Skip to main content
BuildCharts generates a docker-bake.hcl file because Docker Buildx Bake is the execution layer for the build plan.

What Bake is

Docker describes Bake as a declarative way to define build configuration, instead of rebuilding complex docker build commands from CLI flags on every run. In BuildCharts, that means:
  • build.yml defines build intent
  • Chart.yaml maps target types to OCI-hosted implementations
  • buildcharts generate renders the final docker-bake.hcl
  • docker buildx bake executes the generated plan

Why BuildCharts uses Bake

Bake fits BuildCharts well because it provides:
  • Declarative build configuration in a file instead of long CLI commands
  • A native way to run multiple targets in parallel
  • Groups and targets that map cleanly to BuildCharts stage types
  • A structured place for args, tags, outputs, contexts, entitlements, provenance, and SBOM settings
  • A standard Docker-native interface that works locally and in CI

Benefits for BuildCharts users

Simpler execution

After generation, the runtime command is predictable: 
docker buildx bake --file .buildcharts/docker-bake.hcl
You do not need to manually reconstruct build arguments, output settings, or target wiring in scripts.

Parallel targets

Bake runs specified targets in parallel. This is useful in BuildCharts because a repository can generate separate build, test, nuget, and docker targets from one metadata model.

Single target

You can run a single target when you only want one stage. For example, run only tests with: 
docker buildx bake --file .buildcharts/docker-bake.hcl test

Better reuse of shared configuration

Bake groups related targets and centralizes shared settings. BuildCharts uses that to emit common variables and target-level configuration without duplicating command-line flags per step.

Easier inspection and debugging

Bake supports commands such as:
  • docker buildx bake --print
  • docker buildx bake --list
  • docker buildx history ls
  • docker buildx history inspect
That makes it easier to inspect the generated build plan and troubleshoot failures after execution.

Better fit for advanced Docker build features

Bake exposes first-class support for features that matter in BuildCharts:
  • outputs
  • multi-platform builds
  • cache configuration
  • entitlements
  • provenance and SBOM attestation
  • target overrides with --set

SBOM and provenance

There are two related but separate concerns:
  • securing the chart artifact itself
  • securing the images and outputs produced by the generated build
For the chart artifact, signing and policy verification are usually the most important controls. For built images, use Buildx attestations to attach:
  • provenance
  • SBOM
This fits BuildCharts well because the generated docker-bake.hcl is executed by Docker Buildx, which already supports provenance and SBOM attestations in the image build flow.

Typical BuildCharts flow

buildcharts generate
docker buildx bake --file .buildcharts/docker-bake.hcl
You can also target a specific generated stage: 
docker buildx bake --file .buildcharts/docker-bake.hcl test

Read more

Last modified on March 15, 2026