fix(loader): Allows multiple protocols on one port

[27.x] update to go1.22.12

.github/workflows/build.yml

@@ -22,6 +22,7 @@ on:
     branches:
       - 'master'
       - '[0-9]+.[0-9]+'
+      - '[0-9]+.x'
     tags:
       - 'v*'
   pull_request:

.github/workflows/codeql.yml

@@ -14,6 +14,7 @@ on:
     branches: 
       - 'master' 
       - '[0-9]+.[0-9]+' 
+      - '[0-9]+.x'
     tags: 
       - 'v*' 
   pull_request:
@@ -67,7 +68,7 @@ jobs:
         name: Update Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.22.10"
+          go-version: "1.22.12"
       -
         name: Initialize CodeQL
         uses: github/codeql-action/init@v3

.github/workflows/e2e.yml

@@ -19,6 +19,7 @@ on:
     branches:
       - 'master'
       - '[0-9]+.[0-9]+'
+      - '[0-9]+.x'
     tags:
       - 'v*'
   pull_request:

.github/workflows/test.yml

@@ -19,6 +19,7 @@ on:
     branches:
       - 'master'
       - '[0-9]+.[0-9]+'
+      - '[0-9]+.x'
     tags:
       - 'v*'
   pull_request:
@@ -74,7 +75,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.22.10"
+          go-version: "1.22.12"
       -
         name: Test
         run: |

.github/workflows/validate.yml

@@ -19,6 +19,7 @@ on:
     branches:
       - 'master'
       - '[0-9]+.[0-9]+'
+      - '[0-9]+.x'
     tags:
       - 'v*'
   pull_request:

Dockerfile

@@ -4,12 +4,12 @@ ARG BASE_VARIANT=alpine
 ARG ALPINE_VERSION=3.20
 ARG BASE_DEBIAN_DISTRO=bookworm
 
-ARG GO_VERSION=1.22.10
+ARG GO_VERSION=1.22.12
 ARG XX_VERSION=1.6.1
 ARG GOVERSIONINFO_VERSION=v1.3.0
 ARG GOTESTSUM_VERSION=v1.10.0
-ARG BUILDX_VERSION=0.18.0
-ARG COMPOSE_VERSION=v2.30.3
+ARG BUILDX_VERSION=0.20.0
+ARG COMPOSE_VERSION=v2.32.4
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 

cli/command/container/cp_test.go

@@ -67,14 +67,15 @@ func TestRunCopyFromContainerToStdout(t *testing.T) {
 }
 
 func TestRunCopyFromContainerToFilesystem(t *testing.T) {
-	destDir := fs.NewDir(t, "cp-test",
+	srcDir := fs.NewDir(t, "cp-test",
 		fs.WithFile("file1", "content\n"))
-	defer destDir.Remove()
+
+	destDir := fs.NewDir(t, "cp-test")
 
 	cli := test.NewFakeCli(&fakeClient{
 		containerCopyFromFunc: func(ctr, srcPath string) (io.ReadCloser, container.PathStat, error) {
 			assert.Check(t, is.Equal("container", ctr))
-			readCloser, err := archive.TarWithOptions(destDir.Path(), &archive.TarOptions{})
+			readCloser, err := archive.Tar(srcDir.Path(), archive.Uncompressed)
 			return readCloser, container.PathStat{}, err
 		},
 	})

cli/compose/loader/merge.go

@@ -4,6 +4,7 @@
 package loader
 
 import (
+	"fmt"
 	"reflect"
 	"sort"
 
@@ -117,7 +118,11 @@ func toServicePortConfigsMap(s any) (map[any]any, error) {
 	}
 	m := map[any]any{}
 	for _, p := range ports {
-		m[p.Published] = p
+		protocol := "tcp"
+		if p.Protocol != "" {
+			protocol = p.Protocol
+		}
+		m[fmt.Sprintf("%d%s", p.Published, protocol)] = p
 	}
 	return m, nil
 }

cli/compose/loader/merge_test.go

@@ -848,6 +848,8 @@ func TestLoadMultipleConfigs(t *testing.T) {
 				"ports": []any{
 					"8080:80",
 					"9090:90",
+					"53:53/tcp",
+					"53:53/udp",
 				},
 				"labels": []any{
 					"foo=bar",
@@ -925,6 +927,18 @@ func TestLoadMultipleConfigs(t *testing.T) {
 					},
 				},
 				Ports: []types.ServicePortConfig{
+					{
+						Mode:      "ingress",
+						Target:    53,
+						Published: 53,
+						Protocol:  "tcp",
+					},
+					{
+						Mode:      "ingress",
+						Target:    53,
+						Published: 53,
+						Protocol:  "udp",
+					},
 					{
 						Target:    81,
 						Published: 8080,

contrib/completion/bash/docker

@@ -2591,7 +2591,6 @@ _docker_daemon() {
 		--mtu
 		--network-control-plane-mtu
 		--node-generic-resource
-		--oom-score-adjust
 		--pidfile -p
 		--registry-mirror
 		--seccomp-profile

contrib/completion/zsh/_docker

@@ -2770,7 +2770,6 @@ __docker_subcommand() {
                 "($help)--max-concurrent-uploads[Set the max concurrent uploads]" \
                 "($help)--max-download-attempts[Set the max download attempts for each pull]" \
                 "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \
-                "($help)--oom-score-adjust=[Set the oom_score_adj for the daemon]:oom-score:(-500)" \
                 "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \
                 "($help)--raw-logs[Full timestamps without ANSI coloring]" \
                 "($help)*--registry-mirror=[Preferred registry mirror]:registry mirror: " \

docker-bake.hcl

@@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-    default = "1.22.10"
+    default = "1.22.12"
 }
 variable "VERSION" {
     default = ""

dockerfiles/Dockerfile.dev

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.22.10
+ARG GO_VERSION=1.22.12
 ARG ALPINE_VERSION=3.20
 
 ARG BUILDX_VERSION=0.17.1

dockerfiles/Dockerfile.lint

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.22.10
+ARG GO_VERSION=1.22.12
 ARG ALPINE_VERSION=3.20
 ARG GOLANGCI_LINT_VERSION=v1.62.0
 

dockerfiles/Dockerfile.vendor

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.22.10
+ARG GO_VERSION=1.22.12
 ARG ALPINE_VERSION=3.20
 ARG MODOUTDATED_VERSION=v0.8.0
 

docs/reference/commandline/image_build.md

@@ -133,8 +133,6 @@ Linux namespaces. On Microsoft Windows, you can specify these values:
 | `process` | Namespace isolation only.                                                                                                                                                      |
 | `hyperv`  | Hyper-V hypervisor partition-based isolation.                                                                                                                                  |
 
-Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
-
 ### <a name="security-opt"></a> Optional security options (--security-opt)
 
 This flag is only supported on a daemon running on Windows, and only supports

docs/reference/dockerd.md

@@ -92,7 +92,6 @@ Options:
       --no-new-privileges                     Set no-new-privileges by default for new containers
       --no-proxy string                       Comma-separated list of hosts or IP addresses for which the proxy is skipped
       --node-generic-resource list            Advertise user-defined resource
-      --oom-score-adjust int                  Set the oom_score_adj for the daemon
   -p, --pidfile string                        Path to use for daemon PID file (default "/var/run/docker.pid")
       --raw-logs                              Full timestamps without ANSI coloring
       --registry-mirror list                  Preferred registry mirror
@@ -1172,7 +1171,6 @@ The following is a full example of the allowed configuration options on Linux:
     "NVIDIA-GPU=UUID1",
     "NVIDIA-GPU=UUID2"
   ],
-  "oom-score-adjust": 0,
   "pidfile": "",
   "raw-logs": false,
   "registry-mirrors": [],

e2e/testdata/Dockerfile.gencerts

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.22.10
+ARG GO_VERSION=1.22.12
 
 FROM golang:${GO_VERSION}-alpine AS generated
 ENV GOTOOLCHAIN=local

man/docker-build.1.md

@@ -348,8 +348,6 @@ Linux namespaces. On Microsoft Windows, you can specify these values:
 * `process`: Namespace isolation only.
 * `hyperv`: Hyper-V hypervisor partition-based isolation.
 
-Specifying the `--isolation` flag without a value is the same as setting `--isolation "default"`.
-
 # HISTORY
 March 2014, Originally compiled by William Henry (whenry at redhat dot com)
 based on docker.com source material and internal work.

man/src/container/create-example.md

@@ -9,8 +9,6 @@ Linux namespaces. On Microsoft Windows, you can specify these values:
 * `process`: Namespace isolation only.
 * `hyperv`: Hyper-V hypervisor partition-based isolation.
 
-Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`.
-
 ### Dealing with dynamically created devices (--device-cgroup-rule)
 
 Devices available to a container are assigned at creation time. The

vendor.mod

@@ -13,7 +13,7 @@ require (
 	github.com/distribution/reference v0.6.0
 	github.com/docker/cli-docs-tool v0.8.0
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/docker/docker v27.4.2-0.20241220164841-c23af2910987+incompatible // 27.x branch, v27.5.0-rc.1
+	github.com/docker/docker v27.5.0+incompatible
 	github.com/docker/docker-credential-helpers v0.8.2
 	github.com/docker/go-connections v0.5.0
 	github.com/docker/go-units v0.5.0

vendor.sum

@@ -57,8 +57,8 @@ github.com/docker/cli-docs-tool v0.8.0/go.mod h1:8TQQ3E7mOXoYUs811LiPdUnAhXrcVsB
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.4.2-0.20241220164841-c23af2910987+incompatible h1:PYaQqIc2XmRM2q+UjcvE1FcVH/t2UnE8Q9Y+IbUGoh4=
-github.com/docker/docker v27.4.2-0.20241220164841-c23af2910987+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.5.0+incompatible h1:um++2NcQtGRTz5eEgO6aJimo6/JxrTXC941hd05JO6U=
+github.com/docker/docker v27.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=

vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go

@@ -18,6 +18,8 @@ const blockThreshold = 1e6
 
 var (
 	// ErrClosed is returned when Write is called on a closed BytesPipe.
+	//
+	// Deprecated: this type is only used internally, and will be removed in the next release.
 	ErrClosed = errors.New("write to closed BytesPipe")
 
 	bufPools     = make(map[int]*sync.Pool)
@@ -28,6 +30,8 @@ var (
 // All written data may be read at most once. Also, BytesPipe allocates
 // and releases new byte slices to adjust to current needs, so the buffer
 // won't be overgrown after peak loads.
+//
+// Deprecated: this type is only used internally, and will be removed in the next release.
 type BytesPipe struct {
 	mu        sync.Mutex
 	wait      *sync.Cond
@@ -40,6 +44,8 @@ type BytesPipe struct {
 // NewBytesPipe creates new BytesPipe, initialized by specified slice.
 // If buf is nil, then it will be initialized with slice which cap is 64.
 // buf will be adjusted in a way that len(buf) == 0, cap(buf) == cap(buf).
+//
+// Deprecated: this function is only used internally, and will be removed in the next release.
 func NewBytesPipe() *BytesPipe {
 	bp := &BytesPipe{}
 	bp.buf = append(bp.buf, getBuffer(minCap))

vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go

@@ -80,13 +80,19 @@ func (wf *WriteFlusher) Close() error {
 	return nil
 }
 
+// nopFlusher represents a type which flush operation is nop.
+type nopFlusher struct{}
+
+// Flush is a nop operation.
+func (f *nopFlusher) Flush() {}
+
 // NewWriteFlusher returns a new WriteFlusher.
 func NewWriteFlusher(w io.Writer) *WriteFlusher {
 	var fl flusher
 	if f, ok := w.(flusher); ok {
 		fl = f
 	} else {
-		fl = &NopFlusher{}
+		fl = &nopFlusher{}
 	}
 	return &WriteFlusher{w: w, flusher: fl, closed: make(chan struct{}), flushed: make(chan struct{})}
 }

vendor/github.com/docker/docker/pkg/ioutils/writers.go

@@ -6,6 +6,8 @@ import (
 )
 
 // NopWriter represents a type which write operation is nop.
+//
+// Deprecated: use [io.Discard] instead. This type will be removed in the next release.
 type NopWriter struct{}
 
 func (*NopWriter) Write(buf []byte) (int, error) {
@@ -19,15 +21,16 @@ type nopWriteCloser struct {
 func (w *nopWriteCloser) Close() error { return nil }
 
 // NopWriteCloser returns a nopWriteCloser.
+//
+// Deprecated: This function is no longer used and will be removed in the next release.
 func NopWriteCloser(w io.Writer) io.WriteCloser {
 	return &nopWriteCloser{w}
 }
 
 // NopFlusher represents a type which flush operation is nop.
-type NopFlusher struct{}
-
-// Flush is a nop operation.
-func (f *NopFlusher) Flush() {}
+//
+// Deprecated: NopFlusher is only used internally and will be removed in the next release.
+type NopFlusher = nopFlusher
 
 type writeCloserWrapper struct {
 	io.Writer
@@ -55,12 +58,16 @@ func NewWriteCloserWrapper(r io.Writer, closer func() error) io.WriteCloser {
 // of bytes written to the writer during a "session".
 // This can be convenient when write return is masked
 // (e.g., json.Encoder.Encode())
+//
+// Deprecated: this type is no longer used and will be removed in the next release.
 type WriteCounter struct {
 	Count  int64
 	Writer io.Writer
 }
 
 // NewWriteCounter returns a new WriteCounter.
+//
+// Deprecated: this function is no longer used and will be removed in the next release.
 func NewWriteCounter(w io.Writer) *WriteCounter {
 	return &WriteCounter{
 		Writer: w,

vendor/modules.txt

@@ -55,7 +55,7 @@ github.com/docker/distribution/registry/client/transport
 github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
-# github.com/docker/docker v27.4.2-0.20241220164841-c23af2910987+incompatible
+# github.com/docker/docker v27.5.0+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types