Merge pull request #3996 from laurazard/skip-broken-credentials

Fix issue where one bad credential helper causes no credentials to be returned

.github/ISSUE_TEMPLATE.md

@@ -1,64 +0,0 @@
-<!--
-If you are reporting a new issue, make sure that we do not have any duplicates
-already open. You can ensure this by searching the issue list for this
-repository. If there is a duplicate, please close your issue and add a comment
-to the existing issue instead.
-
-If you suspect your issue is a bug, please edit your issue description to
-include the BUG REPORT INFORMATION shown below. If you fail to provide this
-information within 7 days, we cannot debug your issue and will close it. We
-will, however, reopen it if you later provide the information.
-
-For more information about reporting issues, see
-https://github.com/docker/cli/blob/master/CONTRIBUTING.md#reporting-other-issues
-
----------------------------------------------------
-GENERAL SUPPORT INFORMATION
----------------------------------------------------
-
-The GitHub issue tracker is for bug reports and feature requests.
-General support can be found at the following locations:
-
-- Docker Support Forums - https://forums.docker.com
-- Docker Community Slack - https://dockr.ly/community
-- Post a question on StackOverflow, using the Docker tag
-
----------------------------------------------------
-BUG REPORT INFORMATION
----------------------------------------------------
-Use the commands below to provide key information from your environment:
-You do NOT have to include this information if this is a FEATURE REQUEST
--->
-
-**Description**
-
-<!--
-Briefly describe the problem you are having in a few paragraphs.
--->
-
-**Steps to reproduce the issue:**
-1.
-2.
-3.
-
-**Describe the results you received:**
-
-
-**Describe the results you expected:**
-
-
-**Additional information you deem important (e.g. issue happens only occasionally):**
-
-**Output of `docker version`:**
-
-```
-(paste your output here)
-```
-
-**Output of `docker info`:**
-
-```
-(paste your output here)
-```
-
-**Additional environment details (AWS, VirtualBox, physical, etc.):**

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,146 @@
+name: Bug report
+description: Create a report to help us improve!
+labels:
+  - kind/bug
+  - status/0-triage
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to report a bug!
+        If this is a security issue please report it to the [Docker Security team](mailto:security@docker.com).
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Please give a clear and concise description of the bug
+    validations:
+      required: true
+  - type: textarea
+    id: repro
+    attributes:
+      label: Reproduce
+      description: Steps to reproduce the bug
+      placeholder: |
+        1. docker run ...
+        2. docker kill ...
+        3. docker rm ...
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: What is the expected behavior?
+      placeholder: |
+        E.g. "`docker rm` should remove the container and cleanup all associated data"
+  - type: textarea
+    id: version
+    attributes:
+      label: docker version
+      description: Output of `docker version`
+      render: bash
+      placeholder: |
+        Client:
+          Version:           20.10.17
+          API version:       1.41
+          Go version:        go1.17.11
+          Git commit:        100c70180fde3601def79a59cc3e996aa553c9b9
+          Built:             Mon Jun  6 21:36:39 UTC 2022
+          OS/Arch:           linux/amd64
+          Context:           default
+          Experimental:      true
+
+        Server:
+          Engine:
+            Version:          20.10.17
+            API version:      1.41 (minimum version 1.12)
+            Go version:       go1.17.11
+            Git commit:       a89b84221c8560e7a3dee2a653353429e7628424
+            Built:            Mon Jun  6 22:32:38 2022
+            OS/Arch:          linux/amd64
+            Experimental:     true
+          containerd:
+            Version:          1.6.6
+            GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
+          runc:
+            Version:          1.1.2
+            GitCommit:        a916309fff0f838eb94e928713dbc3c0d0ac7aa4
+          docker-init:
+            Version:          0.19.0
+            GitCommit:
+    validations:
+      required: true
+  - type: textarea
+    id: info
+    attributes:
+      label: docker info
+      description: Output of `docker info`
+      render: bash
+      placeholder: |
+        Client:
+          Context:    default
+          Debug Mode: false
+          Plugins:
+            buildx: Docker Buildx (Docker Inc., 0.8.2)
+            compose: Docker Compose (Docker Inc., 2.6.0)
+
+        Server:
+          Containers: 4
+            Running: 2
+            Paused: 0
+            Stopped: 2
+          Images: 80
+          Server Version: 20.10.17
+          Storage Driver: overlay2
+            Backing Filesystem: xfs
+            Supports d_type: true
+            Native Overlay Diff: false
+            userxattr: false
+          Logging Driver: local
+          Cgroup Driver: cgroupfs
+          Cgroup Version: 1
+          Plugins:
+            Volume: local
+            Network: bridge host ipvlan macvlan null overlay
+            Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
+          Swarm: inactive
+          Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
+          Default Runtime: runc
+          Init Binary: docker-init
+          containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
+          runc version: a916309fff0f838eb94e928713dbc3c0d0ac7aa4
+          init version: 
+          Security Options:
+            apparmor
+            seccomp
+            Profile: default
+          Kernel Version: 5.13.0-1031-azure
+          Operating System: Ubuntu 20.04.4 LTS
+          OSType: linux
+          Architecture: x86_64
+          CPUs: 4
+          Total Memory: 15.63GiB
+          Name: dev
+          ID: UC44:2RFL:7NQ5:GGFW:34O5:DYRE:CLOH:VLGZ:64AZ:GFXC:PY6H:SAHY
+          Docker Root Dir: /var/lib/docker
+          Debug Mode: true
+            File Descriptors: 46
+            Goroutines: 134
+            System Time: 2022-07-06T18:07:54.812439392Z
+            EventsListeners: 0
+          Registry: https://index.docker.io/v1/
+          Labels:
+          Experimental: true
+          Insecure Registries:
+            127.0.0.0/8
+          Live Restore Enabled: true
+    validations:
+      required: true
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Info
+      description: Additional info you want to provide such as logs, system info, environment, etc.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: "Contributing to Docker"
+    about: "Read guidelines and tips about contributing to Docker."
+    url: "https://github.com/docker/cli/blob/master/CONTRIBUTING.md"
+  - name: "Security and Vulnerabilities"
+    about: "Please report any security issues or vulnerabilities responsibly to the Docker security team. Please do not use the public issue tracker."
+    url: "https://github.com/moby/moby/security/policy"
+  - name: "General Support"
+    about: "Get the help you need to build, share, and run your Docker applications"
+    url: "https://www.docker.com/support/"

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,13 @@
+name: Feature request
+description: Missing functionality? Come tell us about it!
+labels:
+  - kind/feature
+  - status/0-triage
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is the feature you want to see?
+    validations:
+      required: true

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels:
+      - "area/testing"
+      - "status/2-code-review"

.github/workflows/build.yml

@@ -1,5 +1,9 @@
 name: build
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   workflow_dispatch:
   push:
@@ -12,7 +16,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:
@@ -25,15 +29,15 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Run ${{ matrix.target }}
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: ${{ matrix.target }}
         env:
@@ -55,23 +59,23 @@ jobs:
           fi
       -
         name: Upload artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ env.ARTIFACT_NAME }}
           path: ./build/*
           if-no-files-found: error
 
   plugins:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Build plugins
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: plugins-cross

.github/workflows/codeql-analysis.yml

@@ -1,16 +1,6 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-name: "CodeQL"
+name: codeql
 
 on:
-#  push:
-#    branches: [master]
-#  pull_request:
-#    # The branches below must be a subset of the branches above
-#    branches: [master]
   schedule:
     #        ┌───────────── minute (0 - 59)
     #        │ ┌───────────── hour (0 - 23)
@@ -24,57 +14,27 @@ on:
     - cron: '0 9 * * 4'
 
 jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['go']
-        # Learn more...
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
-
+  codeql:
+    runs-on: ubuntu-20.04
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
+      -
+        name: Checkout
+        uses: actions/checkout@v3
         with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
           fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
+      -
+        name: Checkout HEAD on PR
         if: ${{ github.event_name == 'pull_request' }}
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        run: |
+          git checkout HEAD^2
+      -
+        name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
         with:
-          languages: ${{ matrix.language }}
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
-          # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      #- run: |
-      #   make bootstrap
-      #   make release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+          languages: go
+      -
+        name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+      -
+        name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/e2e.yml

@@ -1,5 +1,9 @@
 name: e2e
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   workflow_dispatch:
   push:
@@ -12,7 +16,7 @@ on:
 
 jobs:
   e2e:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:
@@ -32,7 +36,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Update daemon.json
         run: |
@@ -44,7 +48,7 @@ jobs:
           docker info
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Run ${{ matrix.target }}
         run: |
@@ -55,6 +59,6 @@ jobs:
           TESTFLAGS: -coverprofile=/tmp/coverage/coverage.txt
       -
         name: Send to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v3
         with:
           file: ./build/coverage/coverage.txt

.github/workflows/test.yml

@@ -1,5 +1,9 @@
 name: test
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   workflow_dispatch:
   push:
@@ -12,22 +16,22 @@ on:
 
 jobs:
   ctn:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Test
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: test-coverage
       -
         name: Send to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v3
         with:
           file: ./build/coverage/coverage.txt
 
@@ -41,8 +45,8 @@ jobs:
       fail-fast: false
       matrix:
         os:
-          - macos-latest
-#          - windows-latest # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
+          - macos-11
+#          - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
     steps:
       -
         name: Prepare git
@@ -52,14 +56,14 @@ jobs:
           git config --system core.eol lf
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: ${{ env.GOPATH }}/src/github.com/docker/cli
       -
         name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.18.3
+          go-version: 1.19.4
       -
         name: Test
         run: |
@@ -69,7 +73,7 @@ jobs:
         shell: bash
       -
         name: Send to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v3
         with:
           file: /tmp/coverage.txt
           working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli

.github/workflows/validate.yml

@@ -1,5 +1,9 @@
 name: validate
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   workflow_dispatch:
   push:
@@ -12,7 +16,7 @@ on:
 
 jobs:
   validate:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:
@@ -24,17 +28,17 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
         name: Run
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: ${{ matrix.target }}
 
   validate-make:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:
@@ -44,7 +48,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -

.golangci.yml

@@ -1,10 +1,10 @@
 linters:
   enable:
     - bodyclose
-    - deadcode
     - depguard
     - dogsled
     - gocyclo
+    - gofumpt
     - goimports
     - gosec
     - gosimple
@@ -14,14 +14,12 @@ linters:
     - megacheck
     - misspell
     - nakedret
+    - revive
     - staticcheck
-    - structcheck
     - typecheck
     - unconvert
     - unparam
     - unused
-    - revive
-    - varcheck
 
   disable:
     - errcheck
@@ -98,6 +96,12 @@ issues:
       linters:
         - gosec
 
+    # G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772)
+    # only affects gp < 1.16.14. and go < 1.17.7
+    - text: "(G113)"
+      linters:
+        - gosec
+
     # Looks like the match in "EXC0007" above doesn't catch this one
     # TODO: consider upstreaming this to golangci-lint's default exclusion rules
     - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
@@ -109,6 +113,11 @@ issues:
       linters:
         - gosec
 
+    # TODO: make sure all packages have a description. Currently, there's 67 packages without.
+    - text: "package-comments: should have a package comment"
+      linters:
+        - revive
+
     # Exclude some linters from running on tests files.
     - path: _test\.go
       linters:

.mailmap

@@ -6,6 +6,7 @@
 #
 # For explanation on this file format: man git-shortlog
 
+<lmscrewy@gmail.com> <1674195+squeegels@users.noreply.github.com>
 Aaron L. Xu <liker.xu@foxmail.com>
 Aaron Lehmann <alehmann@netflix.com>
 Aaron Lehmann <alehmann@netflix.com> <aaron.lehmann@docker.com>
@@ -32,6 +33,7 @@ Alexander Larsson <alexl@redhat.com> <alexander.larsson@gmail.com>
 Alexander Morozov <lk4d4math@gmail.com>
 Alexander Morozov <lk4d4math@gmail.com> <lk4d4@docker.com>
 Alexandre Beslic <alexandre.beslic@gmail.com> <abronan@docker.com>
+Alexis Couvreur <alexiscouvreur.pro@gmail.com>
 Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
 Allen Sun <allensun.shl@alibaba-inc.com> <allen.sun@daocloud.io>
 Allen Sun <allensun.shl@alibaba-inc.com> <shlallen1990@gmail.com>
@@ -380,6 +382,8 @@ Nathan LeClaire <nathan.leclaire@docker.com> <nathan.leclaire@gmail.com>
 Nathan LeClaire <nathan.leclaire@docker.com> <nathanleclaire@gmail.com>
 Neil Horman <nhorman@tuxdriver.com> <nhorman@hmswarspite.think-freely.org>
 Nick Russo <nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
+Nick Santos <nick.santos@docker.com>
+Nick Santos <nick.santos@docker.com> <nick@tilt.dev>
 Nicolas Borboën <ponsfrilus@gmail.com> <ponsfrilus@users.noreply.github.com>
 Nicolas De Loof <nicolas.deloof@gmail.com>
 Nigel Poulton <nigelpoulton@hotmail.com>
@@ -446,6 +450,7 @@ Solomon Hykes <solomon@docker.com> <solomon.hykes@dotcloud.com>
 Solomon Hykes <solomon@docker.com> <solomon@dotcloud.com>
 Soshi Katsuta <soshi.katsuta@gmail.com>
 Soshi Katsuta <soshi.katsuta@gmail.com> <katsuta_soshi@cyberagent.co.jp>
+Spring Lee <xi.shuai@outlook.com>
 Sridhar Ratnakumar <sridharr@activestate.com>
 Sridhar Ratnakumar <sridharr@activestate.com> <github@srid.name>
 Srini Brahmaroutu <srbrahma@us.ibm.com> <sbrahma@us.ibm.com>

AUTHORS

@@ -1,5 +1,6 @@
-# This file lists all individuals having contributed content to the repository.
-# For how it is generated, see `scripts/docs/generate-authors.sh`.
+# File @generated by scripts/docs/generate-authors.sh. DO NOT EDIT.
+# This file lists all contributors to the repository.
+# See scripts/docs/generate-authors.sh to make modifications.
 
 Aanand Prasad <aanand.prasad@gmail.com>
 Aaron L. Xu <liker.xu@foxmail.com>
@@ -24,6 +25,7 @@ Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 Akim Demaille <akim.demaille@docker.com>
 Alan Thompson <cloojure@gmail.com>
 Albert Callarisa <shark234@gmail.com>
+Alberto Roura <mail@albertoroura.com>
 Albin Kerouanton <albin@akerouanton.name>
 Aleksa Sarai <asarai@suse.de>
 Aleksander Piotrowski <apiotrowski312@gmail.com>
@@ -37,6 +39,7 @@ Alexander Morozov <lk4d4math@gmail.com>
 Alexander Ryabov <i@sepa.spb.ru>
 Alexandre González <agonzalezro@gmail.com>
 Alexey Igrychev <alexey.igrychev@flant.com>
+Alexis Couvreur <alexiscouvreur.pro@gmail.com>
 Alfred Landrum <alfred.landrum@docker.com>
 Alicia Lauerman <alicia@eta.im>
 Allen Sun <allensun.shl@alibaba-inc.com>
@@ -82,6 +85,7 @@ Bardia Keyoumarsi <bkeyouma@ucsc.edu>
 Barnaby Gray <barnaby@pickle.me.uk>
 Bastiaan Bakker <bbakker@xebia.com>
 BastianHofmann <bastianhofmann@me.com>
+Ben Bodenmiller <bbodenmiller@gmail.com>
 Ben Bonnefoy <frenchben@docker.com>
 Ben Creasy <ben@bencreasy.com>
 Ben Firshman <ben@firshman.co.uk>
@@ -93,6 +97,7 @@ Bhumika Bayani <bhumikabayani@gmail.com>
 Bill Wang <ozbillwang@gmail.com>
 Bin Liu <liubin0329@gmail.com>
 Bingshen Wang <bingshen.wbs@alibaba-inc.com>
+Bishal Das <bishalhnj127@gmail.com>
 Boaz Shuster <ripcurld.github@gmail.com>
 Bogdan Anton <contact@bogdananton.ro>
 Boris Pruessmann <boris@pruessmann.org>
@@ -105,6 +110,7 @@ Bret Fisher <bret@bretfisher.com>
 Brian (bex) Exelbierd <bexelbie@redhat.com>
 Brian Goff <cpuguy83@gmail.com>
 Brian Wieder <brian@4wieders.com>
+Bruno Sousa <bruno.sousa@docker.com>
 Bryan Bess <squarejaw@bsbess.com>
 Bryan Boreham <bjboreham@gmail.com>
 Bryan Murphy <bmurphy1976@gmail.com>
@@ -192,6 +198,7 @@ David Calavera <david.calavera@gmail.com>
 David Cramer <davcrame@cisco.com>
 David Dooling <dooling@gmail.com>
 David Gageot <david@gageot.net>
+David Karlsson <david.karlsson@docker.com>
 David Lechner <david@lechnology.com>
 David Scott <dave@recoil.org>
 David Sheets <dsheets@docker.com>
@@ -251,6 +258,7 @@ Evelyn Xu <evelynhsu21@gmail.com>
 Everett Toews <everett.toews@rackspace.com>
 Fabio Falci <fabiofalci@gmail.com>
 Fabrizio Soppelsa <fsoppelsa@mirantis.com>
+Felix Geyer <debfx@fobos.de>
 Felix Hupfeld <felix@quobyte.com>
 Felix Rabe <felix@rabe.io>
 fezzik1620 <fezzik1620@users.noreply.github.com>
@@ -275,6 +283,7 @@ George MacRorie <gmacr31@gmail.com>
 George Xie <georgexsh@gmail.com>
 Gianluca Borello <g.borello@gmail.com>
 Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
+Gio d'Amelio <giodamelio@gmail.com>
 Gleb Stsenov <gleb.stsenov@gmail.com>
 Goksu Toprak <goksu.toprak@docker.com>
 Gou Rao <gou@portworx.com>
@@ -332,6 +341,7 @@ Jan-Jaap Driessen <janjaapdriessen@gmail.com>
 Jana Radhakrishnan <mrjana@docker.com>
 Jared Hocutt <jaredh@netapp.com>
 Jasmine Hegman <jasmine@jhegman.com>
+Jason Hall <jason@chainguard.dev>
 Jason Heiss <jheiss@aput.net>
 Jason Plum <jplum@devonit.com>
 Jay Kamat <github@jgkamat.33mail.com>
@@ -501,6 +511,7 @@ Mason Fish <mason.fish@docker.com>
 Mason Malone <mason.malone@gmail.com>
 Mateusz Major <apkd@users.noreply.github.com>
 Mathieu Champlon <mathieu.champlon@docker.com>
+Mathieu Rollet <matletix@gmail.com>
 Matt Gucci <matt9ucci@gmail.com>
 Matt Robenolt <matt@ydekproductions.com>
 Matteo Orefice <matteo.orefice@bites4bits.software>
@@ -553,6 +564,7 @@ Moysés Borges <moysesb@gmail.com>
 Mozi <29089388+pzhlkj6612@users.noreply.github.com>
 Mrunal Patel <mrunalp@gmail.com>
 muicoder <muicoder@gmail.com>
+Murukesh Mohanan <murukesh.mohanan@gmail.com>
 Muthukumar R <muthur@gmail.com>
 Máximo Cuadros <mcuadros@gmail.com>
 Mårten Cassel <marten.cassel@gmail.com>
@@ -568,6 +580,7 @@ Nathan LeClaire <nathan.leclaire@docker.com>
 Nathan McCauley <nathan.mccauley@docker.com>
 Neil Peterson <neilpeterson@outlook.com>
 Nick Adcock <nick.adcock@docker.com>
+Nick Santos <nick.santos@docker.com>
 Nico Stapelbroek <nstapelbroek@gmail.com>
 Nicola Kabar <nicolaka@gmail.com>
 Nicolas Borboën <ponsfrilus@gmail.com>
@@ -666,6 +679,7 @@ Sainath Grandhi <sainath.grandhi@intel.com>
 Sakeven Jiang <jc5930@sina.cn>
 Sally O'Malley <somalley@redhat.com>
 Sam Neirinck <sam@samneirinck.com>
+Sam Thibault <sam.thibault@docker.com>
 Samarth Shah <samashah@microsoft.com>
 Sambuddha Basu <sambuddhabasu1@gmail.com>
 Sami Tabet <salph.tabet@gmail.com>
@@ -701,7 +715,8 @@ Slava Semushin <semushin@redhat.com>
 Solomon Hykes <solomon@docker.com>
 Song Gao <song@gao.io>
 Spencer Brown <spencer@spencerbrown.org>
-squeegels <1674195+squeegels@users.noreply.github.com>
+Spring Lee <xi.shuai@outlook.com>
+squeegels <lmscrewy@gmail.com>
 Srini Brahmaroutu <srbrahma@us.ibm.com>
 Stefan S. <tronicum@user.github.com>
 Stefan Scherer <stefan.scherer@docker.com>

CONTRIBUTING.md

@@ -333,7 +333,7 @@ mind when nudging others to comply.
 
 The rules:
 
-1. All code should be formatted with `gofmt -s`.
+1. All code should be formatted with `gofumpt` (preferred) or `gofmt -s`.
 2. All code should pass the default levels of
    [`golint`](https://github.com/golang/lint).
 3. All code should follow the guidelines covered in [Effective

Dockerfile

@@ -1,15 +1,16 @@
 # syntax=docker/dockerfile:1
 
 ARG BASE_VARIANT=alpine
-ARG GO_VERSION=1.18.3
-ARG XX_VERSION=1.1.0
+ARG GO_VERSION=1.19.5
+ARG ALPINE_VERSION=3.16
+ARG XX_VERSION=1.1.1
 ARG GOVERSIONINFO_VERSION=v1.3.0
-ARG GOTESTSUM_VERSION=v1.7.0
-ARG BUILDX_VERSION=0.8.2
+ARG GOTESTSUM_VERSION=v1.8.2
+ARG BUILDX_VERSION=0.9.1
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS build-base-alpine
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS build-base-alpine
 COPY --from=xx / /
 RUN apk add --no-cache bash clang lld llvm file git
 WORKDIR /go/src/github.com/docker/cli
@@ -21,12 +22,19 @@ RUN xx-apk add --no-cache musl-dev gcc
 
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS build-base-bullseye
 COPY --from=xx / /
-RUN apt-get update && apt-get install --no-install-recommends -y bash clang lld file
+RUN apt-get update && apt-get install --no-install-recommends -y bash clang lld llvm file
 WORKDIR /go/src/github.com/docker/cli
 
 FROM build-base-bullseye AS build-bullseye
 ARG TARGETPLATFORM
 RUN xx-apt-get install --no-install-recommends -y libc6-dev libgcc-10-dev
+# workaround for issue with llvm 11 for darwin/amd64 platform:
+#  # github.com/docker/cli/cmd/docker
+#  /usr/local/go/pkg/tool/linux_amd64/link: /usr/local/go/pkg/tool/linux_amd64/link: running strip failed: exit status 1
+#  llvm-strip: error: unsupported load command (cmd=0x5)
+# more info: https://github.com/docker/cli/pull/3717
+# FIXME: remove once llvm 12 available on debian
+RUN [ "$TARGETPLATFORM" != "darwin/amd64" ] || ln -sfnT /bin/true /usr/bin/llvm-strip
 
 FROM build-base-${BASE_VARIANT} AS goversioninfo
 ARG GOVERSIONINFO_VERSION

MAINTAINERS

@@ -48,8 +48,11 @@
 	# - close an issue or pull request when it's inappropriate or off-topic
 
 		people = [
+			"bsousaa",
 			"programmerq",
-			"thajeztah"
+			"sam-thibault",
+			"thajeztah",
+			"vvoland"
 		]
 
 	[Org.Alumni]
@@ -80,6 +83,11 @@
 	Email = "github@albersweb.de"
 	GitHub = "albers"
 
+	[people.bsousaa]
+	Name = "Bruno de Sousa"
+	Email = "bruno.sousa@docker.com"
+	GitHub = "bsousaa"
+
 	[people.cpuguy83]
 	Name = "Brian Goff"
 	Email = "cpuguy83@gmail.com"
@@ -105,6 +113,11 @@
 	Email = "djordje.lukic@docker.com"
 	GitHub = "rumpl"
 
+	[people.sam-thibault]
+	Name = "Sam Thibault"
+	Email = "sam.thibault@docker.com"
+	GitHub = "sam-thibault"
+
 	[people.silvin-lubecki]
 	Name = "Silvin Lubecki"
 	Email = "silvin.lubecki@docker.com"
@@ -140,3 +153,8 @@
 	Email = "vieux@docker.com"
 	GitHub = "vieux"
 
+	[people.vvoland]
+	Name = "Paweł Gronowski"
+	Email = "pawel.gronowski@docker.com"
+	GitHub = "vvoland"
+

Makefile

@@ -5,6 +5,11 @@
 # Sets the name of the company that produced the windows binary.
 PACKAGER_NAME ?=
 
+# The repository doesn't have a go.mod, but "go list", and "gotestsum"
+# expect to be run from a module.
+GO111MODULE=auto
+export GO111MODULE
+
 all: binary
 
 _:=$(shell ./scripts/warn-outside-container $(MAKECMDGOALS))
@@ -45,8 +50,12 @@ shellcheck: ## run shellcheck validation
 	find scripts/ contrib/completion/bash -type f | grep -v scripts/winresources | grep -v '.*.ps1' | xargs shellcheck
 
 .PHONY: fmt
-fmt: ## run gofmt
-	go list -f {{.Dir}} ./... | xargs gofmt -w -s -d
+fmt: ## run gofumpt (if present) or gofmt
+	@if command -v gofumpt > /dev/null; then \
+		gofumpt -w -d -lang=1.19 . ; \
+	else \
+		go list -f {{.Dir}} ./... | xargs gofmt -w -s -d ; \
+	fi
 
 .PHONY: binary
 binary: ## build executable for Linux
@@ -81,6 +90,10 @@ authors: ## generate AUTHORS file from git history
 manpages: ## generate man pages from go source and markdown
 	scripts/docs/generate-man.sh
 
+.PHONY: mddocs
+mddocs: ## generate markdown files from go source
+	scripts/docs/generate-md.sh
+
 .PHONY: yamldocs
 yamldocs: ## generate documentation YAML files consumed by docs repo
 	scripts/docs/generate-yaml.sh

README.md

@@ -1,10 +1,10 @@
 # Docker CLI
 
 [![PkgGoDev](https://img.shields.io/badge/go.dev-docs-007d9c?logo=go&logoColor=white)](https://pkg.go.dev/github.com/docker/cli)
-[![Build Status](https://img.shields.io/github/workflow/status/docker/cli/build?label=build&logo=github)](https://github.com/docker/cli/actions?query=workflow%3Abuild)
-[![Test Status](https://img.shields.io/github/workflow/status/docker/cli/test?label=test&logo=github)](https://github.com/docker/cli/actions?query=workflow%3Atest)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/docker/cli/build.yml?branch=master&label=build&logo=github)](https://github.com/docker/cli/actions?query=workflow%3Abuild)
+[![Test Status](https://img.shields.io/github/actions/workflow/status/docker/cli/test.yml?branch=master&label=test&logo=github)](https://github.com/docker/cli/actions?query=workflow%3Atest)
 [![Go Report Card](https://goreportcard.com/badge/github.com/docker/cli)](https://goreportcard.com/report/github.com/docker/cli)
-[![Codecov](https://codecov.io/gh/docker/cli/branch/master/graph/badge.svg)](https://codecov.io/gh/docker/cli)
+[![Codecov](https://img.shields.io/codecov/c/github/docker/cli?logo=codecov)](https://codecov.io/gh/docker/cli)
 
 ## About
 

VERSION

@@ -1 +1 @@
-22.06.0-dev
+23.0.0-dev

cli-plugins/manager/error_test.go

@@ -1,24 +1,24 @@
 package manager
 
 import (
+	"encoding/json"
 	"fmt"
 	"testing"
 
-	"github.com/pkg/errors"
-	"gopkg.in/yaml.v2"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestPluginError(t *testing.T) {
 	err := NewPluginError("new error")
-	assert.Error(t, err, "new error")
+	assert.Check(t, is.Error(err, "new error"))
 
 	inner := fmt.Errorf("testing")
 	err = wrapAsPluginError(inner, "wrapping")
-	assert.Error(t, err, "wrapping: testing")
-	assert.Assert(t, errors.Is(err, inner))
+	assert.Check(t, is.Error(err, "wrapping: testing"))
+	assert.Check(t, is.ErrorIs(err, inner))
 
-	actual, err := yaml.Marshal(err)
-	assert.NilError(t, err)
-	assert.Equal(t, "'wrapping: testing'\n", string(actual))
+	actual, err := json.Marshal(err)
+	assert.Check(t, err)
+	assert.Check(t, is.Equal(`"wrapping: testing"`, string(actual)))
 }

cli-plugins/manager/manager.go

@@ -224,3 +224,8 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command
 	}
 	return nil, errPluginNotFound(name)
 }
+
+// IsPluginCommand checks if the given cmd is a plugin-stub.
+func IsPluginCommand(cmd *cobra.Command) bool {
+	return cmd.Annotations[CommandAnnotationPlugin] == "true"
+}

cli-plugins/manager/manager_test.go

@@ -86,10 +86,10 @@ func TestGetPlugin(t *testing.T) {
 	dir := fs.NewDir(t, t.Name(),
 		fs.WithFile("docker-bbb", `
 #!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
 		fs.WithFile("docker-aaa", `
 #!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
 	)
 	defer dir.Remove()
 
@@ -109,10 +109,10 @@ func TestListPluginsIsSorted(t *testing.T) {
 	dir := fs.NewDir(t, t.Name(),
 		fs.WithFile("docker-bbb", `
 #!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
 		fs.WithFile("docker-aaa", `
 #!/bin/sh
-echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0777)),
+echo '{"SchemaVersion":"0.1.0"}'`, fs.WithMode(0o777)),
 	)
 	defer dir.Remove()
 

cli-plugins/manager/plugin.go

@@ -10,9 +10,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var (
-	pluginNameRe = regexp.MustCompile("^[a-z][a-z0-9]*$")
-)
+var pluginNameRe = regexp.MustCompile("^[a-z][a-z0-9]*$")
 
 // Plugin represents a potential plugin with all it's metadata.
 type Plugin struct {
@@ -33,8 +31,6 @@ type Plugin struct {
 // is set, and is always a `pluginError`, but the `Plugin` is still
 // returned with no error. An error is only returned due to a
 // non-recoverable error.
-//
-// nolint: gocyclo
 func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 	path := c.Path()
 	if path == "" {
@@ -71,7 +67,7 @@ func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) {
 			// Ignore conflicts with commands which are
 			// just plugin stubs (i.e. from a previous
 			// call to AddPluginCommandStubs).
-			if p := cmd.Annotations[CommandAnnotationPlugin]; p == "true" {
+			if IsPluginCommand(cmd) {
 				continue
 			}
 			if cmd.Name() == p.Name {

cli-plugins/manager/suffix_unix.go

@@ -6,6 +6,7 @@ package manager
 func trimExeSuffix(s string) (string, error) {
 	return s, nil
 }
+
 func addExeSuffix(s string) string {
 	return s
 }

cli-plugins/plugin/plugin.go

@@ -133,7 +133,9 @@ func newPluginCommand(dockerCli *command.DockerCli, plugin *cobra.Command, meta
 	}
 	opts, flags := cli.SetupPluginRootCommand(cmd)
 
+	cmd.SetIn(dockerCli.In())
 	cmd.SetOut(dockerCli.Out())
+	cmd.SetErr(dockerCli.Err())
 
 	cmd.AddCommand(
 		plugin,

cli/cobra.go

@@ -28,15 +28,17 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	flags := rootCmd.Flags()
 
 	flags.StringVar(&opts.ConfigDir, "config", config.Dir(), "Location of client config files")
-	opts.Common.InstallFlags(flags)
+	opts.InstallFlags(flags)
 
 	cobra.AddTemplateFunc("add", func(a, b int) int { return a + b })
+	cobra.AddTemplateFunc("hasAliases", hasAliases)
 	cobra.AddTemplateFunc("hasSubCommands", hasSubCommands)
 	cobra.AddTemplateFunc("hasTopCommands", hasTopCommands)
 	cobra.AddTemplateFunc("hasManagementSubCommands", hasManagementSubCommands)
 	cobra.AddTemplateFunc("hasSwarmSubCommands", hasSwarmSubCommands)
 	cobra.AddTemplateFunc("hasInvalidPlugins", hasInvalidPlugins)
 	cobra.AddTemplateFunc("topCommands", topCommands)
+	cobra.AddTemplateFunc("commandAliases", commandAliases)
 	cobra.AddTemplateFunc("operationSubCommands", operationSubCommands)
 	cobra.AddTemplateFunc("managementSubCommands", managementSubCommands)
 	cobra.AddTemplateFunc("orchestratorSubCommands", orchestratorSubCommands)
@@ -59,7 +61,10 @@ func setupCommonRootCommand(rootCmd *cobra.Command) (*cliflags.ClientOptions, *p
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
 	rootCmd.PersistentFlags().Lookup("help").Hidden = true
 
-	rootCmd.Annotations = map[string]string{"additionalHelp": "To get more help with docker, check out our guides at https://docs.docker.com/go/guides/"}
+	rootCmd.Annotations = map[string]string{
+		"additionalHelp":      "For more help on how to use Docker, head to https://docs.docker.com/go/guides/",
+		"docs.code-delimiter": `"`, // https://github.com/docker/cli-docs-tool/blob/77abede22166eaea4af7335096bdcedd043f5b19/annotation/annotation.go#L20-L22
+	}
 
 	// Configure registry.CertsDir() when running in rootless-mode
 	if os.Getenv("ROOTLESSKIT_STATE_DIR") != "" {
@@ -114,7 +119,13 @@ type TopLevelCommand struct {
 
 // NewTopLevelCommand returns a new TopLevelCommand object
 func NewTopLevelCommand(cmd *cobra.Command, dockerCli *command.DockerCli, opts *cliflags.ClientOptions, flags *pflag.FlagSet) *TopLevelCommand {
-	return &TopLevelCommand{cmd, dockerCli, opts, flags, os.Args[1:]}
+	return &TopLevelCommand{
+		cmd:       cmd,
+		dockerCli: dockerCli,
+		opts:      opts,
+		flags:     flags,
+		args:      os.Args[1:],
+	}
 }
 
 // SetArgs sets the args (default os.Args[:1] used to invoke the command
@@ -170,7 +181,7 @@ func (tcmd *TopLevelCommand) HandleGlobalFlags() (*cobra.Command, []string, erro
 
 // Initialize finalises global option parsing and initializes the docker client.
 func (tcmd *TopLevelCommand) Initialize(ops ...command.InitializeOpt) error {
-	tcmd.opts.Common.SetDefaultOptions(tcmd.flags)
+	tcmd.opts.SetDefaultOptions(tcmd.flags)
 	return tcmd.dockerCli.Initialize(tcmd.opts, ops...)
 }
 
@@ -223,9 +234,13 @@ func isExperimental(cmd *cobra.Command) bool {
 }
 
 func additionalHelp(cmd *cobra.Command) string {
-	if additionalHelp, ok := cmd.Annotations["additionalHelp"]; ok {
+	if msg, ok := cmd.Annotations["additionalHelp"]; ok {
+		out := cmd.OutOrStderr()
+		if _, isTerminal := term.GetFdInfo(out); !isTerminal {
+			return msg
+		}
 		style := aec.EmptyBuilder.Bold().ANSI
-		return style.Apply(additionalHelp)
+		return style.Apply(msg)
 	}
 	return ""
 }
@@ -235,7 +250,11 @@ func hasAdditionalHelp(cmd *cobra.Command) bool {
 }
 
 func isPlugin(cmd *cobra.Command) bool {
-	return cmd.Annotations[pluginmanager.CommandAnnotationPlugin] == "true"
+	return pluginmanager.IsPluginCommand(cmd)
+}
+
+func hasAliases(cmd *cobra.Command) bool {
+	return len(cmd.Aliases) > 0 || cmd.Annotations["aliases"] != ""
 }
 
 func hasSubCommands(cmd *cobra.Command) bool {
@@ -258,6 +277,24 @@ func hasTopCommands(cmd *cobra.Command) bool {
 	return len(topCommands(cmd)) > 0
 }
 
+// commandAliases is a templating function to return aliases for the command,
+// formatted as the full command as they're called (contrary to the default
+// Aliases function, which only returns the subcommand).
+func commandAliases(cmd *cobra.Command) string {
+	if cmd.Annotations["aliases"] != "" {
+		return cmd.Annotations["aliases"]
+	}
+	var parentPath string
+	if cmd.HasParent() {
+		parentPath = cmd.Parent().CommandPath() + " "
+	}
+	aliases := cmd.CommandPath()
+	for _, alias := range cmd.Aliases {
+		aliases += ", " + parentPath + alias
+	}
+	return aliases
+}
+
 func topCommands(cmd *cobra.Command) []*cobra.Command {
 	cmds := []*cobra.Command{}
 	if cmd.Parent() != nil {
@@ -395,10 +432,10 @@ EXPERIMENTAL:
   https://docs.docker.com/go/experimental/
 
 {{- end}}
-{{- if gt .Aliases 0}}
+{{- if hasAliases . }}
 
 Aliases:
-  {{.NameAndAliases}}
+  {{ commandAliases . }}
 
 {{- end}}
 {{- if .HasExample}}
@@ -474,6 +511,7 @@ Run '{{.CommandPath}} COMMAND --help' for more information on a command.
 {{- if hasAdditionalHelp .}}
 
 {{ additionalHelp . }}
+
 {{- end}}
 `
 

cli/cobra_test.go

@@ -78,6 +78,23 @@ func TestInvalidPlugin(t *testing.T) {
 	assert.DeepEqual(t, invalidPlugins(root), []*cobra.Command{sub1}, cmpopts.IgnoreUnexported(cobra.Command{}))
 }
 
+func TestCommandAliases(t *testing.T) {
+	root := &cobra.Command{Use: "root"}
+	sub := &cobra.Command{Use: "subcommand", Aliases: []string{"alias1", "alias2"}}
+	sub2 := &cobra.Command{Use: "subcommand2", Annotations: map[string]string{"aliases": "root foo, root bar"}}
+	root.AddCommand(sub)
+	root.AddCommand(sub2)
+
+	assert.Equal(t, hasAliases(sub), true)
+	assert.Equal(t, commandAliases(sub), "root subcommand, root alias1, root alias2")
+	assert.Equal(t, hasAliases(sub2), true)
+	assert.Equal(t, commandAliases(sub2), "root foo, root bar")
+
+	sub.Annotations = map[string]string{"aliases": "custom alias, custom alias 2"}
+	assert.Equal(t, hasAliases(sub), true)
+	assert.Equal(t, commandAliases(sub), "custom alias, custom alias 2")
+}
+
 func TestDecoratedName(t *testing.T) {
 	root := &cobra.Command{Use: "root"}
 	topLevelCommand := &cobra.Command{Use: "pluginTopLevelCommand"}

cli/command/builder/prune.go

@@ -47,7 +47,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 	flags := cmd.Flags()
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
 	flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused build cache, not just dangling ones")
-	flags.Var(&options.filter, "filter", "Provide filter values (e.g. 'until=24h')")
+	flags.Var(&options.filter, "filter", `Provide filter values (e.g. "until=24h")`)
 	flags.Var(&options.keepStorage, "keep-storage", "Amount of disk space to keep for cache")
 
 	return cmd

cli/command/checkpoint/list.go

@@ -33,7 +33,6 @@ func newListCommand(dockerCli command.Cli) *cobra.Command {
 	flags.StringVarP(&opts.checkpointDir, "checkpoint-dir", "", "", "Use a custom checkpoint storage directory")
 
 	return cmd
-
 }
 
 func runList(dockerCli command.Cli, container string, opts listOptions) error {

cli/command/cli.go

@@ -2,12 +2,14 @@ package command
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"runtime"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/docker/cli/cli/config"
@@ -29,12 +31,13 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/tlsconfig"
-	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	notaryclient "github.com/theupdateframework/notary/client"
 )
 
+const defaultInitTimeout = 2 * time.Second
+
 // Streams is an interface which exposes the standard input and output streams
 type Streams interface {
 	In() *streams.In
@@ -54,6 +57,7 @@ type Cli interface {
 	ServerInfo() ServerInfo
 	NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error)
 	DefaultVersion() string
+	CurrentVersion() string
 	ManifestStore() manifeststore.Store
 	RegistryClient(bool) registryclient.RegistryClient
 	ContentTrustEnabled() bool
@@ -67,6 +71,7 @@ type Cli interface {
 // Instances of the client can be returned from NewDockerCli.
 type DockerCli struct {
 	configFile         *configfile.ConfigFile
+	options            *cliflags.ClientOptions
 	in                 *streams.In
 	out                *streams.Out
 	err                io.Writer
@@ -75,8 +80,11 @@ type DockerCli struct {
 	contentTrust       bool
 	contextStore       store.Store
 	currentContext     string
+	init               sync.Once
+	initErr            error
 	dockerEndpoint     docker.Endpoint
 	contextStoreConfig store.Config
+	initTimeout        time.Duration
 }
 
 // DefaultVersion returns api.defaultVersion.
@@ -84,8 +92,22 @@ func (cli *DockerCli) DefaultVersion() string {
 	return api.DefaultVersion
 }
 
+// CurrentVersion returns the API version currently negotiated, or the default
+// version otherwise.
+func (cli *DockerCli) CurrentVersion() string {
+	_ = cli.initialize()
+	if cli.client == nil {
+		return api.DefaultVersion
+	}
+	return cli.client.ClientVersion()
+}
+
 // Client returns the APIClient
 func (cli *DockerCli) Client() client.APIClient {
+	if err := cli.initialize(); err != nil {
+		_, _ = fmt.Fprintf(cli.Err(), "Failed to initialize: %s\n", err)
+		os.Exit(1)
+	}
 	return cli.client
 }
 
@@ -120,20 +142,17 @@ func ShowHelp(err io.Writer) func(*cobra.Command, []string) error {
 
 // ConfigFile returns the ConfigFile
 func (cli *DockerCli) ConfigFile() *configfile.ConfigFile {
+	// TODO(thaJeztah): when would this happen? Is this only in tests (where cli.Initialize() is not called first?)
 	if cli.configFile == nil {
-		cli.loadConfigFile()
+		cli.configFile = config.LoadDefaultConfigFile(cli.err)
 	}
 	return cli.configFile
 }
 
-func (cli *DockerCli) loadConfigFile() {
-	cli.configFile = config.LoadDefaultConfigFile(cli.err)
-}
-
 // ServerInfo returns the server version details for the host this client is
 // connected to
 func (cli *DockerCli) ServerInfo() ServerInfo {
-	// TODO(thaJeztah) make ServerInfo() lazily load the info (ping only when needed)
+	_ = cli.initialize()
 	return cli.serverInfo
 }
 
@@ -193,65 +212,50 @@ func WithInitializeClient(makeClient func(dockerCli *DockerCli) (client.APIClien
 // Initialize the dockerCli runs initialization that must happen after command
 // line flags are parsed.
 func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...InitializeOpt) error {
-	var err error
-
 	for _, o := range ops {
 		if err := o(cli); err != nil {
 			return err
 		}
 	}
-	cliflags.SetLogLevel(opts.Common.LogLevel)
+	cliflags.SetLogLevel(opts.LogLevel)
 
 	if opts.ConfigDir != "" {
 		config.SetDir(opts.ConfigDir)
 	}
 
-	if opts.Common.Debug {
+	if opts.Debug {
 		debug.Enable()
 	}
+	if opts.Context != "" && len(opts.Hosts) > 0 {
+		return errors.New("conflicting options: either specify --host or --context, not both")
+	}
 
-	cli.loadConfigFile()
-
-	baseContextStore := store.New(config.ContextStoreDir(), cli.contextStoreConfig)
+	cli.options = opts
+	cli.configFile = config.LoadDefaultConfigFile(cli.err)
+	cli.currentContext = resolveContextName(cli.options, cli.configFile)
 	cli.contextStore = &ContextStoreWithDefault{
-		Store: baseContextStore,
+		Store: store.New(config.ContextStoreDir(), cli.contextStoreConfig),
 		Resolver: func() (*DefaultContext, error) {
-			return ResolveDefaultContext(opts.Common, cli.ConfigFile(), cli.contextStoreConfig, cli.Err())
+			return ResolveDefaultContext(cli.options, cli.contextStoreConfig)
 		},
 	}
-	cli.currentContext, err = resolveContextName(opts.Common, cli.configFile, cli.contextStore)
-	if err != nil {
-		return err
-	}
-	cli.dockerEndpoint, err = resolveDockerEndpoint(cli.contextStore, cli.currentContext)
-	if err != nil {
-		return errors.Wrap(err, "unable to resolve docker endpoint")
-	}
-
-	if cli.client == nil {
-		cli.client, err = newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile)
-		if err != nil {
-			return err
-		}
-	}
-	cli.initializeFromClient()
 	return nil
 }
 
 // NewAPIClientFromFlags creates a new APIClient from command line flags
-func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
+func NewAPIClientFromFlags(opts *cliflags.ClientOptions, configFile *configfile.ConfigFile) (client.APIClient, error) {
+	if opts.Context != "" && len(opts.Hosts) > 0 {
+		return nil, errors.New("conflicting options: either specify --host or --context, not both")
+	}
+
 	storeConfig := DefaultContextStoreConfig()
 	contextStore := &ContextStoreWithDefault{
 		Store: store.New(config.ContextStoreDir(), storeConfig),
 		Resolver: func() (*DefaultContext, error) {
-			return ResolveDefaultContext(opts, configFile, storeConfig, io.Discard)
+			return ResolveDefaultContext(opts, storeConfig)
 		},
 	}
-	contextName, err := resolveContextName(opts, configFile, contextStore)
-	if err != nil {
-		return nil, err
-	}
-	endpoint, err := resolveDockerEndpoint(contextStore, contextName)
+	endpoint, err := resolveDockerEndpoint(contextStore, resolveContextName(opts, configFile))
 	if err != nil {
 		return nil, errors.Wrap(err, "unable to resolve docker endpoint")
 	}
@@ -273,6 +277,9 @@ func newAPIClientFromEndpoint(ep docker.Endpoint, configFile *configfile.ConfigF
 }
 
 func resolveDockerEndpoint(s store.Reader, contextName string) (docker.Endpoint, error) {
+	if s == nil {
+		return docker.Endpoint{}, fmt.Errorf("no context store initialized")
+	}
 	ctxMeta, err := s.GetMetadata(contextName)
 	if err != nil {
 		return docker.Endpoint{}, err
@@ -285,7 +292,7 @@ func resolveDockerEndpoint(s store.Reader, contextName string) (docker.Endpoint,
 }
 
 // Resolve the Docker endpoint for the default context (based on config, env vars and CLI flags)
-func resolveDefaultDockerEndpoint(opts *cliflags.CommonOptions) (docker.Endpoint, error) {
+func resolveDefaultDockerEndpoint(opts *cliflags.ClientOptions) (docker.Endpoint, error) {
 	host, err := getServerHost(opts.Hosts, opts.TLSOptions)
 	if err != nil {
 		return docker.Endpoint{}, err
@@ -313,13 +320,20 @@ func resolveDefaultDockerEndpoint(opts *cliflags.CommonOptions) (docker.Endpoint
 	}, nil
 }
 
+func (cli *DockerCli) getInitTimeout() time.Duration {
+	if cli.initTimeout != 0 {
+		return cli.initTimeout
+	}
+	return defaultInitTimeout
+}
+
 func (cli *DockerCli) initializeFromClient() {
 	ctx := context.Background()
-	if strings.HasPrefix(cli.DockerEndpoint().Host, "tcp://") {
+	if !strings.HasPrefix(cli.dockerEndpoint.Host, "ssh://") {
 		// @FIXME context.WithTimeout doesn't work with connhelper / ssh connections
 		// time="2020-04-10T10:16:26Z" level=warning msg="commandConn.CloseWrite: commandconn: failed to wait: signal: killed"
 		var cancel func()
-		ctx, cancel = context.WithTimeout(ctx, 2*time.Second)
+		ctx, cancel = context.WithTimeout(ctx, cli.getInitTimeout())
 		defer cancel()
 	}
 
@@ -353,16 +367,98 @@ func (cli *DockerCli) ContextStore() store.Store {
 	return cli.contextStore
 }
 
-// CurrentContext returns the current context name
+// CurrentContext returns the current context name, based on flags,
+// environment variables and the cli configuration file, in the following
+// order of preference:
+//
+//  1. The "--context" command-line option.
+//  2. The "DOCKER_CONTEXT" environment variable.
+//  3. The current context as configured through the in "currentContext"
+//     field in the CLI configuration file ("~/.docker/config.json").
+//  4. If no context is configured, use the "default" context.
+//
+// # Fallbacks for backward-compatibility
+//
+// To preserve backward-compatibility with the "pre-contexts" behavior,
+// the "default" context is used if:
+//
+//   - The "--host" option is set
+//   - The "DOCKER_HOST" ([DefaultContextName]) environment variable is set
+//     to a non-empty value.
+//
+// In these cases, the default context is used, which uses the host as
+// specified in "DOCKER_HOST", and TLS config from flags/env vars.
+//
+// Setting both the "--context" and "--host" flags is ambiguous and results
+// in an error when the cli is started.
+//
+// CurrentContext does not validate if the given context exists or if it's
+// valid; errors may occur when trying to use it.
 func (cli *DockerCli) CurrentContext() string {
 	return cli.currentContext
 }
 
+// CurrentContext returns the current context name, based on flags,
+// environment variables and the cli configuration file. It does not
+// validate if the given context exists or if it's valid; errors may
+// occur when trying to use it.
+//
+// Refer to [DockerCli.CurrentContext] above for further details.
+func resolveContextName(opts *cliflags.ClientOptions, config *configfile.ConfigFile) string {
+	if opts != nil && opts.Context != "" {
+		return opts.Context
+	}
+	if opts != nil && len(opts.Hosts) > 0 {
+		return DefaultContextName
+	}
+	if os.Getenv(client.EnvOverrideHost) != "" {
+		return DefaultContextName
+	}
+	if ctxName := os.Getenv("DOCKER_CONTEXT"); ctxName != "" {
+		return ctxName
+	}
+	if config != nil && config.CurrentContext != "" {
+		// We don't validate if this context exists: errors may occur when trying to use it.
+		return config.CurrentContext
+	}
+	return DefaultContextName
+}
+
 // DockerEndpoint returns the current docker endpoint
 func (cli *DockerCli) DockerEndpoint() docker.Endpoint {
+	if err := cli.initialize(); err != nil {
+		// Note that we're not terminating here, as this function may be used
+		// in cases where we're able to continue.
+		_, _ = fmt.Fprintf(cli.Err(), "%v\n", cli.initErr)
+	}
 	return cli.dockerEndpoint
 }
 
+func (cli *DockerCli) getDockerEndPoint() (ep docker.Endpoint, err error) {
+	cn := cli.CurrentContext()
+	if cn == DefaultContextName {
+		return resolveDefaultDockerEndpoint(cli.options)
+	}
+	return resolveDockerEndpoint(cli.contextStore, cn)
+}
+
+func (cli *DockerCli) initialize() error {
+	cli.init.Do(func() {
+		cli.dockerEndpoint, cli.initErr = cli.getDockerEndPoint()
+		if cli.initErr != nil {
+			cli.initErr = errors.Wrap(cli.initErr, "unable to resolve docker endpoint")
+			return
+		}
+		if cli.client == nil {
+			if cli.client, cli.initErr = newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile); cli.initErr != nil {
+				return
+			}
+		}
+		cli.initializeFromClient()
+	})
+	return cli.initErr
+}
+
 // Apply all the operation on the cli
 func (cli *DockerCli) Apply(ops ...DockerCliOption) error {
 	for _, op := range ops {
@@ -397,6 +493,7 @@ func NewDockerCli(ops ...DockerCliOption) (*DockerCli, error) {
 	defaultOps := []DockerCliOption{
 		WithContentTrustFromEnv(),
 		WithDefaultContextStoreConfig(),
+		WithStandardStreams(),
 	}
 	ops = append(defaultOps, ops...)
 
@@ -404,18 +501,6 @@ func NewDockerCli(ops ...DockerCliOption) (*DockerCli, error) {
 	if err := cli.Apply(ops...); err != nil {
 		return nil, err
 	}
-	if cli.out == nil || cli.in == nil || cli.err == nil {
-		stdin, stdout, stderr := term.StdStreams()
-		if cli.in == nil {
-			cli.in = streams.NewIn(stdin)
-		}
-		if cli.out == nil {
-			cli.out = streams.NewOut(stdout)
-		}
-		if cli.err == nil {
-			cli.err = stderr
-		}
-	}
 	return cli, nil
 }
 
@@ -438,40 +523,6 @@ func UserAgent() string {
 	return "Docker-Client/" + version.Version + " (" + runtime.GOOS + ")"
 }
 
-// resolveContextName resolves the current context name with the following rules:
-// - setting both --context and --host flags is ambiguous
-// - if --context is set, use this value
-// - if --host flag or DOCKER_HOST (client.EnvOverrideHost) is set, fallbacks to use the same logic as before context-store was added
-// for backward compatibility with existing scripts
-// - if DOCKER_CONTEXT is set, use this value
-// - if Config file has a globally set "CurrentContext", use this value
-// - fallbacks to default HOST, uses TLS config from flags/env vars
-func resolveContextName(opts *cliflags.CommonOptions, config *configfile.ConfigFile, contextstore store.Reader) (string, error) {
-	if opts.Context != "" && len(opts.Hosts) > 0 {
-		return "", errors.New("Conflicting options: either specify --host or --context, not both")
-	}
-	if opts.Context != "" {
-		return opts.Context, nil
-	}
-	if len(opts.Hosts) > 0 {
-		return DefaultContextName, nil
-	}
-	if _, present := os.LookupEnv(client.EnvOverrideHost); present {
-		return DefaultContextName, nil
-	}
-	if ctxName, ok := os.LookupEnv("DOCKER_CONTEXT"); ok {
-		return ctxName, nil
-	}
-	if config != nil && config.CurrentContext != "" {
-		_, err := contextstore.GetMetadata(config.CurrentContext)
-		if store.IsErrContextDoesNotExist(err) {
-			return "", errors.Errorf("Current context %q is not found on the file system, please check your config file at %s", config.CurrentContext, config.Filename)
-		}
-		return config.CurrentContext, err
-	}
-	return DefaultContextName, nil
-}
-
 var defaultStoreEndpoints = []store.NamedTypeGetter{
 	store.EndpointTypeGetter(docker.DockerEndpoint, func() interface{} { return &docker.EndpointMeta{} }),
 }

cli/command/cli_options.go

@@ -1,14 +1,12 @@
 package command
 
 import (
-	"fmt"
 	"io"
 	"os"
 	"strconv"
 
-	"github.com/docker/cli/cli/context/docker"
-	"github.com/docker/cli/cli/context/store"
 	"github.com/docker/cli/cli/streams"
+	"github.com/docker/docker/client"
 	"github.com/moby/term"
 )
 
@@ -82,19 +80,6 @@ func WithContentTrust(enabled bool) DockerCliOption {
 	}
 }
 
-// WithContextEndpointType add support for an additional typed endpoint in the context store
-// Plugins should use this to store additional endpoints configuration in the context store
-func WithContextEndpointType(endpointName string, endpointType store.TypeGetter) DockerCliOption {
-	return func(cli *DockerCli) error {
-		switch endpointName {
-		case docker.DockerEndpoint:
-			return fmt.Errorf("cannot change %q endpoint type", endpointName)
-		}
-		cli.contextStoreConfig.SetEndpoint(endpointName, endpointType)
-		return nil
-	}
-}
-
 // WithDefaultContextStoreConfig configures the cli to use the default context store configuration.
 func WithDefaultContextStoreConfig() DockerCliOption {
 	return func(cli *DockerCli) error {
@@ -102,3 +87,11 @@ func WithDefaultContextStoreConfig() DockerCliOption {
 		return nil
 	}
 }
+
+// WithAPIClient configures the cli to use the given API client.
+func WithAPIClient(c client.APIClient) DockerCliOption {
+	return func(cli *DockerCli) error {
+		cli.client = c
+		return nil
+	}
+}

cli/command/cli_options_test.go

@@ -15,23 +15,13 @@ func contentTrustEnabled(t *testing.T) bool {
 
 // NB: Do not t.Parallel() this test -- it messes with the process environment.
 func TestWithContentTrustFromEnv(t *testing.T) {
-	envvar := "DOCKER_CONTENT_TRUST"
-	if orig, ok := os.LookupEnv(envvar); ok {
-		defer func() {
-			os.Setenv(envvar, orig)
-		}()
-	} else {
-		defer func() {
-			os.Unsetenv(envvar)
-		}()
-	}
-
-	os.Setenv(envvar, "true")
-	assert.Assert(t, contentTrustEnabled(t))
-	os.Setenv(envvar, "false")
-	assert.Assert(t, !contentTrustEnabled(t))
-	os.Setenv(envvar, "invalid")
-	assert.Assert(t, contentTrustEnabled(t))
+	const envvar = "DOCKER_CONTENT_TRUST"
+	t.Setenv(envvar, "true")
+	assert.Check(t, contentTrustEnabled(t))
+	t.Setenv(envvar, "false")
+	assert.Check(t, !contentTrustEnabled(t))
+	t.Setenv(envvar, "invalid")
+	assert.Check(t, contentTrustEnabled(t))
 	os.Unsetenv(envvar)
-	assert.Assert(t, !contentTrustEnabled(t))
+	assert.Check(t, !contentTrustEnabled(t))
 }

cli/command/cli_test.go

@@ -5,12 +5,15 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"os"
+	"path/filepath"
 	"runtime"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
@@ -20,7 +23,6 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/pkg/errors"
 	"gotest.tools/v3/assert"
-	"gotest.tools/v3/env"
 	"gotest.tools/v3/fs"
 )
 
@@ -29,7 +31,7 @@ func TestNewAPIClientFromFlags(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		host = "npipe://./"
 	}
-	opts := &flags.CommonOptions{Hosts: []string{host}}
+	opts := &flags.ClientOptions{Hosts: []string{host}}
 	apiClient, err := NewAPIClientFromFlags(opts, &configfile.ConfigFile{})
 	assert.NilError(t, err)
 	assert.Equal(t, apiClient.DaemonHost(), host)
@@ -42,7 +44,7 @@ func TestNewAPIClientFromFlagsForDefaultSchema(t *testing.T) {
 	if runtime.GOOS == "windows" {
 		slug = "tcp://127.0.0.1"
 	}
-	opts := &flags.CommonOptions{Hosts: []string{host}}
+	opts := &flags.ClientOptions{Hosts: []string{host}}
 	apiClient, err := NewAPIClientFromFlags(opts, &configfile.ConfigFile{})
 	assert.NilError(t, err)
 	assert.Equal(t, apiClient.DaemonHost(), slug+host)
@@ -60,7 +62,7 @@ func TestNewAPIClientFromFlagsWithCustomHeaders(t *testing.T) {
 	}))
 	defer ts.Close()
 	host := strings.Replace(ts.URL, "http://", "tcp://", 1)
-	opts := &flags.CommonOptions{Hosts: []string{host}}
+	opts := &flags.ClientOptions{Hosts: []string{host}}
 	configFile := &configfile.ConfigFile{
 		HTTPHeaders: map[string]string{
 			"My-Header": "Custom-Value",
@@ -86,10 +88,10 @@ func TestNewAPIClientFromFlagsWithCustomHeaders(t *testing.T) {
 
 func TestNewAPIClientFromFlagsWithAPIVersionFromEnv(t *testing.T) {
 	customVersion := "v3.3.3"
-	defer env.Patch(t, "DOCKER_API_VERSION", customVersion)()
-	defer env.Patch(t, "DOCKER_HOST", ":2375")()
+	t.Setenv("DOCKER_API_VERSION", customVersion)
+	t.Setenv("DOCKER_HOST", ":2375")
 
-	opts := &flags.CommonOptions{}
+	opts := &flags.ClientOptions{}
 	configFile := &configfile.ConfigFile{}
 	apiclient, err := NewAPIClientFromFlags(opts, configFile)
 	assert.NilError(t, err)
@@ -116,9 +118,9 @@ func (c *fakeClient) NegotiateAPIVersionPing(types.Ping) {
 }
 
 func TestInitializeFromClient(t *testing.T) {
-	defaultVersion := "v1.55"
+	const defaultVersion = "v1.55"
 
-	var testcases = []struct {
+	testcases := []struct {
 		doc            string
 		pingFunc       func() (types.Ping, error)
 		expectedServer ServerInfo
@@ -158,19 +160,72 @@ func TestInitializeFromClient(t *testing.T) {
 			}
 
 			cli := &DockerCli{client: apiclient}
-			cli.initializeFromClient()
+			err := cli.Initialize(flags.NewClientOptions())
+			assert.NilError(t, err)
 			assert.DeepEqual(t, cli.ServerInfo(), testcase.expectedServer)
 			assert.Equal(t, apiclient.negotiated, testcase.negotiated)
 		})
 	}
 }
 
+// Makes sure we don't hang forever on the initial connection.
+// https://github.com/docker/cli/issues/3652
+func TestInitializeFromClientHangs(t *testing.T) {
+	dir := t.TempDir()
+	socket := filepath.Join(dir, "my.sock")
+	l, err := net.Listen("unix", socket)
+	assert.NilError(t, err)
+
+	receiveReqCh := make(chan bool)
+	timeoutCtx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	// Simulate a server that hangs on connections.
+	ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		select {
+		case <-timeoutCtx.Done():
+		case receiveReqCh <- true: // Blocks until someone receives on the channel.
+		}
+		_, _ = w.Write([]byte("OK"))
+	}))
+	ts.Listener = l
+	ts.Start()
+	defer ts.Close()
+
+	opts := &flags.ClientOptions{Hosts: []string{fmt.Sprintf("unix://%s", socket)}}
+	configFile := &configfile.ConfigFile{}
+	apiClient, err := NewAPIClientFromFlags(opts, configFile)
+	assert.NilError(t, err)
+
+	initializedCh := make(chan bool)
+
+	go func() {
+		cli := &DockerCli{client: apiClient, initTimeout: time.Millisecond}
+		err := cli.Initialize(flags.NewClientOptions())
+		assert.Check(t, err)
+		cli.CurrentVersion()
+		close(initializedCh)
+	}()
+
+	select {
+	case <-timeoutCtx.Done():
+		t.Fatal("timeout waiting for initialization to complete")
+	case <-initializedCh:
+	}
+
+	select {
+	case <-timeoutCtx.Done():
+		t.Fatal("server never received an init request")
+	case <-receiveReqCh:
+	}
+}
+
 // The CLI no longer disables/hides experimental CLI features, however, we need
 // to verify that existing configuration files do not break
 func TestExperimentalCLI(t *testing.T) {
 	defaultVersion := "v1.55"
 
-	var testcases = []struct {
+	testcases := []struct {
 		doc        string
 		configfile string
 	}{

cli/command/config/create.go

@@ -10,7 +10,7 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/pkg/system"
+	"github.com/moby/sys/sequential"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -54,7 +54,7 @@ func RunConfigCreate(dockerCli command.Cli, options CreateOptions) error {
 
 	var in io.Reader = dockerCli.In()
 	if options.File != "-" {
-		file, err := system.OpenSequential(options.File)
+		file, err := sequential.Open(options.File)
 		if err != nil {
 			return err
 		}

cli/command/config/create_test.go

@@ -29,7 +29,8 @@ func TestConfigCreateErrors(t *testing.T) {
 			args:          []string{"too_few"},
 			expectedError: "requires exactly 2 arguments",
 		},
-		{args: []string{"too", "many", "arguments"},
+		{
+			args:          []string{"too", "many", "arguments"},
 			expectedError: "requires exactly 2 arguments",
 		},
 		{

cli/command/config/formatter_test.go

@@ -26,29 +26,39 @@ func TestConfigContextFormatWrite(t *testing.T) {
 			`template parsing error: template: :1:2: executing "" at <nil>: nil is not a command`,
 		},
 		// Table format
-		{formatter.Context{Format: NewFormat("table", false)},
+		{
+			formatter.Context{Format: NewFormat("table", false)},
 			`ID        NAME        CREATED                  UPDATED
 1         passwords   Less than a second ago   Less than a second ago
 2         id_rsa      Less than a second ago   Less than a second ago
-`},
-		{formatter.Context{Format: NewFormat("table {{.Name}}", true)},
+`,
+		},
+		{
+			formatter.Context{Format: NewFormat("table {{.Name}}", true)},
 			`NAME
 passwords
 id_rsa
-`},
-		{formatter.Context{Format: NewFormat("{{.ID}}-{{.Name}}", false)},
+`,
+		},
+		{
+			formatter.Context{Format: NewFormat("{{.ID}}-{{.Name}}", false)},
 			`1-passwords
 2-id_rsa
-`},
+`,
+		},
 	}
 
 	configs := []swarm.Config{
-		{ID: "1",
+		{
+			ID:   "1",
 			Meta: swarm.Meta{CreatedAt: time.Now(), UpdatedAt: time.Now()},
-			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "passwords"}}},
-		{ID: "2",
+			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "passwords"}},
+		},
+		{
+			ID:   "2",
 			Meta: swarm.Meta{CreatedAt: time.Now(), UpdatedAt: time.Now()},
-			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "id_rsa"}}},
+			Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "id_rsa"}},
+		},
 	}
 	for _, tc := range cases {
 		tc := tc

cli/command/config/inspect.go

@@ -2,7 +2,7 @@ package config
 
 import (
 	"context"
-	"fmt"
+	"errors"
 	"strings"
 
 	"github.com/docker/cli/cli"
@@ -56,7 +56,7 @@ func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error {
 	// check if the user is trying to apply a template to the pretty format, which
 	// is not supported
 	if strings.HasPrefix(f, "pretty") && f != "pretty" {
-		return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
+		return errors.New("cannot supply extra formatting options to the pretty template")
 	}
 
 	configCtx := formatter.Context{
@@ -68,5 +68,4 @@ func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error {
 		return cli.StatusError{StatusCode: 1, Status: err.Error()}
 	}
 	return nil
-
 }

cli/command/container/attach.go

@@ -55,6 +55,9 @@ func NewAttachCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runAttach(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container attach, docker attach",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
 			return container.State != "paused"
 		}),

cli/command/container/commit.go

@@ -37,6 +37,9 @@ func NewCommitCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return runCommit(dockerCli, &options)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container commit, docker commit",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 
@@ -45,7 +48,7 @@ func NewCommitCommand(dockerCli command.Cli) *cobra.Command {
 
 	flags.BoolVarP(&options.pause, "pause", "p", true, "Pause container during commit")
 	flags.StringVarP(&options.comment, "message", "m", "", "Commit message")
-	flags.StringVarP(&options.author, "author", "a", "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
+	flags.StringVarP(&options.author, "author", "a", "", `Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")`)
 
 	options.changes = opts.NewListOpts(nil)
 	flags.VarP(&options.changes, "change", "c", "Apply Dockerfile instruction to the created image")

cli/command/container/cp.go

@@ -101,6 +101,9 @@ func NewCopyCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return runCopy(dockerCli, opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container cp, docker cp",
+		},
 	}
 
 	flags := cmd.Flags()
@@ -365,10 +368,12 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo
 // in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
 // requiring a LOCALPATH with a `:` to be made explicit with a relative or
 // absolute path:
-// 	`/path/to/file:name.txt` or `./file:name.txt`
+//
+//	`/path/to/file:name.txt` or `./file:name.txt`
 //
 // This is apparently how `scp` handles this as well:
-// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
+//
+//	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
 //
 // We can't simply check for a filepath separator because container names may
 // have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
@@ -381,13 +386,12 @@ func splitCpArg(arg string) (container, path string) {
 		return "", arg
 	}
 
-	parts := strings.SplitN(arg, ":", 2)
-
-	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
+	container, path, ok := strings.Cut(arg, ":")
+	if !ok || strings.HasPrefix(container, ".") {
 		// Either there's no `:` in the arg
 		// OR it's an explicit local relative path like `./file:name.txt`.
 		return "", arg
 	}
 
-	return parts[0], parts[1]
+	return container, path
 }

cli/command/container/cp_test.go

@@ -17,7 +17,7 @@ import (
 )
 
 func TestRunCopyWithInvalidArguments(t *testing.T) {
-	var testcases = []struct {
+	testcases := []struct {
 		doc         string
 		options     copyOptions
 		expectedErr string
@@ -143,7 +143,7 @@ func TestRunCopyToContainerSourceDoesNotExist(t *testing.T) {
 }
 
 func TestSplitCpArg(t *testing.T) {
-	var testcases = []struct {
+	testcases := []struct {
 		doc               string
 		path              string
 		os                string

cli/command/container/create.go

@@ -43,7 +43,7 @@ type createOptions struct {
 
 // NewCreateCommand creates a new cobra.Command for `docker create`
 func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
-	var opts createOptions
+	var options createOptions
 	var copts *containerOptions
 
 	cmd := &cobra.Command{
@@ -55,7 +55,10 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
 			if len(args) > 1 {
 				copts.Args = args[1:]
 			}
-			return runCreate(dockerCli, cmd.Flags(), &opts, copts)
+			return runCreate(dockerCli, cmd.Flags(), &options, copts)
+		},
+		Annotations: map[string]string{
+			"aliases": "docker container create, docker create",
 		},
 		ValidArgsFunction: completion.ImageNames(dockerCli),
 	}
@@ -63,22 +66,25 @@ func NewCreateCommand(dockerCli command.Cli) *cobra.Command {
 	flags := cmd.Flags()
 	flags.SetInterspersed(false)
 
-	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
-	flags.StringVar(&opts.pull, "pull", PullImageMissing,
-		`Pull image before creating ("`+PullImageAlways+`"|"`+PullImageMissing+`"|"`+PullImageNever+`")`)
-	flags.BoolVarP(&opts.quiet, "quiet", "q", false, "Suppress the pull output")
+	flags.StringVar(&options.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&options.pull, "pull", PullImageMissing, `Pull image before creating ("`+PullImageAlways+`", "|`+PullImageMissing+`", "`+PullImageNever+`")`)
+	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the pull output")
 
 	// Add an explicit help that doesn't have a `-h` to prevent the conflict
 	// with hostname
 	flags.Bool("help", false, "Print usage")
 
-	command.AddPlatformFlag(flags, &opts.platform)
-	command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
+	command.AddPlatformFlag(flags, &options.platform)
+	command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled())
 	copts = addFlags(flags)
 	return cmd
 }
 
 func runCreate(dockerCli command.Cli, flags *pflag.FlagSet, options *createOptions, copts *containerOptions) error {
+	if err := validatePullOpt(options.pull); err != nil {
+		reportError(dockerCli.Err(), "create", err.Error(), true)
+		return cli.StatusError{StatusCode: 125}
+	}
 	proxyConfig := dockerCli.ConfigFile().ParseProxyConfig(dockerCli.Client().DaemonHost(), opts.ConvertKVStringsToMapWithNil(copts.env.GetAll()))
 	newEnv := []string{}
 	for k, v := range proxyConfig {
@@ -192,15 +198,14 @@ func newCIDFile(path string) (*cidFile, error) {
 	return &cidFile{path: path, file: f}, nil
 }
 
-// nolint: gocyclo
+//nolint:gocyclo
 func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig *containerConfig, opts *createOptions) (*container.CreateResponse, error) {
 	config := containerConfig.Config
 	hostConfig := containerConfig.HostConfig
 	networkingConfig := containerConfig.NetworkingConfig
-	stderr := dockerCli.Err()
 
-	warnOnOomKillDisable(*hostConfig, stderr)
-	warnOnLocalhostDNS(*hostConfig, stderr)
+	warnOnOomKillDisable(*hostConfig, dockerCli.Err())
+	warnOnLocalhostDNS(*hostConfig, dockerCli.Err())
 
 	var (
 		trustedRef reference.Canonical
@@ -231,7 +236,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 	}
 
 	pullAndTagImage := func() error {
-		pullOut := stderr
+		pullOut := dockerCli.Err()
 		if opts.quiet {
 			pullOut = io.Discard
 		}
@@ -271,7 +276,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 		if apiclient.IsErrNotFound(err) && namedRef != nil && opts.pull == PullImageMissing {
 			if !opts.quiet {
 				// we don't want to write to stdout anything apart from container.ID
-				fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
+				fmt.Fprintf(dockerCli.Err(), "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
 			}
 
 			if err := pullAndTagImage(); err != nil {
@@ -289,7 +294,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 	}
 
 	for _, warning := range response.Warnings {
-		fmt.Fprintf(stderr, "WARNING: %s\n", warning)
+		fmt.Fprintf(dockerCli.Err(), "WARNING: %s\n", warning)
 	}
 	err = containerIDFile.Write(response.ID)
 	return &response, err
@@ -323,3 +328,19 @@ var localhostIPRegexp = regexp.MustCompile(ipLocalhost)
 func isLocalhost(ip string) bool {
 	return localhostIPRegexp.MatchString(ip)
 }
+
+func validatePullOpt(val string) error {
+	switch val {
+	case PullImageAlways, PullImageMissing, PullImageNever, "":
+		// valid option, but nothing to do yet
+		return nil
+	default:
+		return fmt.Errorf(
+			"invalid pull option: '%s': must be one of %q, %q or %q",
+			val,
+			PullImageAlways,
+			PullImageMissing,
+			PullImageNever,
+		)
+	}
+}

cli/command/container/create_test.go

@@ -2,6 +2,7 @@ package container
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -10,6 +11,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
@@ -18,6 +20,7 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/google/go-cmp/cmp"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/fs"
@@ -153,6 +156,40 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 		assert.Check(t, is.Equal(c.ExpectedPulls, pullCounter))
 	}
 }
+
+func TestCreateContainerImagePullPolicyInvalid(t *testing.T) {
+	cases := []struct {
+		PullPolicy     string
+		ExpectedErrMsg string
+	}{
+		{
+			PullPolicy:     "busybox:latest",
+			ExpectedErrMsg: `invalid pull option: 'busybox:latest': must be one of "always", "missing" or "never"`,
+		},
+		{
+			PullPolicy:     "--network=foo",
+			ExpectedErrMsg: `invalid pull option: '--network=foo': must be one of "always", "missing" or "never"`,
+		},
+	}
+	for _, tc := range cases {
+		tc := tc
+		t.Run(tc.PullPolicy, func(t *testing.T) {
+			dockerCli := test.NewFakeCli(&fakeClient{})
+			err := runCreate(
+				dockerCli,
+				&pflag.FlagSet{},
+				&createOptions{pull: tc.PullPolicy},
+				&containerOptions{},
+			)
+
+			statusErr := cli.StatusError{}
+			assert.Check(t, errors.As(err, &statusErr))
+			assert.Equal(t, statusErr.StatusCode, 125)
+			assert.Check(t, is.Contains(dockerCli.ErrBuffer().String(), tc.ExpectedErrMsg))
+		})
+	}
+}
+
 func TestNewCreateCommandWithContentTrustErrors(t *testing.T) {
 	testCases := []struct {
 		name          string

cli/command/container/diff.go

@@ -27,6 +27,9 @@ func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runDiff(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container diff, docker diff",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 }

cli/command/container/exec.go

@@ -59,6 +59,7 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 		}),
 		Annotations: map[string]string{
 			"category-top": "2",
+			"aliases":      "docker container exec, docker exec",
 		},
 	}
 
@@ -69,7 +70,7 @@ func NewExecCommand(dockerCli command.Cli) *cobra.Command {
 	flags.BoolVarP(&options.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
 	flags.BoolVarP(&options.TTY, "tty", "t", false, "Allocate a pseudo-TTY")
 	flags.BoolVarP(&options.Detach, "detach", "d", false, "Detached mode: run command in the background")
-	flags.StringVarP(&options.User, "user", "u", "", "Username or UID (format: <name|uid>[:<group|gid>])")
+	flags.StringVarP(&options.User, "user", "u", "", `Username or UID (format: "<name|uid>[:<group|gid>]")`)
 	flags.BoolVarP(&options.Privileged, "privileged", "", false, "Give extended privileges to the command")
 	flags.VarP(&options.Env, "env", "e", "Set environment variables")
 	flags.SetAnnotation("env", "version", []string{"1.25"})
@@ -117,6 +118,8 @@ func RunExec(dockerCli command.Cli, options ExecOptions) error {
 		}
 	}
 
+	fillConsoleSize(execConfig, dockerCli)
+
 	response, err := client.ContainerExecCreate(ctx, options.Container, *execConfig)
 	if err != nil {
 		return err
@@ -129,14 +132,22 @@ func RunExec(dockerCli command.Cli, options ExecOptions) error {
 
 	if execConfig.Detach {
 		execStartCheck := types.ExecStartCheck{
-			Detach: execConfig.Detach,
-			Tty:    execConfig.Tty,
+			Detach:      execConfig.Detach,
+			Tty:         execConfig.Tty,
+			ConsoleSize: execConfig.ConsoleSize,
 		}
 		return client.ContainerExecStart(ctx, execID, execStartCheck)
 	}
 	return interactiveExec(ctx, dockerCli, execConfig, execID)
 }
 
+func fillConsoleSize(execConfig *types.ExecConfig, dockerCli command.Cli) {
+	if execConfig.Tty {
+		height, width := dockerCli.Out().GetTtySize()
+		execConfig.ConsoleSize = &[2]uint{height, width}
+	}
+}
+
 func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *types.ExecConfig, execID string) error {
 	// Interactive exec requested.
 	var (
@@ -157,10 +168,12 @@ func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *typ
 			stderr = dockerCli.Err()
 		}
 	}
+	fillConsoleSize(execConfig, dockerCli)
 
 	client := dockerCli.Client()
 	execStartCheck := types.ExecStartCheck{
-		Tty: execConfig.Tty,
+		Tty:         execConfig.Tty,
+		ConsoleSize: execConfig.ConsoleSize,
 	}
 	resp, err := client.ContainerExecAttach(ctx, execID, execStartCheck)
 	if err != nil {

cli/command/container/exec_test.go

@@ -158,7 +158,7 @@ func TestParseExecNoSuchFile(t *testing.T) {
 }
 
 func TestRunExec(t *testing.T) {
-	var testcases = []struct {
+	testcases := []struct {
 		doc           string
 		options       ExecOptions
 		client        fakeClient

cli/command/container/export.go

@@ -28,6 +28,9 @@ func NewExportCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runExport(dockerCli, opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container export, docker export",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 

cli/command/container/formatter_diff.go

@@ -24,7 +24,6 @@ func NewDiffFormat(source string) formatter.Format {
 
 // DiffFormatWrite writes formatted diff using the Context
 func DiffFormatWrite(ctx formatter.Context, changes []container.ContainerChangeResponseItem) error {
-
 	render := func(format func(subContext formatter.SubContext) error) error {
 		for _, change := range changes {
 			if err := format(&diffContext{c: change}); err != nil {
@@ -65,7 +64,6 @@ func (d *diffContext) Type() string {
 		kind = "D"
 	}
 	return kind
-
 }
 
 func (d *diffContext) Path() string {

cli/command/container/kill.go

@@ -30,6 +30,9 @@ func NewKillCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runKill(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container kill, docker kill",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 

cli/command/container/list.go

@@ -40,6 +40,7 @@ func NewPsCommand(dockerCli command.Cli) *cobra.Command {
 		},
 		Annotations: map[string]string{
 			"category-top": "3",
+			"aliases":      "docker container ls, docker container list, docker container ps, docker ps",
 		},
 		ValidArgsFunction: completion.NoComplete,
 	}
@@ -77,8 +78,7 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 		options.Limit = 1
 	}
 
-	options.Size = opts.size
-	if !options.Size && len(opts.format) > 0 {
+	if !opts.quiet && !options.Size && len(opts.format) > 0 {
 		// The --size option isn't set, but .Size may be used in the template.
 		// Parse and execute the given template to detect if the .Size field is
 		// used. If it is, then automatically enable the --size option. See #24696
@@ -109,6 +109,11 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 func runPs(dockerCli command.Cli, options *psOptions) error {
 	ctx := context.Background()
 
+	if len(options.format) == 0 {
+		// load custom psFormat from CLI config (if any)
+		options.format = dockerCli.ConfigFile().PsFormat
+	}
+
 	listOptions, err := buildContainerListOptions(options)
 	if err != nil {
 		return err
@@ -119,18 +124,9 @@ func runPs(dockerCli command.Cli, options *psOptions) error {
 		return err
 	}
 
-	format := options.format
-	if len(format) == 0 {
-		if len(dockerCli.ConfigFile().PsFormat) > 0 && !options.quiet {
-			format = dockerCli.ConfigFile().PsFormat
-		} else {
-			format = formatter.TableFormatKey
-		}
-	}
-
 	containerCtx := formatter.Context{
 		Output: dockerCli.Out(),
-		Format: formatter.NewContainerFormat(format, options.quiet, listOptions.Size),
+		Format: formatter.NewContainerFormat(options.format, options.quiet, listOptions.Size),
 		Trunc:  !options.noTrunc,
 	}
 	return formatter.ContainerWrite(containerCtx, containers)

cli/command/container/list_test.go

@@ -246,13 +246,13 @@ func TestContainerListWithConfigFormat(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		containerListFunc: func(_ types.ContainerListOptions) ([]types.Container, error) {
 			return []types.Container{
-				*Container("c1", WithLabel("some.label", "value")),
-				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar")),
+				*Container("c1", WithLabel("some.label", "value"), WithSize(10700000)),
+				*Container("c2", WithName("foo/bar"), WithLabel("foo", "bar"), WithSize(3200000)),
 			}, nil
 		},
 	})
 	cli.SetConfigFile(&configfile.ConfigFile{
-		PsFormat: "{{ .Names }} {{ .Image }} {{ .Labels }}",
+		PsFormat: "{{ .Names }} {{ .Image }} {{ .Labels }} {{ .Size}}",
 	})
 	cmd := newListCommand(cli)
 	assert.NilError(t, cmd.Execute())

cli/command/container/logs.go

@@ -35,13 +35,16 @@ func NewLogsCommand(dockerCli command.Cli) *cobra.Command {
 			opts.container = args[0]
 			return runLogs(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container logs, docker logs",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 
 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.follow, "follow", "f", false, "Follow log output")
-	flags.StringVar(&opts.since, "since", "", "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)")
-	flags.StringVar(&opts.until, "until", "", "Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)")
+	flags.StringVar(&opts.since, "since", "", `Show logs since timestamp (e.g. "2013-01-02T13:23:37Z") or relative (e.g. "42m" for 42 minutes)`)
+	flags.StringVar(&opts.until, "until", "", `Show logs before a timestamp (e.g. "2013-01-02T13:23:37Z") or relative (e.g. "42m" for 42 minutes)`)
 	flags.SetAnnotation("until", "version", []string{"1.35"})
 	flags.BoolVarP(&opts.timestamps, "timestamps", "t", false, "Show timestamps")
 	flags.BoolVar(&opts.details, "details", false, "Show extra details provided to logs")

cli/command/container/logs_test.go

@@ -26,7 +26,7 @@ func TestRunLogs(t *testing.T) {
 		}, nil
 	}
 
-	var testcases = []struct {
+	testcases := []struct {
 		doc           string
 		options       *logsOptions
 		client        fakeClient

cli/command/container/opts.go

@@ -27,9 +27,7 @@ import (
 	"github.com/spf13/pflag"
 )
 
-var (
-	deviceCgroupRuleRegexp = regexp.MustCompile(`^[acb] ([0-9]+|\*):([0-9]+|\*) [rwm]{1,3}$`)
-)
+var deviceCgroupRuleRegexp = regexp.MustCompile(`^[acb] ([0-9]+|\*):([0-9]+|\*) [rwm]{1,3}$`)
 
 // containerOptions is a data object with all the options for creating a container
 type containerOptions struct {
@@ -311,7 +309,8 @@ type containerConfig struct {
 // parse parses the args for the specified command and generates a Config,
 // a HostConfig and returns them with the specified command.
 // If the specified args are not valid, it will return an error.
-// nolint: gocyclo
+//
+//nolint:gocyclo
 func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*containerConfig, error) {
 	var (
 		attachStdin  = copts.attach.Get("stdin")
@@ -355,14 +354,13 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 			toBind := bind
 
 			if parsed.Type == string(mounttypes.TypeBind) {
-				if arr := strings.SplitN(bind, ":", 2); len(arr) == 2 {
-					hostPart := arr[0]
+				if hostPart, targetPath, ok := strings.Cut(bind, ":"); ok {
 					if strings.HasPrefix(hostPart, "."+string(filepath.Separator)) || hostPart == "." {
 						if absHostPart, err := filepath.Abs(hostPart); err == nil {
 							hostPart = absHostPart
 						}
 					}
-					toBind = hostPart + ":" + arr[1]
+					toBind = hostPart + ":" + targetPath
 				}
 			}
 
@@ -378,11 +376,8 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	// Can't evaluate options passed into --tmpfs until we actually mount
 	tmpfs := make(map[string]string)
 	for _, t := range copts.tmpfs.GetAll() {
-		if arr := strings.SplitN(t, ":", 2); len(arr) > 1 {
-			tmpfs[arr[0]] = arr[1]
-		} else {
-			tmpfs[arr[0]] = ""
-		}
+		k, v, _ := strings.Cut(t, ":")
+		tmpfs[k] = v
 	}
 
 	var (
@@ -391,7 +386,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 	)
 
 	if len(copts.Args) > 0 {
-		runCmd = strslice.StrSlice(copts.Args)
+		runCmd = copts.Args
 	}
 
 	if copts.entrypoint != "" {
@@ -530,13 +525,11 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		if haveHealthSettings {
 			return nil, errors.Errorf("--no-healthcheck conflicts with --health-* options")
 		}
-		test := strslice.StrSlice{"NONE"}
-		healthConfig = &container.HealthConfig{Test: test}
+		healthConfig = &container.HealthConfig{Test: strslice.StrSlice{"NONE"}}
 	} else if haveHealthSettings {
 		var probe strslice.StrSlice
 		if copts.healthCmd != "" {
-			args := []string{"CMD-SHELL", copts.healthCmd}
-			probe = strslice.StrSlice(args)
+			probe = []string{"CMD-SHELL", copts.healthCmd}
 		}
 		if copts.healthInterval < 0 {
 			return nil, errors.Errorf("--health-interval cannot be negative")
@@ -599,24 +592,20 @@ func parse(flags *pflag.FlagSet, copts *containerOptions, serverOS string) (*con
 		ExposedPorts: ports,
 		User:         copts.user,
 		Tty:          copts.tty,
-		// TODO: deprecated, it comes from -n, --networking
-		// it's still needed internally to set the network to disabled
-		// if e.g. bridge is none in daemon opts, and in inspect
-		NetworkDisabled: false,
-		OpenStdin:       copts.stdin,
-		AttachStdin:     attachStdin,
-		AttachStdout:    attachStdout,
-		AttachStderr:    attachStderr,
-		Env:             envVariables,
-		Cmd:             runCmd,
-		Image:           copts.Image,
-		Volumes:         volumes,
-		MacAddress:      copts.macAddress,
-		Entrypoint:      entrypoint,
-		WorkingDir:      copts.workingDir,
-		Labels:          opts.ConvertKVStringsToMap(labels),
-		StopSignal:      copts.stopSignal,
-		Healthcheck:     healthConfig,
+		OpenStdin:    copts.stdin,
+		AttachStdin:  attachStdin,
+		AttachStdout: attachStdout,
+		AttachStderr: attachStderr,
+		Env:          envVariables,
+		Cmd:          runCmd,
+		Image:        copts.Image,
+		Volumes:      volumes,
+		MacAddress:   copts.macAddress,
+		Entrypoint:   entrypoint,
+		WorkingDir:   copts.workingDir,
+		Labels:       opts.ConvertKVStringsToMap(labels),
+		StopSignal:   copts.stopSignal,
+		Healthcheck:  healthConfig,
 	}
 	if flags.Changed("stop-timeout") {
 		config.StopTimeout = &copts.stopTimeout
@@ -827,12 +816,11 @@ func convertToStandardNotation(ports []string) ([]string, error) {
 		if strings.Contains(publish, "=") {
 			params := map[string]string{"protocol": "tcp"}
 			for _, param := range strings.Split(publish, ",") {
-				opt := strings.Split(param, "=")
-				if len(opt) < 2 {
+				k, v, ok := strings.Cut(param, "=")
+				if !ok || k == "" {
 					return optsList, errors.Errorf("invalid publish opts format (should be name=value but got '%s')", param)
 				}
-
-				params[opt[0]] = opt[1]
+				params[k] = v
 			}
 			optsList = append(optsList, fmt.Sprintf("%s:%s/%s", params["published"], params["target"], params["protocol"]))
 		} else {
@@ -853,22 +841,22 @@ func parseLoggingOpts(loggingDriver string, loggingOpts []string) (map[string]st
 // takes a local seccomp daemon, reads the file contents for sending to the daemon
 func parseSecurityOpts(securityOpts []string) ([]string, error) {
 	for key, opt := range securityOpts {
-		con := strings.SplitN(opt, "=", 2)
-		if len(con) == 1 && con[0] != "no-new-privileges" {
-			if strings.Contains(opt, ":") {
-				con = strings.SplitN(opt, ":", 2)
-			} else {
-				return securityOpts, errors.Errorf("Invalid --security-opt: %q", opt)
-			}
+		k, v, ok := strings.Cut(opt, "=")
+		if !ok && k != "no-new-privileges" {
+			k, v, ok = strings.Cut(opt, ":")
 		}
-		if con[0] == "seccomp" && con[1] != "unconfined" {
-			f, err := os.ReadFile(con[1])
+		if (!ok || v == "") && k != "no-new-privileges" {
+			// "no-new-privileges" is the only option that does not require a value.
+			return securityOpts, errors.Errorf("Invalid --security-opt: %q", opt)
+		}
+		if k == "seccomp" && v != "unconfined" {
+			f, err := os.ReadFile(v)
 			if err != nil {
-				return securityOpts, errors.Errorf("opening seccomp profile (%s) failed: %v", con[1], err)
+				return securityOpts, errors.Errorf("opening seccomp profile (%s) failed: %v", v, err)
 			}
 			b := bytes.NewBuffer(nil)
 			if err := json.Compact(b, f); err != nil {
-				return securityOpts, errors.Errorf("compacting json for seccomp profile (%s) failed: %v", con[1], err)
+				return securityOpts, errors.Errorf("compacting json for seccomp profile (%s) failed: %v", v, err)
 			}
 			securityOpts[key] = fmt.Sprintf("seccomp=%s", b.Bytes())
 		}
@@ -900,12 +888,11 @@ func parseSystemPaths(securityOpts []string) (filtered, maskedPaths, readonlyPat
 func parseStorageOpts(storageOpts []string) (map[string]string, error) {
 	m := make(map[string]string)
 	for _, option := range storageOpts {
-		if strings.Contains(option, "=") {
-			opt := strings.SplitN(option, "=", 2)
-			m[opt[0]] = opt[1]
-		} else {
+		k, v, ok := strings.Cut(option, "=")
+		if !ok {
 			return nil, errors.Errorf("invalid storage option")
 		}
+		m[k] = v
 	}
 	return m, nil
 }
@@ -924,10 +911,10 @@ func parseDevice(device, serverOS string) (container.DeviceMapping, error) {
 // parseLinuxDevice parses a device mapping string to a container.DeviceMapping struct
 // knowing that the target is a Linux daemon
 func parseLinuxDevice(device string) (container.DeviceMapping, error) {
-	src := ""
-	dst := ""
+	var src, dst string
 	permissions := "rwm"
-	arr := strings.Split(device, ":")
+	// We expect 3 parts at maximum; limit to 4 parts to detect invalid options.
+	arr := strings.SplitN(device, ":", 4)
 	switch len(arr) {
 	case 3:
 		permissions = arr[2]
@@ -965,7 +952,8 @@ func parseWindowsDevice(device string) (container.DeviceMapping, error) {
 
 // validateDeviceCgroupRule validates a device cgroup rule string format
 // It will make sure 'val' is in the form:
-//    'type major:minor mode'
+//
+//	'type major:minor mode'
 func validateDeviceCgroupRule(val string) (string, error) {
 	if deviceCgroupRuleRegexp.MatchString(val) {
 		return val, nil
@@ -977,7 +965,7 @@ func validateDeviceCgroupRule(val string) (string, error) {
 // validDeviceMode checks if the mode for device is valid or not.
 // Valid mode is a composition of r (read), w (write), and m (mknod).
 func validDeviceMode(mode string) bool {
-	var legalDeviceMode = map[rune]bool{
+	legalDeviceMode := map[rune]bool{
 		'r': true,
 		'w': true,
 		'm': true,
@@ -1009,7 +997,9 @@ func validateDevice(val string, serverOS string) (string, error) {
 // validateLinuxPath is the implementation of validateDevice knowing that the
 // target server operating system is a Linux daemon.
 // It will make sure 'val' is in the form:
-//    [host-dir:]container-path[:mode]
+//
+//	[host-dir:]container-path[:mode]
+//
 // It also validates the device mode.
 func validateLinuxPath(val string, validator func(string) bool) (string, error) {
 	var containerPath string

cli/command/container/opts_test.go

@@ -182,9 +182,8 @@ func TestParseRunWithInvalidArgs(t *testing.T) {
 	}
 }
 
-// nolint: gocyclo
+//nolint:gocyclo
 func TestParseWithVolumes(t *testing.T) {
-
 	// A single volume
 	arr, tryit := setupPlatformVolume([]string{`/tmp`}, []string{`c:\tmp`})
 	if config, hostConfig := mustParse(t, tryit); hostConfig.Binds != nil {
@@ -252,7 +251,6 @@ func TestParseWithVolumes(t *testing.T) {
 			t.Fatalf("Error parsing %s. Should have a single bind mount and no volumes", arr[0])
 		}
 	}
-
 }
 
 // setupPlatformVolume takes two arrays of volume specs - a Unix style
@@ -453,7 +451,6 @@ func TestParseDevice(t *testing.T) {
 			t.Fatalf("Expected %v, got %v", deviceMapping, hostconfig.Devices)
 		}
 	}
-
 }
 
 func TestParseNetworkConfig(t *testing.T) {
@@ -638,7 +635,7 @@ func TestRunFlagsParseShmSize(t *testing.T) {
 	// shm-size ko
 	flags, _ := setupRunFlags()
 	args := []string{"--shm-size=a128m", "img", "cmd"}
-	expectedErr := `invalid argument "a128m" for "--shm-size" flag: invalid size: 'a128m'`
+	expectedErr := `invalid argument "a128m" for "--shm-size" flag:`
 	err := flags.Parse(args)
 	assert.ErrorContains(t, err, expectedErr)
 
@@ -652,8 +649,8 @@ func TestRunFlagsParseShmSize(t *testing.T) {
 
 func TestParseRestartPolicy(t *testing.T) {
 	invalids := map[string]string{
-		"always:2:3":         "invalid restart policy format",
-		"on-failure:invalid": "maximum retry count must be an integer",
+		"always:2:3":         "invalid restart policy format: maximum retry count must be an integer",
+		"on-failure:invalid": "invalid restart policy format: maximum retry count must be an integer",
 	}
 	valids := map[string]container.RestartPolicy{
 		"": {},
@@ -956,7 +953,6 @@ func TestConvertToStandardNotation(t *testing.T) {
 
 	for key, ports := range valid {
 		convertedPorts, err := convertToStandardNotation(ports)
-
 		if err != nil {
 			assert.NilError(t, err)
 		}

cli/command/container/pause.go

@@ -29,6 +29,9 @@ func NewPauseCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runPause(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container pause, docker pause",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
 			return container.State != "paused"
 		}),

cli/command/container/port.go

@@ -4,12 +4,15 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"sort"
+	"strconv"
 	"strings"
 
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/go-connections/nat"
+	"github.com/fvbommel/sortorder"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -35,11 +38,20 @@ func NewPortCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return runPort(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container port, docker port",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 	return cmd
 }
 
+// runPort shows the port mapping for a given container. Optionally, it
+// allows showing the mapping for a specific (container)port and proto.
+//
+// TODO(thaJeztah): currently this defaults to show the TCP port if no
+// proto is specified. We should consider changing this to "any" protocol
+// for the given private port.
 func runPort(dockerCli command.Cli, opts *portOptions) error {
 	ctx := context.Background()
 
@@ -48,33 +60,35 @@ func runPort(dockerCli command.Cli, opts *portOptions) error {
 		return err
 	}
 
+	var out []string
 	if opts.port != "" {
-		port := opts.port
-		proto := "tcp"
-		parts := strings.SplitN(port, "/", 2)
-
-		if len(parts) == 2 && len(parts[1]) != 0 {
-			port = parts[0]
-			proto = parts[1]
+		port, proto, _ := strings.Cut(opts.port, "/")
+		if proto == "" {
+			proto = "tcp"
 		}
-		natPort := port + "/" + proto
-		newP, err := nat.NewPort(proto, port)
-		if err != nil {
-			return err
+		if _, err = strconv.ParseUint(port, 10, 16); err != nil {
+			return errors.Wrapf(err, "Error: invalid port (%s)", port)
 		}
-		if frontends, exists := c.NetworkSettings.Ports[newP]; exists && frontends != nil {
+		frontends, exists := c.NetworkSettings.Ports[nat.Port(port+"/"+proto)]
+		if !exists || frontends == nil {
+			return errors.Errorf("Error: No public port '%s' published for %s", opts.port, opts.container)
+		}
+		for _, frontend := range frontends {
+			out = append(out, net.JoinHostPort(frontend.HostIP, frontend.HostPort))
+		}
+	} else {
+		for from, frontends := range c.NetworkSettings.Ports {
 			for _, frontend := range frontends {
-				fmt.Fprintln(dockerCli.Out(), net.JoinHostPort(frontend.HostIP, frontend.HostPort))
+				out = append(out, fmt.Sprintf("%s -> %s", from, net.JoinHostPort(frontend.HostIP, frontend.HostPort)))
 			}
-			return nil
 		}
-		return errors.Errorf("Error: No public port '%s' published for %s", natPort, opts.container)
 	}
 
-	for from, frontends := range c.NetworkSettings.Ports {
-		for _, frontend := range frontends {
-			fmt.Fprintf(dockerCli.Out(), "%s -> %s\n", from, net.JoinHostPort(frontend.HostIP, frontend.HostPort))
-		}
+	if len(out) > 0 {
+		sort.Slice(out, func(i, j int) bool {
+			return sortorder.NaturalLess(out[i], out[j])
+		})
+		_, _ = fmt.Fprintln(dockerCli.Out(), strings.Join(out, "\n"))
 	}
 
 	return nil

cli/command/container/port_test.go

@@ -15,18 +15,31 @@ func TestNewPortCommandOutput(t *testing.T) {
 	testCases := []struct {
 		name string
 		ips  []string
+		port string
 	}{
 		{
 			name: "container-port-ipv4",
 			ips:  []string{"0.0.0.0"},
+			port: "80",
 		},
 		{
 			name: "container-port-ipv6",
 			ips:  []string{"::"},
+			port: "80",
 		},
 		{
 			name: "container-port-ipv6-and-ipv4",
 			ips:  []string{"::", "0.0.0.0"},
+			port: "80",
+		},
+		{
+			name: "container-port-ipv6-and-ipv4-443-udp",
+			ips:  []string{"::", "0.0.0.0"},
+			port: "443/udp",
+		},
+		{
+			name: "container-port-all-ports",
+			ips:  []string{"::", "0.0.0.0"},
 		},
 	}
 	for _, tc := range testCases {
@@ -36,19 +49,27 @@ func TestNewPortCommandOutput(t *testing.T) {
 				inspectFunc: func(string) (types.ContainerJSON, error) {
 					ci := types.ContainerJSON{NetworkSettings: &types.NetworkSettings{}}
 					ci.NetworkSettings.Ports = nat.PortMap{
-						"80/tcp": make([]nat.PortBinding, len(tc.ips)),
+						"80/tcp":  make([]nat.PortBinding, len(tc.ips)),
+						"443/tcp": make([]nat.PortBinding, len(tc.ips)),
+						"443/udp": make([]nat.PortBinding, len(tc.ips)),
 					}
 					for i, ip := range tc.ips {
 						ci.NetworkSettings.Ports["80/tcp"][i] = nat.PortBinding{
 							HostIP: ip, HostPort: "3456",
 						}
+						ci.NetworkSettings.Ports["443/tcp"][i] = nat.PortBinding{
+							HostIP: ip, HostPort: "4567",
+						}
+						ci.NetworkSettings.Ports["443/udp"][i] = nat.PortBinding{
+							HostIP: ip, HostPort: "5678",
+						}
 					}
 					return ci, nil
 				},
 			}, test.EnableContentTrust)
 			cmd := NewPortCommand(cli)
 			cmd.SetErr(io.Discard)
-			cmd.SetArgs([]string{"some_container", "80"})
+			cmd.SetArgs([]string{"some_container", tc.port})
 			err := cmd.Execute()
 			assert.NilError(t, err)
 			golden.Assert(t, cli.OutBuffer().String(), tc.name+".golden")

cli/command/container/prune.go

@@ -42,7 +42,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 
 	flags := cmd.Flags()
 	flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation")
-	flags.Var(&options.filter, "filter", "Provide filter values (e.g. 'until=<timestamp>')")
+	flags.Var(&options.filter, "filter", `Provide filter values (e.g. "until=<timestamp>")`)
 
 	return cmd
 }

cli/command/container/rename.go

@@ -30,6 +30,9 @@ func NewRenameCommand(dockerCli command.Cli) *cobra.Command {
 			opts.newName = args[1]
 			return runRename(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container rename, docker rename",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 	return cmd

cli/command/container/restart.go

@@ -34,6 +34,9 @@ func NewRestartCommand(dockerCli command.Cli) *cobra.Command {
 			opts.timeoutChanged = cmd.Flags().Changed("time")
 			return runRestart(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container restart, docker restart",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 

cli/command/container/rm.go

@@ -27,13 +27,17 @@ func NewRmCommand(dockerCli command.Cli) *cobra.Command {
 	var opts rmOptions
 
 	cmd := &cobra.Command{
-		Use:   "rm [OPTIONS] CONTAINER [CONTAINER...]",
-		Short: "Remove one or more containers",
-		Args:  cli.RequiresMinArgs(1),
+		Use:     "rm [OPTIONS] CONTAINER [CONTAINER...]",
+		Aliases: []string{"remove"},
+		Short:   "Remove one or more containers",
+		Args:    cli.RequiresMinArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.containers = args
 			return runRm(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container rm, docker container remove, docker rm",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 

cli/command/container/rm_test.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"sort"
+	"sync"
 	"testing"
 
 	"github.com/docker/cli/internal/test"
@@ -14,37 +15,46 @@ import (
 )
 
 func TestRemoveForce(t *testing.T) {
-	var (
-		removed1 []string
-		removed2 []string
-	)
+	for _, tc := range []struct {
+		name        string
+		args        []string
+		expectedErr string
+	}{
+		{name: "without force", args: []string{"nosuchcontainer", "mycontainer"}, expectedErr: "no such container"},
+		{name: "with force", args: []string{"--force", "nosuchcontainer", "mycontainer"}, expectedErr: ""},
+	} {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			var removed []string
+			mutex := new(sync.Mutex)
 
-	cli := test.NewFakeCli(&fakeClient{
-		containerRemoveFunc: func(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
-			removed1 = append(removed1, container)
-			removed2 = append(removed2, container)
-			if container == "nosuchcontainer" {
-				return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
+			cli := test.NewFakeCli(&fakeClient{
+				containerRemoveFunc: func(ctx context.Context, container string, options types.ContainerRemoveOptions) error {
+					// containerRemoveFunc is called in parallel for each container
+					// by the remove command so append must be synchronized.
+					mutex.Lock()
+					removed = append(removed, container)
+					mutex.Unlock()
+
+					if container == "nosuchcontainer" {
+						return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
+					}
+					return nil
+				},
+				Version: "1.36",
+			})
+			cmd := NewRmCommand(cli)
+			cmd.SetOut(io.Discard)
+			cmd.SetArgs(tc.args)
+
+			err := cmd.Execute()
+			if tc.expectedErr != "" {
+				assert.ErrorContains(t, err, tc.expectedErr)
+			} else {
+				assert.NilError(t, err)
 			}
-			return nil
-		},
-		Version: "1.36",
-	})
-	cmd := NewRmCommand(cli)
-	cmd.SetOut(io.Discard)
-
-	t.Run("without force", func(t *testing.T) {
-		cmd.SetArgs([]string{"nosuchcontainer", "mycontainer"})
-		removed1 = []string{}
-		assert.ErrorContains(t, cmd.Execute(), "no such container")
-		sort.Strings(removed1)
-		assert.DeepEqual(t, removed1, []string{"mycontainer", "nosuchcontainer"})
-	})
-	t.Run("with force", func(t *testing.T) {
-		cmd.SetArgs([]string{"--force", "nosuchcontainer", "mycontainer"})
-		removed2 = []string{}
-		assert.NilError(t, cmd.Execute())
-		sort.Strings(removed2)
-		assert.DeepEqual(t, removed2, []string{"mycontainer", "nosuchcontainer"})
-	})
+			sort.Strings(removed)
+			assert.DeepEqual(t, removed, []string{"mycontainer", "nosuchcontainer"})
+		})
+	}
 }

cli/command/container/run.go

@@ -31,7 +31,7 @@ type runOptions struct {
 
 // NewRunCommand create a new `docker run` command
 func NewRunCommand(dockerCli command.Cli) *cobra.Command {
-	var opts runOptions
+	var options runOptions
 	var copts *containerOptions
 
 	cmd := &cobra.Command{
@@ -43,11 +43,12 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command {
 			if len(args) > 1 {
 				copts.Args = args[1:]
 			}
-			return runRun(dockerCli, cmd.Flags(), &opts, copts)
+			return runRun(dockerCli, cmd.Flags(), &options, copts)
 		},
 		ValidArgsFunction: completion.ImageNames(dockerCli),
 		Annotations: map[string]string{
 			"category-top": "1",
+			"aliases":      "docker container run, docker run",
 		},
 	}
 
@@ -55,20 +56,19 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command {
 	flags.SetInterspersed(false)
 
 	// These are flags not stored in Config/HostConfig
-	flags.BoolVarP(&opts.detach, "detach", "d", false, "Run container in background and print container ID")
-	flags.BoolVar(&opts.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
-	flags.StringVar(&opts.name, "name", "", "Assign a name to the container")
-	flags.StringVar(&opts.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
-	flags.StringVar(&opts.createOptions.pull, "pull", PullImageMissing,
-		`Pull image before running ("`+PullImageAlways+`"|"`+PullImageMissing+`"|"`+PullImageNever+`")`)
-	flags.BoolVarP(&opts.createOptions.quiet, "quiet", "q", false, "Suppress the pull output")
+	flags.BoolVarP(&options.detach, "detach", "d", false, "Run container in background and print container ID")
+	flags.BoolVar(&options.sigProxy, "sig-proxy", true, "Proxy received signals to the process")
+	flags.StringVar(&options.name, "name", "", "Assign a name to the container")
+	flags.StringVar(&options.detachKeys, "detach-keys", "", "Override the key sequence for detaching a container")
+	flags.StringVar(&options.pull, "pull", PullImageMissing, `Pull image before running ("`+PullImageAlways+`", "`+PullImageMissing+`", "`+PullImageNever+`")`)
+	flags.BoolVarP(&options.quiet, "quiet", "q", false, "Suppress the pull output")
 
 	// Add an explicit help that doesn't have a `-h` to prevent the conflict
 	// with hostname
 	flags.Bool("help", false, "Print usage")
 
-	command.AddPlatformFlag(flags, &opts.platform)
-	command.AddTrustVerificationFlags(flags, &opts.untrusted, dockerCli.ContentTrustEnabled())
+	command.AddPlatformFlag(flags, &options.platform)
+	command.AddTrustVerificationFlags(flags, &options.untrusted, dockerCli.ContentTrustEnabled())
 	copts = addFlags(flags)
 
 	cmd.RegisterFlagCompletionFunc(
@@ -91,6 +91,10 @@ func NewRunCommand(dockerCli command.Cli) *cobra.Command {
 }
 
 func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copts *containerOptions) error {
+	if err := validatePullOpt(ropts.pull); err != nil {
+		reportError(dockerCli.Err(), "run", err.Error(), true)
+		return cli.StatusError{StatusCode: 125}
+	}
 	proxyConfig := dockerCli.ConfigFile().ParseProxyConfig(dockerCli.Client().DaemonHost(), opts.ConvertKVStringsToMapWithNil(copts.env.GetAll()))
 	newEnv := []string{}
 	for k, v := range proxyConfig {
@@ -107,14 +111,14 @@ func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copt
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
-	if err = validateAPIVersion(containerConfig, dockerCli.Client().ClientVersion()); err != nil {
+	if err = validateAPIVersion(containerConfig, dockerCli.CurrentVersion()); err != nil {
 		reportError(dockerCli.Err(), "run", err.Error(), true)
 		return cli.StatusError{StatusCode: 125}
 	}
 	return runContainer(dockerCli, ropts, copts, containerConfig)
 }
 
-// nolint: gocyclo
+//nolint:gocyclo
 func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerConfig *containerConfig) error {
 	config := containerConfig.Config
 	stdout, stderr := dockerCli.Out(), dockerCli.Err()
@@ -170,7 +174,6 @@ func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptio
 		}
 
 		close, err := attachContainer(ctx, dockerCli, &errCh, config, createResponse.ID)
-
 		if err != nil {
 			return err
 		}

cli/command/container/run_test.go

@@ -1,15 +1,18 @@
 package container
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"testing"
 
+	"github.com/docker/cli/cli"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/notary"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/spf13/pflag"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 )
@@ -74,3 +77,36 @@ func TestRunCommandWithContentTrustErrors(t *testing.T) {
 		assert.Assert(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
 	}
 }
+
+func TestRunContainerImagePullPolicyInvalid(t *testing.T) {
+	cases := []struct {
+		PullPolicy     string
+		ExpectedErrMsg string
+	}{
+		{
+			PullPolicy:     "busybox:latest",
+			ExpectedErrMsg: `invalid pull option: 'busybox:latest': must be one of "always", "missing" or "never"`,
+		},
+		{
+			PullPolicy:     "--network=foo",
+			ExpectedErrMsg: `invalid pull option: '--network=foo': must be one of "always", "missing" or "never"`,
+		},
+	}
+	for _, tc := range cases {
+		tc := tc
+		t.Run(tc.PullPolicy, func(t *testing.T) {
+			dockerCli := test.NewFakeCli(&fakeClient{})
+			err := runRun(
+				dockerCli,
+				&pflag.FlagSet{},
+				&runOptions{createOptions: createOptions{pull: tc.PullPolicy}},
+				&containerOptions{},
+			)
+
+			statusErr := cli.StatusError{}
+			assert.Check(t, errors.As(err, &statusErr))
+			assert.Equal(t, statusErr.StatusCode, 125)
+			assert.Check(t, is.Contains(dockerCli.ErrBuffer().String(), tc.ExpectedErrMsg))
+		})
+	}
+}

cli/command/container/signals_test.go

@@ -44,5 +44,4 @@ func TestForwardSignals(t *testing.T) {
 	case <-timer.C:
 		t.Fatal("timeout waiting for signal to be processed")
 	}
-
 }

cli/command/container/start.go

@@ -44,6 +44,9 @@ func NewStartCommand(dockerCli command.Cli) *cobra.Command {
 			opts.Containers = args
 			return RunStart(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container start, docker start",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true, func(container types.Container) bool {
 			return container.State == "exited" || container.State == "created"
 		}),
@@ -64,7 +67,8 @@ func NewStartCommand(dockerCli command.Cli) *cobra.Command {
 }
 
 // RunStart executes a `start` command
-// nolint: gocyclo
+//
+//nolint:gocyclo
 func RunStart(dockerCli command.Cli, opts *StartOptions) error {
 	ctx, cancelFun := context.WithCancel(context.Background())
 	defer cancelFun()

cli/command/container/stats.go

@@ -40,6 +40,9 @@ func NewStatsCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runStats(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container stats, docker stats",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 
@@ -53,7 +56,8 @@ func NewStatsCommand(dockerCli command.Cli) *cobra.Command {
 
 // runStats displays a live stream of resource usage statistics for one or more containers.
 // This shows real-time information on CPU usage, memory usage, and network I/O.
-// nolint: gocyclo
+//
+//nolint:gocyclo
 func runStats(dockerCli command.Cli, opts *statsOptions) error {
 	showAll := len(opts.containers) == 0
 	closeChan := make(chan error)

cli/command/container/stop.go

@@ -34,6 +34,9 @@ func NewStopCommand(dockerCli command.Cli) *cobra.Command {
 			opts.timeoutChanged = cmd.Flags().Changed("time")
 			return runStop(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container stop, docker stop",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 

cli/command/container/testdata/container-list-with-config-format.golden

@@ -1,2 +1,2 @@
-c1 busybox:latest some.label=value
-c2 busybox:latest foo=bar
+c1 busybox:latest some.label=value 10.7MB
+c2 busybox:latest foo=bar 3.2MB

cli/command/container/testdata/container-port-all-ports.golden

@@ -0,0 +1,6 @@
+80/tcp -> 0.0.0.0:3456
+80/tcp -> [::]:3456
+443/tcp -> 0.0.0.0:4567
+443/tcp -> [::]:4567
+443/udp -> 0.0.0.0:5678
+443/udp -> [::]:5678

cli/command/container/testdata/container-port-ipv6-and-ipv4-443-udp.golden

@@ -0,0 +1,2 @@
+0.0.0.0:5678
+[::]:5678

cli/command/container/testdata/container-port-ipv6-and-ipv4.golden

@@ -1,2 +1,2 @@
-[::]:3456
 0.0.0.0:3456
+[::]:3456

cli/command/container/top.go

@@ -31,6 +31,9 @@ func NewTopCommand(dockerCli command.Cli) *cobra.Command {
 			opts.args = args[1:]
 			return runTop(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container top, docker top",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 

cli/command/container/unpause.go

@@ -29,6 +29,9 @@ func NewUnpauseCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runUnpause(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container unpause, docker unpause",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false, func(container types.Container) bool {
 			return container.State == "paused"
 		}),

cli/command/container/update.go

@@ -49,11 +49,14 @@ func NewUpdateCommand(dockerCli command.Cli) *cobra.Command {
 			options.nFlag = cmd.Flags().NFlag()
 			return runUpdate(dockerCli, &options)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container update, docker update",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, true),
 	}
 
 	flags := cmd.Flags()
-	flags.Uint16Var(&options.blkioWeight, "blkio-weight", 0, "Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)")
+	flags.Uint16Var(&options.blkioWeight, "blkio-weight", 0, `Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)`)
 	flags.Int64Var(&options.cpuPeriod, "cpu-period", 0, "Limit CPU CFS (Completely Fair Scheduler) period")
 	flags.Int64Var(&options.cpuQuota, "cpu-quota", 0, "Limit CPU CFS (Completely Fair Scheduler) quota")
 	flags.Int64Var(&options.cpuRealtimePeriod, "cpu-rt-period", 0, "Limit the CPU real-time period in microseconds")
@@ -65,7 +68,7 @@ func NewUpdateCommand(dockerCli command.Cli) *cobra.Command {
 	flags.Int64VarP(&options.cpuShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
 	flags.VarP(&options.memory, "memory", "m", "Memory limit")
 	flags.Var(&options.memoryReservation, "memory-reservation", "Memory soft limit")
-	flags.Var(&options.memorySwap, "memory-swap", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flags.Var(&options.memorySwap, "memory-swap", `Swap limit equal to memory plus swap: -1 to enable unlimited swap`)
 	flags.Var(&options.kernelMemory, "kernel-memory", "Kernel memory limit (deprecated)")
 	// --kernel-memory is deprecated on API v1.42 and up, but our current annotations
 	// do not support only showing on < API-version. This option is no longer supported
@@ -74,7 +77,7 @@ func NewUpdateCommand(dockerCli command.Cli) *cobra.Command {
 	flags.MarkHidden("kernel-memory")
 
 	flags.StringVar(&options.restartPolicy, "restart", "", "Restart policy to apply when a container exits")
-	flags.Int64Var(&options.pidsLimit, "pids-limit", 0, "Tune container pids limit (set -1 for unlimited)")
+	flags.Int64Var(&options.pidsLimit, "pids-limit", 0, `Tune container pids limit (set -1 for unlimited)`)
 	flags.SetAnnotation("pids-limit", "version", []string{"1.40"})
 
 	flags.Var(&options.cpus, "cpus", "Number of CPUs")

cli/command/container/wait.go

@@ -28,6 +28,9 @@ func NewWaitCommand(dockerCli command.Cli) *cobra.Command {
 			opts.containers = args
 			return runWait(dockerCli, &opts)
 		},
+		Annotations: map[string]string{
+			"aliases": "docker container wait, docker wait",
+		},
 		ValidArgsFunction: completion.ContainerNames(dockerCli, false),
 	}
 

cli/command/context.go

@@ -58,5 +58,8 @@ func GetDockerContext(storeMetadata store.Metadata) (DockerContext, error) {
 	if !ok {
 		return DockerContext{}, errors.New("context metadata is not a valid DockerContext")
 	}
+	if storeMetadata.Name == DefaultContextName {
+		res.Description = "Current DOCKER_HOST based configuration"
+	}
 	return res, nil
 }

cli/command/context/create.go

@@ -10,6 +10,7 @@ import (
 	"github.com/docker/cli/cli/command/formatter/tabwriter"
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -52,7 +53,7 @@ func newCreateCommand(dockerCli command.Cli) *cobra.Command {
 	flags.StringVar(&opts.Description, "description", "", "Description of the context")
 	flags.String(
 		"default-stack-orchestrator", "",
-		"Default orchestrator for stack operations to use with this context (swarm|kubernetes|all)",
+		`Default orchestrator for stack operations to use with this context ("swarm", "kubernetes", "all")`,
 	)
 	flags.SetAnnotation("default-stack-orchestrator", "deprecated", nil)
 	flags.SetAnnotation("default-stack-orchestrator", "deprecated", nil)
@@ -92,17 +93,24 @@ func createNewContext(o *CreateOptions, cli command.Cli, s store.Writer) error {
 	if o.Docker == nil {
 		return errors.New("docker endpoint configuration is required")
 	}
-	contextMetadata := newContextMetadata(o)
-	contextTLSData := store.ContextTLSData{
-		Endpoints: make(map[string]store.EndpointTLSData),
-	}
 	dockerEP, dockerTLS, err := getDockerEndpointMetadataAndTLS(cli, o.Docker)
 	if err != nil {
 		return errors.Wrap(err, "unable to create docker endpoint config")
 	}
-	contextMetadata.Endpoints[docker.DockerEndpoint] = dockerEP
+	contextMetadata := store.Metadata{
+		Endpoints: map[string]interface{}{
+			docker.DockerEndpoint: dockerEP,
+		},
+		Metadata: command.DockerContext{
+			Description: o.Description,
+		},
+		Name: o.Name,
+	}
+	contextTLSData := store.ContextTLSData{}
 	if dockerTLS != nil {
-		contextTLSData.Endpoints[docker.DockerEndpoint] = *dockerTLS
+		contextTLSData.Endpoints = map[string]store.EndpointTLSData{
+			docker.DockerEndpoint: *dockerTLS,
+		}
 	}
 	if err := validateEndpoints(contextMetadata); err != nil {
 		return err
@@ -120,7 +128,7 @@ func checkContextNameForCreation(s store.Reader, name string) error {
 	if err := store.ValidateContextName(name); err != nil {
 		return err
 	}
-	if _, err := s.GetMetadata(name); !store.IsErrContextDoesNotExist(err) {
+	if _, err := s.GetMetadata(name); !errdefs.IsNotFound(err) {
 		if err != nil {
 			return errors.Wrap(err, "error while getting existing contexts")
 		}
@@ -161,13 +169,3 @@ func (d *descriptionDecorator) GetMetadata(name string) (store.Metadata, error)
 	c.Metadata = typedContext
 	return c, nil
 }
-
-func newContextMetadata(o *CreateOptions) store.Metadata {
-	return store.Metadata{
-		Endpoints: make(map[string]interface{}),
-		Metadata: command.DockerContext{
-			Description: o.Description,
-		},
-		Name: o.Name,
-	}
-}

cli/command/context/export-import_test.go

@@ -69,7 +69,7 @@ func TestExportExistingFile(t *testing.T) {
 	contextFile := filepath.Join(t.TempDir(), "exported")
 	cli := makeFakeCli(t)
 	cli.ErrBuffer().Reset()
-	assert.NilError(t, os.WriteFile(contextFile, []byte{}, 0644))
+	assert.NilError(t, os.WriteFile(contextFile, []byte{}, 0o644))
 	err := RunExport(cli, &ExportOptions{ContextName: "test", Dest: contextFile})
 	assert.Assert(t, os.IsExist(err))
 }

cli/command/context/export.go

@@ -52,7 +52,7 @@ func writeTo(dockerCli command.Cli, reader io.Reader, dest string) error {
 		}
 		writer = dockerCli.Out()
 	} else {
-		f, err := os.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
+		f, err := os.OpenFile(dest, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o600)
 		if err != nil {
 			return err
 		}

cli/command/context/list.go

@@ -44,32 +44,60 @@ func runList(dockerCli command.Cli, opts *listOptions) error {
 	if opts.format == "" {
 		opts.format = formatter.TableFormatKey
 	}
-	curContext := dockerCli.CurrentContext()
 	contextMap, err := dockerCli.ContextStore().List()
 	if err != nil {
 		return err
 	}
-	var contexts []*formatter.ClientContext
+	var (
+		curContext = dockerCli.CurrentContext()
+		curFound   bool
+		contexts   []*formatter.ClientContext
+	)
 	for _, rawMeta := range contextMap {
+		isCurrent := rawMeta.Name == curContext
+		if isCurrent {
+			curFound = true
+		}
 		meta, err := command.GetDockerContext(rawMeta)
 		if err != nil {
-			return err
+			// Add a stub-entry to the list, including the error-message
+			// indicating that the context couldn't be loaded.
+			contexts = append(contexts, &formatter.ClientContext{
+				Name:    rawMeta.Name,
+				Current: isCurrent,
+				Error:   err.Error(),
+			})
+			continue
 		}
+		var errMsg string
 		dockerEndpoint, err := docker.EndpointFromContext(rawMeta)
 		if err != nil {
-			return err
-		}
-		if rawMeta.Name == command.DefaultContextName {
-			meta.Description = "Current DOCKER_HOST based configuration"
+			errMsg = err.Error()
 		}
 		desc := formatter.ClientContext{
 			Name:           rawMeta.Name,
-			Current:        rawMeta.Name == curContext,
+			Current:        isCurrent,
 			Description:    meta.Description,
 			DockerEndpoint: dockerEndpoint.Host,
+			Error:          errMsg,
 		}
 		contexts = append(contexts, &desc)
 	}
+	if !curFound {
+		// The currently specified context wasn't found. We add a stub-entry
+		// to the list, including the error-message indicating that the context
+		// wasn't found.
+		var errMsg string
+		_, err := dockerCli.ContextStore().GetMetadata(curContext)
+		if err != nil {
+			errMsg = err.Error()
+		}
+		contexts = append(contexts, &formatter.ClientContext{
+			Name:    curContext,
+			Current: true,
+			Error:   errMsg,
+		})
+	}
 	sort.Slice(contexts, func(i, j int) bool {
 		return sortorder.NaturalLess(contexts[i].Name, contexts[j].Name)
 	})
@@ -77,7 +105,7 @@ func runList(dockerCli command.Cli, opts *listOptions) error {
 		return err
 	}
 	if os.Getenv(client.EnvOverrideHost) != "" {
-		fmt.Fprintf(dockerCli.Err(), "Warning: %[1]s environment variable overrides the active context. "+
+		_, _ = fmt.Fprintf(dockerCli.Err(), "Warning: %[1]s environment variable overrides the active context. "+
 			"To use a context, either set the global --context flag, or unset %[1]s environment variable.\n", client.EnvOverrideHost)
 	}
 	return nil

cli/command/context/list_test.go

@@ -39,3 +39,11 @@ func TestListQuiet(t *testing.T) {
 	assert.NilError(t, runList(cli, &listOptions{quiet: true}))
 	golden.Assert(t, cli.OutBuffer().String(), "quiet-list.golden")
 }
+
+func TestListError(t *testing.T) {
+	cli := makeFakeCli(t)
+	cli.SetCurrentContext("nosuchcontext")
+	cli.OutBuffer().Reset()
+	assert.NilError(t, runList(cli, &listOptions{}))
+	golden.Assert(t, cli.OutBuffer().String(), "list-with-error.golden")
+}

cli/command/context/remove.go

@@ -1,12 +1,14 @@
 package context
 
 import (
-	"errors"
 	"fmt"
+	"os"
 	"strings"
 
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
+	"github.com/docker/docker/errdefs"
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
@@ -38,7 +40,7 @@ func RunRemove(dockerCli command.Cli, opts RemoveOptions, names []string) error
 		if name == "default" {
 			errs = append(errs, `default: context "default" cannot be removed`)
 		} else if err := doRemove(dockerCli, name, name == currentCtx, opts.Force); err != nil {
-			errs = append(errs, fmt.Sprintf("%s: %s", name, err))
+			errs = append(errs, err.Error())
 		} else {
 			fmt.Fprintln(dockerCli.Out(), name)
 		}
@@ -50,12 +52,9 @@ func RunRemove(dockerCli command.Cli, opts RemoveOptions, names []string) error
 }
 
 func doRemove(dockerCli command.Cli, name string, isCurrent, force bool) error {
-	if _, err := dockerCli.ContextStore().GetMetadata(name); err != nil {
-		return err
-	}
 	if isCurrent {
 		if !force {
-			return errors.New("context is in use, set -f flag to force remove")
+			return errors.Errorf("context %q is in use, set -f flag to force remove", name)
 		}
 		// fallback to DOCKER_HOST
 		cfg := dockerCli.ConfigFile()
@@ -64,5 +63,23 @@ func doRemove(dockerCli command.Cli, name string, isCurrent, force bool) error {
 			return err
 		}
 	}
+
+	if !force {
+		if err := checkContextExists(dockerCli, name); err != nil {
+			return err
+		}
+	}
 	return dockerCli.ContextStore().Remove(name)
 }
+
+// checkContextExists returns an error if the context directory does not exist.
+func checkContextExists(dockerCli command.Cli, name string) error {
+	contextDir := dockerCli.ContextStore().GetStorageInfo(name).MetadataPath
+	_, err := os.Stat(contextDir)
+	if os.IsNotExist(err) {
+		return errdefs.NotFound(errors.Errorf("context %q does not exist", name))
+	}
+	// Ignore other errors; if relevant, they will produce an error when
+	// performing the actual delete.
+	return nil
+}

cli/command/context/remove_test.go

@@ -6,8 +6,9 @@ import (
 
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
-	"github.com/docker/cli/cli/context/store"
+	"github.com/docker/docker/errdefs"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestRemove(t *testing.T) {
@@ -18,7 +19,7 @@ func TestRemove(t *testing.T) {
 	_, err := cli.ContextStore().GetMetadata("current")
 	assert.NilError(t, err)
 	_, err = cli.ContextStore().GetMetadata("other")
-	assert.Check(t, store.IsErrContextDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 }
 
 func TestRemoveNotAContext(t *testing.T) {
@@ -27,6 +28,9 @@ func TestRemoveNotAContext(t *testing.T) {
 	createTestContext(t, cli, "other")
 	err := RunRemove(cli, RemoveOptions{}, []string{"not-a-context"})
 	assert.ErrorContains(t, err, `context "not-a-context" does not exist`)
+
+	err = RunRemove(cli, RemoveOptions{Force: true}, []string{"not-a-context"})
+	assert.NilError(t, err)
 }
 
 func TestRemoveCurrent(t *testing.T) {
@@ -35,7 +39,7 @@ func TestRemoveCurrent(t *testing.T) {
 	createTestContext(t, cli, "other")
 	cli.SetCurrentContext("current")
 	err := RunRemove(cli, RemoveOptions{}, []string{"current"})
-	assert.ErrorContains(t, err, "current: context is in use, set -f flag to force remove")
+	assert.ErrorContains(t, err, `context "current" is in use, set -f flag to force remove`)
 }
 
 func TestRemoveCurrentForce(t *testing.T) {

cli/command/context/show.go

@@ -16,19 +16,14 @@ func newShowCommand(dockerCli command.Cli) *cobra.Command {
 		Short: "Print the name of the current context",
 		Args:  cli.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runShow(dockerCli)
+			runShow(dockerCli)
+			return nil
 		},
 		ValidArgsFunction: completion.NoComplete,
 	}
 	return cmd
 }
 
-func runShow(dockerCli command.Cli) error {
-	context := dockerCli.CurrentContext()
-	metadata, err := dockerCli.ContextStore().GetMetadata(context)
-	if err != nil {
-		return err
-	}
-	fmt.Fprintln(dockerCli.Out(), metadata.Name)
-	return nil
+func runShow(dockerCli command.Cli) {
+	fmt.Fprintln(dockerCli.Out(), dockerCli.CurrentContext())
 }

cli/command/context/show_test.go

@@ -3,7 +3,6 @@ package context
 import (
 	"testing"
 
-	"gotest.tools/v3/assert"
 	"gotest.tools/v3/golden"
 )
 
@@ -13,7 +12,6 @@ func TestShow(t *testing.T) {
 	cli.SetCurrentContext("current")
 
 	cli.OutBuffer().Reset()
-	assert.NilError(t, runShow(cli))
+	runShow(cli)
 	golden.Assert(t, cli.OutBuffer().String(), "show.golden")
-
 }

cli/command/context/testdata/list-with-error.golden

@@ -0,0 +1,3 @@
+NAME              DESCRIPTION                               DOCKER ENDPOINT               ERROR
+default           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock   
+nosuchcontext *                                                                           context "nosuchcontext": context not found: …

cli/command/context/testdata/list.golden

@@ -1,5 +1,5 @@
-NAME        DESCRIPTION                               DOCKER ENDPOINT
-current *   description of current                    https://someswarmserver.example.com
-default     Current DOCKER_HOST based configuration   unix:///var/run/docker.sock
-other       description of other                      https://someswarmserver.example.com
-unset       description of unset                      https://someswarmserver.example.com
+NAME        DESCRIPTION                               DOCKER ENDPOINT                       ERROR
+current *   description of current                    https://someswarmserver.example.com   
+default     Current DOCKER_HOST based configuration   unix:///var/run/docker.sock           
+other       description of other                      https://someswarmserver.example.com   
+unset       description of unset                      https://someswarmserver.example.com   

cli/command/context/use.go

@@ -25,24 +25,30 @@ func newUseCommand(dockerCli command.Cli) *cobra.Command {
 
 // RunUse set the current Docker context
 func RunUse(dockerCli command.Cli, name string) error {
-	if err := store.ValidateContextName(name); err != nil && name != "default" {
-		return err
-	}
-	if _, err := dockerCli.ContextStore().GetMetadata(name); err != nil && name != "default" {
-		return err
-	}
-	configValue := name
-	if configValue == "default" {
-		configValue = ""
+	// configValue uses an empty string for "default"
+	var configValue string
+	if name != command.DefaultContextName {
+		if err := store.ValidateContextName(name); err != nil {
+			return err
+		}
+		if _, err := dockerCli.ContextStore().GetMetadata(name); err != nil {
+			return err
+		}
+		configValue = name
 	}
 	dockerConfig := dockerCli.ConfigFile()
-	dockerConfig.CurrentContext = configValue
-	if err := dockerConfig.Save(); err != nil {
-		return err
+	// Avoid updating the config-file if nothing changed. This also prevents
+	// creating the file and config-directory if the default is used and
+	// no config-file existed yet.
+	if dockerConfig.CurrentContext != configValue {
+		dockerConfig.CurrentContext = configValue
+		if err := dockerConfig.Save(); err != nil {
+			return err
+		}
 	}
 	fmt.Fprintln(dockerCli.Out(), name)
 	fmt.Fprintf(dockerCli.Err(), "Current context is now %q\n", name)
-	if os.Getenv(client.EnvOverrideHost) != "" {
+	if name != command.DefaultContextName && os.Getenv(client.EnvOverrideHost) != "" {
 		fmt.Fprintf(dockerCli.Err(), "Warning: %[1]s environment variable overrides the active context. "+
 			"To use %[2]q, either set the global --context flag, or unset %[1]s environment variable.\n", client.EnvOverrideHost, name)
 	}

cli/command/context/use_test.go

@@ -1,13 +1,21 @@
 package context
 
 import (
+	"bytes"
+	"errors"
+	"io"
+	"os"
 	"path/filepath"
 	"testing"
 
+	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
-	"github.com/docker/cli/cli/context/store"
+	"github.com/docker/cli/cli/flags"
+	"github.com/docker/docker/errdefs"
+	"github.com/docker/docker/pkg/homedir"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 )
 
 func TestUse(t *testing.T) {
@@ -39,5 +47,107 @@ func TestUse(t *testing.T) {
 func TestUseNoExist(t *testing.T) {
 	cli := makeFakeCli(t)
 	err := newUseCommand(cli).RunE(nil, []string{"test"})
-	assert.Check(t, store.IsErrContextDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
+}
+
+// TestUseDefaultWithoutConfigFile verifies that the CLI does not create
+// the default config file and directory when using the default context.
+func TestUseDefaultWithoutConfigFile(t *testing.T) {
+	// We must use a temporary home-directory, because this test covers
+	// the _default_ configuration file. If we specify a custom configuration
+	// file, the CLI produces an error if the file doesn't exist.
+	tmpHomeDir := t.TempDir()
+	t.Setenv(homedir.Key(), tmpHomeDir)
+	configDir := filepath.Join(tmpHomeDir, ".docker")
+	configFilePath := filepath.Join(configDir, "config.json")
+
+	// Verify config-dir and -file don't exist before
+	_, err := os.Stat(configDir)
+	assert.Check(t, errors.Is(err, os.ErrNotExist))
+	_, err = os.Stat(configFilePath)
+	assert.Check(t, errors.Is(err, os.ErrNotExist))
+
+	cli, err := command.NewDockerCli(command.WithCombinedStreams(io.Discard))
+	assert.NilError(t, err)
+	assert.NilError(t, newUseCommand(cli).RunE(nil, []string{"default"}))
+
+	// Verify config-dir and -file don't exist after
+	_, err = os.Stat(configDir)
+	assert.Check(t, errors.Is(err, os.ErrNotExist))
+	_, err = os.Stat(configFilePath)
+	assert.Check(t, errors.Is(err, os.ErrNotExist))
+}
+
+func TestUseHostOverride(t *testing.T) {
+	t.Setenv("DOCKER_HOST", "tcp://ed:2375/")
+
+	configDir := t.TempDir()
+	configFilePath := filepath.Join(configDir, "config.json")
+	testCfg := configfile.New(configFilePath)
+	cli := makeFakeCli(t, withCliConfig(testCfg))
+	err := RunCreate(cli, &CreateOptions{
+		Name:   "test",
+		Docker: map[string]string{},
+	})
+	assert.NilError(t, err)
+
+	cli.ResetOutputBuffers()
+	err = newUseCommand(cli).RunE(nil, []string{"test"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Contains(
+		cli.ErrBuffer().String(),
+		`Warning: DOCKER_HOST environment variable overrides the active context.`,
+	))
+	assert.Assert(t, is.Contains(cli.ErrBuffer().String(), `Current context is now "test"`))
+	assert.Equal(t, cli.OutBuffer().String(), "test\n")
+
+	// setting DOCKER_HOST with the default context should not print a warning
+	cli.ResetOutputBuffers()
+	err = newUseCommand(cli).RunE(nil, []string{"default"})
+	assert.NilError(t, err)
+	assert.Assert(t, is.Contains(cli.ErrBuffer().String(), `Current context is now "default"`))
+	assert.Equal(t, cli.OutBuffer().String(), "default\n")
+}
+
+// An empty DOCKER_HOST used to break the 'context use' flow.
+// So we have a test with fewer fakes that tests this flow holistically.
+// https://github.com/docker/cli/issues/3667
+func TestUseHostOverrideEmpty(t *testing.T) {
+	t.Setenv("DOCKER_HOST", "")
+
+	configDir := t.TempDir()
+	config.SetDir(configDir)
+
+	socketPath := "unix://" + filepath.Join(configDir, "docker.sock")
+
+	var out *bytes.Buffer
+	var cli *command.DockerCli
+
+	loadCli := func() {
+		out = bytes.NewBuffer(nil)
+
+		var err error
+		cli, err = command.NewDockerCli(command.WithCombinedStreams(out))
+		assert.NilError(t, err)
+		assert.NilError(t, cli.Initialize(flags.NewClientOptions()))
+	}
+	loadCli()
+	err := RunCreate(cli, &CreateOptions{
+		Name:   "test",
+		Docker: map[string]string{"host": socketPath},
+	})
+	assert.NilError(t, err)
+
+	err = newUseCommand(cli).RunE(nil, []string{"test"})
+	assert.NilError(t, err)
+	assert.Assert(t, !is.Contains(out.String(), "Warning")().Success())
+	assert.Assert(t, is.Contains(out.String(), `Current context is now "test"`))
+
+	loadCli()
+	err = newShowCommand(cli).RunE(nil, nil)
+	assert.NilError(t, err)
+	assert.Assert(t, is.Contains(out.String(), "test"))
+
+	apiclient := cli.Client()
+	assert.Equal(t, apiclient.DaemonHost(), socketPath)
 }

cli/command/context_test.go

@@ -16,7 +16,8 @@ func TestDockerContextMetadataKeepAdditionalFields(t *testing.T) {
 	}
 	jsonBytes, err := json.Marshal(c)
 	assert.NilError(t, err)
-	assert.Equal(t, `{"Description":"test","foo":"bar"}`, string(jsonBytes))
+	const expected = `{"Description":"test","foo":"bar"}`
+	assert.Equal(t, string(jsonBytes), expected)
 
 	var c2 DockerContext
 	assert.NilError(t, json.Unmarshal(jsonBytes, &c2))

cli/command/defaultcontextstore.go

@@ -1,13 +1,10 @@
 package command
 
 import (
-	"fmt"
-	"io"
-
-	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
 	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
 
@@ -45,7 +42,7 @@ type EndpointDefaultResolver interface {
 }
 
 // ResolveDefaultContext creates a Metadata for the current CLI invocation parameters
-func ResolveDefaultContext(opts *cliflags.CommonOptions, config *configfile.ConfigFile, storeconfig store.Config, stderr io.Writer) (*DefaultContext, error) {
+func ResolveDefaultContext(opts *cliflags.ClientOptions, config store.Config) (*DefaultContext, error) {
 	contextTLSData := store.ContextTLSData{
 		Endpoints: make(map[string]store.EndpointTLSData),
 	}
@@ -66,7 +63,7 @@ func ResolveDefaultContext(opts *cliflags.CommonOptions, config *configfile.Conf
 		contextTLSData.Endpoints[docker.DockerEndpoint] = *dockerEP.TLSData.ToStoreTLSData()
 	}
 
-	if err := storeconfig.ForeachEndpointType(func(n string, get store.TypeGetter) error {
+	if err := config.ForeachEndpointType(func(n string, get store.TypeGetter) error {
 		if n == docker.DockerEndpoint { // handled above
 			return nil
 		}
@@ -109,7 +106,7 @@ func (s *ContextStoreWithDefault) List() ([]store.Metadata, error) {
 // CreateOrUpdate is not allowed for the default context and fails
 func (s *ContextStoreWithDefault) CreateOrUpdate(meta store.Metadata) error {
 	if meta.Name == DefaultContextName {
-		return errors.New("default context cannot be created nor updated")
+		return errdefs.InvalidParameter(errors.New("default context cannot be created nor updated"))
 	}
 	return s.Store.CreateOrUpdate(meta)
 }
@@ -117,7 +114,7 @@ func (s *ContextStoreWithDefault) CreateOrUpdate(meta store.Metadata) error {
 // Remove is not allowed for the default context and fails
 func (s *ContextStoreWithDefault) Remove(name string) error {
 	if name == DefaultContextName {
-		return errors.New("default context cannot be removed")
+		return errdefs.InvalidParameter(errors.New("default context cannot be removed"))
 	}
 	return s.Store.Remove(name)
 }
@@ -137,7 +134,7 @@ func (s *ContextStoreWithDefault) GetMetadata(name string) (store.Metadata, erro
 // ResetTLSMaterial is not implemented for default context and fails
 func (s *ContextStoreWithDefault) ResetTLSMaterial(name string, data *store.ContextTLSData) error {
 	if name == DefaultContextName {
-		return errors.New("The default context store does not support ResetTLSMaterial")
+		return errdefs.InvalidParameter(errors.New("default context cannot be edited"))
 	}
 	return s.Store.ResetTLSMaterial(name, data)
 }
@@ -145,7 +142,7 @@ func (s *ContextStoreWithDefault) ResetTLSMaterial(name string, data *store.Cont
 // ResetEndpointTLSMaterial is not implemented for default context and fails
 func (s *ContextStoreWithDefault) ResetEndpointTLSMaterial(contextName string, endpointName string, data *store.EndpointTLSData) error {
 	if contextName == DefaultContextName {
-		return errors.New("The default context store does not support ResetEndpointTLSMaterial")
+		return errdefs.InvalidParameter(errors.New("default context cannot be edited"))
 	}
 	return s.Store.ResetEndpointTLSMaterial(contextName, endpointName, data)
 }
@@ -178,29 +175,13 @@ func (s *ContextStoreWithDefault) GetTLSData(contextName, endpointName, fileName
 			return nil, err
 		}
 		if defaultContext.TLS.Endpoints[endpointName].Files[fileName] == nil {
-			return nil, &noDefaultTLSDataError{endpointName: endpointName, fileName: fileName}
+			return nil, errdefs.NotFound(errors.Errorf("TLS data for %s/%s/%s does not exist", DefaultContextName, endpointName, fileName))
 		}
 		return defaultContext.TLS.Endpoints[endpointName].Files[fileName], nil
-
 	}
 	return s.Store.GetTLSData(contextName, endpointName, fileName)
 }
 
-type noDefaultTLSDataError struct {
-	endpointName string
-	fileName     string
-}
-
-func (e *noDefaultTLSDataError) Error() string {
-	return fmt.Sprintf("tls data for %s/%s/%s does not exist", DefaultContextName, e.endpointName, e.fileName)
-}
-
-// NotFound satisfies interface github.com/docker/docker/errdefs.ErrNotFound
-func (e *noDefaultTLSDataError) NotFound() {}
-
-// IsTLSDataDoesNotExist satisfies github.com/docker/cli/cli/context/store.tlsDataDoesNotExist
-func (e *noDefaultTLSDataError) IsTLSDataDoesNotExist() {}
-
 // GetStorageInfo implements store.Store's GetStorageInfo
 func (s *ContextStoreWithDefault) GetStorageInfo(contextName string) store.StorageInfo {
 	if contextName == DefaultContextName {

cli/command/defaultcontextstore_test.go

@@ -8,9 +8,10 @@ import (
 	"github.com/docker/cli/cli/context/docker"
 	"github.com/docker/cli/cli/context/store"
 	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/docker/docker/errdefs"
 	"github.com/docker/go-connections/tlsconfig"
 	"gotest.tools/v3/assert"
-	"gotest.tools/v3/env"
+	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"
 )
 
@@ -53,14 +54,14 @@ func testStore(t *testing.T, meta store.Metadata, tls store.ContextTLSData) stor
 func TestDefaultContextInitializer(t *testing.T) {
 	cli, err := NewDockerCli()
 	assert.NilError(t, err)
-	defer env.Patch(t, "DOCKER_HOST", "ssh://someswarmserver")()
+	t.Setenv("DOCKER_HOST", "ssh://someswarmserver")
 	cli.configFile = &configfile.ConfigFile{}
-	ctx, err := ResolveDefaultContext(&cliflags.CommonOptions{
+	ctx, err := ResolveDefaultContext(&cliflags.ClientOptions{
 		TLS: true,
 		TLSOptions: &tlsconfig.Options{
 			CAFile: "./testdata/ca.pem",
 		},
-	}, cli.ConfigFile(), DefaultContextStoreConfig(), cli.Err())
+	}, DefaultContextStoreConfig())
 	assert.NilError(t, err)
 	assert.Equal(t, "default", ctx.Meta.Name)
 	assert.DeepEqual(t, "ssh://someswarmserver", ctx.Meta.Endpoints[docker.DockerEndpoint].(docker.EndpointMeta).Host)
@@ -154,6 +155,7 @@ func TestErrCreateDefault(t *testing.T) {
 		Metadata: testContext{Bar: "baz"},
 		Name:     "default",
 	})
+	assert.Check(t, is.ErrorType(err, errdefs.IsInvalidParameter))
 	assert.Error(t, err, "default context cannot be created nor updated")
 }
 
@@ -161,6 +163,7 @@ func TestErrRemoveDefault(t *testing.T) {
 	meta := testDefaultMetadata()
 	s := testStore(t, meta, store.ContextTLSData{})
 	err := s.Remove("default")
+	assert.Check(t, is.ErrorType(err, errdefs.IsInvalidParameter))
 	assert.Error(t, err, "default context cannot be removed")
 }
 
@@ -168,5 +171,5 @@ func TestErrTLSDataError(t *testing.T) {
 	meta := testDefaultMetadata()
 	s := testStore(t, meta, store.ContextTLSData{})
 	_, err := s.GetTLSData("default", "noop", "noop")
-	assert.Check(t, store.IsErrTLSDataDoesNotExist(err))
+	assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
 }

cli/command/formatter/buildcache.go

@@ -124,10 +124,16 @@ func (c *buildCacheContext) ID() string {
 }
 
 func (c *buildCacheContext) Parent() string {
-	if c.trunc {
-		return stringid.TruncateID(c.v.Parent)
+	var parent string
+	if len(c.v.Parents) > 0 {
+		parent = strings.Join(c.v.Parents, ", ")
+	} else {
+		parent = c.v.Parent //nolint:staticcheck // Ignore SA1019: Field was deprecated in API v1.42, but kept for backward compatibility
 	}
-	return c.v.Parent
+	if c.trunc {
+		return stringid.TruncateID(parent)
+	}
+	return parent
 }
 
 func (c *buildCacheContext) CacheType() string {

cli/command/formatter/container.go

@@ -27,7 +27,7 @@ const (
 // NewContainerFormat returns a Format for rendering using a Context
 func NewContainerFormat(source string, quiet bool, size bool) Format {
 	switch source {
-	case TableFormatKey:
+	case TableFormatKey, "": // table formatting is the default if none is set.
 		if quiet {
 			return DefaultQuietFormat
 		}
@@ -54,8 +54,9 @@ ports: {{- pad .Ports 1 0}}
 			format += `size: {{.Size}}\n`
 		}
 		return Format(format)
+	default: // custom format
+		return Format(source)
 	}
-	return Format(source)
 }
 
 // ContainerWrite renders the context for a list of containers

cli/command/formatter/container_test.go

@@ -33,18 +33,20 @@ func TestContainerPsContext(t *testing.T) {
 		{types.Container{Image: "ubuntu"}, true, "ubuntu", ctx.Image},
 		{types.Container{Image: "verylongimagename"}, true, "verylongimagename", ctx.Image},
 		{types.Container{Image: "verylongimagename"}, false, "verylongimagename", ctx.Image},
-		{types.Container{
-			Image:   "a5a665ff33eced1e0803148700880edab4",
-			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
-		},
+		{
+			types.Container{
+				Image:   "a5a665ff33eced1e0803148700880edab4",
+				ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
+			},
 			true,
 			"a5a665ff33ec",
 			ctx.Image,
 		},
-		{types.Container{
-			Image:   "a5a665ff33eced1e0803148700880edab4",
-			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
-		},
+		{
+			types.Container{
+				Image:   "a5a665ff33eced1e0803148700880edab4",
+				ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
+			},
 			false,
 			"a5a665ff33eced1e0803148700880edab4",
 			ctx.Image,
@@ -436,7 +438,7 @@ type ports struct {
 	expected string
 }
 
-// nolint: lll
+//nolint:lll
 func TestDisplayablePorts(t *testing.T) {
 	cases := []ports{
 		{
@@ -446,7 +448,8 @@ func TestDisplayablePorts(t *testing.T) {
 					Type:        "tcp",
 				},
 			},
-			"9988/tcp"},
+			"9988/tcp",
+		},
 		{
 			[]types.Port{
 				{

cli/command/formatter/context.go

@@ -1,20 +1,22 @@
 package formatter
 
 const (
-	// ClientContextTableFormat is the default client context format
-	ClientContextTableFormat = "table {{.Name}}{{if .Current}} *{{end}}\t{{.Description}}\t{{.DockerEndpoint}}"
+	// ClientContextTableFormat is the default client context format.
+	ClientContextTableFormat = "table {{.Name}}{{if .Current}} *{{end}}\t{{.Description}}\t{{.DockerEndpoint}}\t{{.Error}}"
 
 	dockerEndpointHeader = "DOCKER ENDPOINT"
 	quietContextFormat   = "{{.Name}}"
+
+	maxErrLength = 45
 )
 
 // NewClientContextFormat returns a Format for rendering using a Context
 func NewClientContextFormat(source string, quiet bool) Format {
 	if quiet {
-		return Format(quietContextFormat)
+		return quietContextFormat
 	}
 	if source == TableFormatKey {
-		return Format(ClientContextTableFormat)
+		return ClientContextTableFormat
 	}
 	return Format(source)
 }
@@ -25,6 +27,7 @@ type ClientContext struct {
 	Description    string
 	DockerEndpoint string
 	Current        bool
+	Error          string
 }
 
 // ClientContextWrite writes formatted contexts using the Context
@@ -51,6 +54,7 @@ func newClientContextContext() *clientContextContext {
 		"Name":           NameHeader,
 		"Description":    DescriptionHeader,
 		"DockerEndpoint": dockerEndpointHeader,
+		"Error":          ErrorHeader,
 	}
 	return &ctx
 }
@@ -75,6 +79,12 @@ func (c *clientContextContext) DockerEndpoint() string {
 	return c.c.DockerEndpoint
 }
 
+// Error returns the truncated error (if any) that occurred when loading the context.
+func (c *clientContextContext) Error() string {
+	// TODO(thaJeztah) add "--no-trunc" option to context ls and set default to 30 cols to match "docker service ps"
+	return Ellipsis(c.c.Error, maxErrLength)
+}
+
 // KubernetesEndpoint returns the kubernetes endpoint.
 //
 // Deprecated: support for kubernetes endpoints in contexts has been removed, and this formatting option will always be empty.

cli/command/formatter/custom.go

@@ -16,6 +16,7 @@ const (
 	StatusHeader       = "STATUS"
 	PortsHeader        = "PORTS"
 	ImageHeader        = "IMAGE"
+	ErrorHeader        = "ERROR"
 	ContainerIDHeader  = "CONTAINER ID"
 )
 

cli/command/formatter/disk_usage.go

@@ -289,7 +289,6 @@ func (c *diskUsageImagesContext) Active() string {
 
 func (c *diskUsageImagesContext) Size() string {
 	return units.HumanSize(float64(c.totalSize))
-
 }
 
 func (c *diskUsageImagesContext) Reclaimable() string {
@@ -391,7 +390,6 @@ func (c *diskUsageVolumesContext) TotalCount() string {
 }
 
 func (c *diskUsageVolumesContext) Active() string {
-
 	used := 0
 	for _, v := range c.volumes {
 		if v.UsageData.RefCount > 0 {