Release 4.1.0: Using a variable with hashtag breaks the docker build command

[gastonfournier]

Behaviour

After the latest release v4.1.0 there's an issue when using build args containing a hashtag # where everything after the hashtag is trimmed out (I believe it's being treated as a comment). In version 4.0.0 it works as expected (see this example run from main with the version 4.0.0 pinned)

Steps to reproduce this issue

1. Run this workflow from the branch named bug
2. Check the output (example: https://github.com/gastonfournier/build-args-test/actions/runs/5243868766/jobs/9469101934#step:6:113)

Expected behaviour

The variable BUILD_ARG_PARAM should be passed on as is to --build-arg

/usr/bin/docker buildx build --build-arg NPM_TOKEN=HELLO_WORLD --build-arg BUILD_ARG_PARAM=pre-hashtag#post-hashtag --file Dockerfile --iidfile /tmp/docker-actions-toolkit-MqCSOI/iidfile --platform linux/arm64 --provenance mode=max,builder-id=https://github.com/gastonfournier/build-args-test/actions/runs/5243868766 --metadata-file /tmp/docker-actions-toolkit-MqCSOI/metadata-file .

Actual behaviour

The variable BUILD_ARG_PARAM is trimmed from the hastag #

/usr/bin/docker buildx build --build-arg NPM_TOKEN=HELLO_WORLD --build-arg BUILD_ARG_PARAM=pre-hashtag --file Dockerfile --iidfile /tmp/docker-actions-toolkit-MqCSOI/iidfile --platform linux/arm64 --provenance mode=max,builder-id=https://github.com/gastonfournier/build-args-test/actions/runs/5243868766 --metadata-file /tmp/docker-actions-toolkit-MqCSOI/metadata-file .

Configuration

• Repository URL (if public): https://github.com/gastonfournier/build-args-test
• Build URL (if public): https://github.com/gastonfournier/build-args-test/actions/runs/5243868766/jobs/9469101934#step:6:113

name: Continuous integration and deployment
on:
  workflow_dispatch:

jobs:
  build:
    env:
      BUILD_ARG_PARAM: undefined
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@v2
      - run: echo BUILD_ARG_PARAM=pre-hashtag#post-hashtag >> $GITHUB_ENV
      - uses: docker/build-push-action@v4
        with:
          context: .
          file: Dockerfile
          platforms: linux/arm64
          push: false
          build-args: |
            NPM_TOKEN=HELLO_WORLD
            BUILD_ARG_PARAM=${{ env.BUILD_ARG_PARAM }}

Logs

• Issue reproduced using 4.1.0
• Working as expected with 4.0.0

[crazy-max]

This looks related to https://github.com/docker/bake-action/pull/141 :disappointed_relieved:

Not related but in your case you don't need to pass the value but just set the key of the build arg:

      - uses: docker/build-push-action@v4
        with:
          context: .
          file: Dockerfile
          platforms: linux/arm64
          push: false
          build-args: |
            NPM_TOKEN=HELLO_WORLD
            BUILD_ARG_PARAM

[crazy-max]

Seems linked to https://github.com/docker/build-push-action/pull/811. Before we were not handling comments for the inputs: https://github.com/docker/build-push-action/pull/811/files#diff-0cd594dddd6a9f2e3e26afebbb92716434437d7001c2416252aa7531e7f2b8d4L257-L262. But in the toolkit we are: https://github.com/docker/actions-toolkit/blob/acd3c9df19b24d46f4e2c40024e3dacc5f54bf88/src/util.ts#L39. Maybe we need https://github.com/docker/actions-toolkit/pull/115 after all.

[gastonfournier]

This looks related to docker/bake-action#141 disappointed_relieved

Not related but in your case you don't need to pass the value but just set the key of the build arg:

      - uses: docker/build-push-action@v4
        with:
          context: .
          file: Dockerfile
          platforms: linux/arm64
          push: false
          build-args: |
            NPM_TOKEN=HELLO_WORLD
            BUILD_ARG_PARAM

Yes, seems related. I'm going over your comments. For now pinning to v.4.0.0 helped us get unblocked but I'm more than happy to test some stuff to help with this ;)