissions Security Mode Errors No Not Planned Very High
testSecretMounts client/client_test.go Command Complexity Tests secret file mounting using busybox base and Unix commands (mount, grep, cat, test). Core secret mounting functionality should work on Windows with tmpfs adaptation and Windows-compatible validation commands. Security/Permissions Secret File Mounts Yes High High
testSecretEnv client/client_test.go Command Complexity Tests secret environment variable injection using busybox base and Unix shell syntax (sh -c, ${VAR} expansion). Secret environment injection should work on Windows with Windows shell syntax adaptation. Security/Permissions Secret Environment Variables Yes High Medium
testBuildExportZstd client/client_test.go Command Complexity Tests zstd compression in OCI export using busybox base and Unix commands (sh -e -c). OCI exporter and zstd compression are supported on Windows, needs Windows-compatible base image and shell commands. Build Process OCI Export Zstd Yes High Medium
testPullZstdImage client/client_test.go Command Complexity Tests zstd-compressed image registry round-trip using busybox base and Unix commands (sh -e -c). Core functionality (image export, registry push/pull, zstd compression, OCI export) supported on Windows, needs Windows-compatible base image and shell commands. Build Process Zstd Image Registry Yes High Medium
testBasicS3CacheImportExport client/client_test.go Conversion Issues Tests S3 cache backend using MinIO server requiring minio and mc binaries in PATH. Core S3 cache functionality supported on Windows but test setup requires minio/mc executables typically not available on Windows. Cache Management S3 Cache Backend Yes Medium High
testBasicAzblobCacheImportExport client/client_test.go Conversion Issues Tests Azure Blob cache backend using Azurite server requiring azurite-blob binary in PATH. Core Azure Blob cache functionality supported on Windows but test setup requires azurite executable not typically available on Windows. Cache Management Azure Blob Cache Yes Medium High
testSnapshotWithMultipleBlobs client/client_test.go Command Complexity Tests OCI export with multiple blob snapshots using OCI exporter feature. OCI exporter supported on Windows (confirmed earlier), needs Windows-compatible base images and commands for comprehensive testing. Build Process OCI Multiple Blobs Yes Medium Medium
testMoveParentDir client/client_test.go Command Complexity Tests directory movement operations using busybox base and OCI exporter. Core file operation functionality should work on Windows with Windows-compatible base images and path handling adaptations. File System Directory Operations Yes Medium High
testReadonlyRootFS client/client_test.go Linux-Only Concept Tests read-only root filesystem capability using llb.ReadonlyRootFS() and busybox base with Unix commands (/bin/touch). Read-only filesystem concept doesn't apply to Windows containers which use different security models. Container Runtime Read-only Root FS No Not Planned Very High
testMountStubsDirectory client/client_test.go Command Complexity Tests mount stub directory cleanup using busybox base, Unix commands (touch), and tmpfs mounts. Core mount stub management should work on Windows with Windows-compatible base images, commands, and mount types. File System Mount Stub Cleanup Yes Medium High
testMountStubsTimestamp client/client_test.go Command Complexity Tests timestamp preservation for mount stubs using busybox base and Unix touch command with --date option. Core timestamp functionality should work on Windows but requires PowerShell-based timestamp manipulation instead of Unix touch. File System Mount Stub Timestamps Yes Low Very High
testLLBMountPerformance client/client_test.go Flaky on Windows Performance test with timeouts that may be insufficient for Windows container startup overhead. Test has adaptive timeouts but may need Windows-specific adjustments. Shows good cross-platform test design with busybox vs Windows base image selection. Performance RUN Mount Yes Not Planned Low
testLayerLimitOnMounts client/client_test.go Linux-Only Concept Creates 110 layers then tests mounting with readonly flag. Requires runc's rootfs directory handling - runc mounts all layers to a physical 'rootfs' directory path in the bundle. Windows containerd executor uses direct mount abstractions without requiring rootfs directory paths, making this incompatible. Container Runtime RUN Mount layerLimit No Not Planned Very High

Previously Skipped Tests Now Working on Windows

These tests were previously skipped on Windows but have been fixed either through source code modifications or by removing unnecessary skip conditions. They now pass successfully on Windows.

Test Name File Path Previous Skip Reason Fix Type Fix Description BuildKit Feature Commit/PR Impact
testRefReadFile frontend/frontend_test.go Platform assumption Unnecessary Skip Test functionality was already cross-platform compatible. Frontend file reading operations work identically on Windows. Frontend File Reading Latest Medium
testRefReadDir frontend/frontend_test.go Platform assumption Unnecessary Skip Directory listing operations are cross-platform compatible in BuildKit frontend. Frontend Directory Operations Latest Medium
testRefStatFile frontend/frontend_test.go Platform assumption Unnecessary Skip File stat operations work cross-platform through BuildKit's filesystem abstraction layer. Frontend File Statistics Latest Medium
testRefEvaluate frontend/frontend_test.go Platform assumption Unnecessary Skip Frontend evaluation logic is platform-agnostic and works identically on Windows. Frontend Evaluation Latest Medium
testErrorsSourceMap frontend/dockerfile/errors_test.go Platform assumption Unnecessary Skip Error source mapping functionality is platform-independent and works on Windows. Error Source Mapping Latest Low
testTargetsList frontend/dockerfile/dockerfile_targets_test.go Platform assumption Source Code Fix Dockerfile target listing required Windows-compatible target resolution and parsing logic. Build Target Listing Latest Medium
testOutlineRecursiveArgs frontend/dockerfile/dockerfile_outline_test.go Platform assumption Unnecessary Skip Dockerfile outline parsing with recursive argument resolution works cross-platform without modification. Dockerfile Outline Parsing Latest Medium
testAddChecksum frontend/dockerfile/dockerfile_addchecksum_test.go Platform assumption Source Code Fix ADD checksum validation required Windows-compatible checksum computation and validation logic. ADD Checksum Validation Latest High
testEmptyStringArgInEnv frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Environment variable argument handling required Windows-specific environment variable processing. ENV Argument Processing Latest Low
testExportCacheLoop frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Cache export loop detection logic required Windows-compatible cache management and validation. Cache Export Validation Latest Medium
testExportedHistoryFlattenArgs frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Image history export with argument flattening required Windows-compatible history processing. Image History Export Latest Low
testAddInvalidChmod frontend/dockerfile/dockerfile_test.go Platform assumption Unnecessary Skip Invalid chmod error handling works cross-platform as it tests error validation, not actual chmod functionality. ADD Error Validation Latest Medium
testFrontendInputs frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Frontend input processing required Windows-compatible input validation and processing logic. Frontend Input Processing Latest Medium
testStepNames frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Build step naming functionality required Windows-compatible step name generation and validation. Build Step Management Latest Low
testBaseImagePlatformMismatch frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Platform mismatch detection required Windows platform validation logic. Platform Validation Latest High
testMaintainBaseOSVersion frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix OS version maintenance logic required Windows-specific OS version handling. OS Version Management Latest High
testTargetMistype frontend/dockerfile/dockerfile_test.go Platform assumption Source Code Fix Build target validation required Windows-compatible target parsing and error handling. Build Target Validation Latest Low
testSourceDateEpochImageExporter client/client_test.go Platform assumption Source Code Fix SOURCE_DATE_EPOCH support required Windows-compatible timestamp handling in image exporters. Reproducible Builds Latest High
testBuildExportWithForeignLayer client/client_test.go Platform assumption Source Code Fix Foreign layer handling required Windows-compatible layer management and export logic. Foreign Layer Export Latest High
testBasicRegistryCacheImportExport client/client_test.go Platform assumption Source Code Fix Registry cache operations required Windows-compatible cache backend implementation. Registry Cache Latest High
testMultipleRegistryCacheImportExport client/client_test.go Platform assumption Source Code Fix Multiple registry cache backends required Windows-compatible multi-backend handling. Registry Cache Multiple Latest High
testRmSymlink client/client_test.go Platform assumption Source Code Fix Symlink removal operations required Windows symlink handling instead of Unix symlink assumptions. Symlink Operations Latest Medium
testMultipleCacheExports client/client_test.go Platform assumption Source Code Fix Multiple cache export functionality required Windows-compatible export coordination. Cache Export Multiple Latest Medium
testClientGatewayEmptyImageExec client/build_test.go Platform assumption Unnecessary Skip Empty image execution error handling works cross-platform as it tests gateway error handling, not platform-specific execution. Gateway Empty Image Latest Medium
testUsage cmd/buildctl/buildctl_test.go Platform assumption Unnecessary Skip buildctl usage help is platform-independent CLI functionality that works identically on Windows. CLI Usage Latest Low
testPrune cmd/buildctl/prune_test.go Platform assumption Unnecessary Skip buildctl prune operations work identically across platforms without modification. CLI Prune Latest Medium
testDiskUsage cmd/buildctl/diskusage_test.go Platform assumption Unnecessary Skip Disk usage reporting functionality is platform-agnostic and works on Windows without changes. CLI Disk Usage Latest Medium
testBuildWithLocalFiles cmd/buildctl/build_test.go Platform assumption Source Code Fix Local file building required Windows path handling and file system operations. CLI Build Local Latest High
testBuildLocalExporter cmd/buildctl/build_test.go Platform assumption Source Code Fix Local export functionality required Windows-compatible file export operations. CLI Export Local Latest High
testBuildContainerdExporter cmd/buildctl/build_test.go Platform assumption Source Code Fix Containerd export functionality required Windows containerd worker compatibility. CLI Export Containerd Latest High
testBuildMetadataFile cmd/buildctl/build_test.go Platform assumption Source Code Fix Build metadata file generation required Windows file system and path handling. CLI Metadata Export Latest Medium
testUncompressedRegistryCacheImportExport client/client_test.go Platform assumption Source Code Fix Uncompressed registry cache operations required Windows-compatible cache compression handling. Registry Cache Uncompressed Latest High

Windows-Compatible Tests Failing in GitHub Actions

These tests have been modified to work on Windows locally but still fail in the GitHub Actions CI environment due to infrastructure, timing, or environment-specific issues.

Test Name File Path Local Status CI Failure Type Failure Description Root Cause BuildKit Feature Fix Complexity Priority
testOnBuildNamedContext frontend/dockerfile/dockerfile_test.go Passes Environment ONBUILD with named context handling fails due to OCI layout export path differences in CI environment Windows path handling in OCI export + temp directory permissions in GitHub Actions ONBUILD + Named Context Medium High
testOnBuildInheritedStageRun frontend/dockerfile/dockerfile_test.go Passes Environment ONBUILD inheritance across build stages fails due to stage state management in CI CI environment stage isolation + Windows container state persistence ONBUILD Inheritance Medium High
testOnBuildInheritedStageWithFrom frontend/dockerfile/dockerfile_test.go Passes Environment ONBUILD inheritance with FROM directive fails in CI container setup Stage context switching + Windows container runtime timing in CI ONBUILD + Multi-stage Medium High
testOnBuildWithCacheMount frontend/dockerfile/dockerfile_test.go Passes Resource ONBUILD with cache mount fails due to cache directory permissions in CI environment GitHub Actions Windows runner cache mount permissions + container isolation ONBUILD + Cache Mount High High
testImageManifestCacheImportExport frontend/dockerfile/dockerfile_test.go Passes Network Image manifest cache import/export fails due to CI network timing/bandwidth issues CI network constraints + Windows container registry communication delays Cache Import/Export Medium Medium
testCacheImportExport frontend/dockerfile/dockerfile_test.go Passes Resource Basic cache import/export fails due to disk I/O timing or permissions in CI GitHub Actions Windows runner disk I/O performance + temp directory handling Cache Management Medium High
testImportExportReproducibleIDs frontend/dockerfile/dockerfile_test.go Passes Environment Reproducible build ID generation fails due to CI environment differences CI environment variables + Windows time/entropy differences affecting build IDs Reproducible Builds Low Medium
testNoCache frontend/dockerfile/dockerfile_test.go Passes Resource No-cache build fails due to CI resource constraints or timing GitHub Actions resource limits + Windows container memory/CPU constraints Cache Disable Low Low
testNamedImageContextTimestamps frontend/dockerfile/dockerfile_test.go Passes Timing Named image context timestamp validation fails due to CI filesystem timing Windows filesystem timestamp precision + CI environment clock synchronization Named Context Low Medium
testNamedInputContext frontend/dockerfile/dockerfile_test.go Passes Environment Named input context handling fails due to CI path resolution differences Windows path resolution + CI temporary directory structure differences Named Context Medium Medium
testZstdLocalCacheExport client/client_test.go Passes Compression Zstd compression cache export fails due to Windows containerd zstd support in CI CI Windows containerd version lacking full zstd compression support Cache Export + Zstd High High
testZstdLocalCacheImportExport client/client_test.go Passes Compression Zstd cache import/export fails due to OCI mediatype + containerd applier issues in CI GitHub Actions containerd version incompatibility with zstd+oci-mediatypes combination Cache + Zstd + OCI High High
testZstdRegistryCacheImportExport client/client_test.go Passes Network Zstd registry cache fails due to CI registry communication + compression issues CI network + registry bandwidth limitations with zstd compression overhead Registry Cache + Zstd Medium Medium
testSessionExporter client/client_test.go Passes Resource Session-based OCI export fails due to CI session management or file handle limits GitHub Actions Windows session isolation + file handle/resource limits during OCI export Session Export + OCI Medium High

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi Awaiting requested review from tonistiigi

@crazy-max crazy-max Awaiting requested review from crazy-max

At least 1 approving review is required to merge this pull request.

Assignees

@rzlink rzlink

Labels
area/buildctl area/client area/dockerfile area/frontend area/testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rzlink