Add support for --var flag to set bake variables

[mnencia]

Description

The docker buildx bake CLI supports the --var flag to set variable values (added in docker/buildx#3610), but bake-action does not expose this functionality.

Use Case

We wanted to prevent environment variables (like github_*) from appearing in provenance attestations, so we tried using BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP=1. However, this flag only prevents the bake definition file from reading environment variables - it doesn't prevent buildx from capturing them in provenance attestations.

Even though it doesn't solve the provenance issue, the feature request remains valid: when BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP=1 is set, there's no way to explicitly pass variable values to the bake file through the action.

The Problem

Setting BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP=1 isolates the bake definition from environment variables (as intended), but bake-action provides no alternative mechanism to pass variable values. Users are forced to either:

• Not use the isolation flag (bake file reads all environment variables)
• Set variables via env: block (which the flag explicitly blocks)

Proposed Solution

Add a vars input to bake-action:

- name: Build and push
  uses: docker/bake-action@v6
  env:
    BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP: "1"
  with:
    source: .
    vars: |
      environment=testing
      buildVersion=${{ env.VERSION }}
      tag=${{ env.IMAGE_TAG }}

This would map to --var key=value CLI arguments, completing the isolation feature by allowing explicit variable passing.

Related

• Buildx PR adding --var: bake: add --var flag for setting variable values buildx#3610
• Buildx PR adding BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP: bake: allow disabling env lookup for bake buildx#3595

[crazy-max]

Accept that all environment variables are published in image attestations (security risk)

It doesn't publish all env vars to the provenance attestation, do you have proof of it?

Otherwise yes we should add a new vars input for this action similar to what's done with our GitHub Builder

[mnencia]

Look at cloudnative-pg daily continuous integration:

• this morning run has really long metadata https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/21501252177/job/61947867931#step:10:829
• yesterday morning run has none https://github.com/cloudnative-pg/cloudnative-pg/actions/runs/21462257487/job/61817041054#step:10:808

The git code is the same (nothing committed yesterday), but the GitHub runner image is different:

Good runner (20260119.4):
  - Docker-Buildx: 0.30.1
Bad runner (20260126.10):
  - Docker-Buildx: 0.31.0

EDIT: after some more investigation, I found that @crazy-max was right, and what I'm seeing is the expected behavior (fixed in docker/buildx#3536)

For anyone finding this issue while searching for solutions to "Argument list too long" errors caused by large metadata: the proper fix is setting BUILDX_METADATA_PROVENANCE=disabled to exclude provenance from the metadata file (provenance attestations remain attached to images in the registry).

Documentation: https://docs.docker.com/reference/cli/docker/buildx/bake/#metadata-file

[mnencia]

After testing, I found that BUILDX_BAKE_DISABLE_VARS_ENV_LOOKUP=1 doesn't prevent environment variables from appearing in provenance attestations. The flag only affects the bake definition file itself, not what buildx captures in provenance.

I verified this by inspecting the published attestations - they still contain all 28 github_* environment variables in the invocation.environment field even with the flag set.

This seems like a buildx bug rather than a missing bake-action feature. There's currently no way to prevent environment leakage into provenance attestations, which is a real security concern for public images. EDIT: It looks like this is the intended behaviour of provenance attestation, so my bad.

The --var feature would still be useful for ergonomics, but won't solve the environment leakage issue.

I have updated the PR description to reflect this update.

[crazy-max]

I verified this by inspecting the published attestations - they still contain all 28 github_* environment variables in the invocation.environment field even with the flag set.

These are not environment variables but github event payload injected to provenance related to docker/buildx#3453. You can disable it with:

- name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v3
  with:
    driver-opts: provenance-add-gha=false