compression=estargz is ignored when platforms is specified, even with force-compression=true

[habibimustafa]

Contributing guidelines

• I've read the contributing guidelines and wholeheartedly agree

I've found a bug, and:

• The documentation does not mention anything about my problem
• There are no open or closed issues that are related to my problem

Description

Problem Description

The docker/build-push-action@v6 appears to ignore the compression=estargz and force-compression=true options within the outputs parameter. This occurs when building for a specific platform (e.g., platforms: linux/amd64). The resulting image layers are consistently compressed with standard gzip instead of the requested estargz, even in a minimal configuration with caching disabled.

Minimal Reproducible Example

This issue can be reproduced with a brand new repository containing only the following two files.

1. Dockerfile.debug
   A simple Dockerfile with one new layer.

# Dockerfile.debug
FROM alpine:3.22

RUN echo "This is a test layer." > /hello.txt

2. .github/workflows/debug.yml
   A minimal workflow that uses the latest actions and has no caching enabled.

name: Debug eStargz Build

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  debug-estargz-build:
    name: Reproduce eStargz Bug
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker-container

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Push Minimal Debug Image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile.debug
          push: true
          platforms: linux/amd64
          tags: ghcr.io/${{ github.repository_owner }}/debug-estargz:latest
          
          # These compression settings are being ignored
          outputs: type=registry,oci-mediatypes=true,compression=estargz,force-compression=true

Steps to Reproduce

• Create a new, empty repository on GitHub.
• Add the Dockerfile.debug file to the repository.
• Add the workflow file at .github/workflows/debug.yml.
• Push the changes to the main branch to trigger the workflow.
• After the workflow successfully completes, inspect the manifest of the pushed image using a tool like crane.

    crane manifest ghcr.io/<your-org>/<your-repo>/debug-estargz:latest | jq '.layers[].mediaType'

Additional Context & What We've Ruled Out

• This issue was discovered through an extensive debugging process. We can confirm:
• This is not a resource issue; the bug reproduces on standard runners and on powerful 8-core, 16GB runners.
• This is not a caching issue; the bug reproduces with a clean cache, a misconfigured cache, and with caching completely disabled (as shown in the minimal example).
• The issue is not specific to our application's Dockerfile; it reproduces with the minimal alpine-based Dockerfile above.
• The issue persists even when attempting to align the cache-to exporter by adding compression=estargz to it.

This behavior strongly suggests a bug within the Buildx/BuildKit toolchain where the exporter settings are being incorrectly overridden or ignored when a platforms argument is present.

Expected behaviour

The output of the crane command should show that the image layers have the estargz media type suffix, confirming that the compression setting was honored.

JSON

"application/vnd.oci.image.layer.v1.tar+gzip+eswt"
"application/vnd.oci.image.layer.v1.tar+gzip+eswt"

Actual behaviour

The actual output shows that the layers have the standard gzip media type. The compression=estargz and force-compression=true flags were ignored by the builder.

JSON

"application/vnd.oci.image.layer.v1.tar+gzip"
"application/vnd.oci.image.layer.v1.tar+gzip"

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: Debug eStargz Build

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  debug-estargz-build:
    name: Reproduce eStargz Bug
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker-container

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Push Minimal Debug Image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile.debug
          push: true
          platforms: linux/amd64
          tags: ghcr.io/${{ github.repository_owner }}/debug-estargz:latest
          # These compression settings are being ignored
          outputs: type=registry,oci-mediatypes=true,compression=estargz,force-compression=true

Workflow logs

No response

BuildKit logs

Additional info

No response

[crazy-max]

Thanks for this report, will take a closer look and come back to you.