Files
wehub-resource-sync 70bf21e064
Deploy (to testing) and Test Playground Preview Worker / Deploy Playground Preview Worker (testing) (push) Has been skipped
Deploy Workers Shared Staging / Deploy Workers Shared Staging (push) Failing after 0s
Prerelease / build (push) Has been skipped
Handle Changesets / Handle Changesets (push) Has been cancelled
Semgrep OSS scan / semgrep-oss (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:30:11 +08:00

22 KiB

@cloudflare/containers-shared

0.16.0

Minor Changes

  • #14311 34e0cef Thanks @sherryliu-lsy! - Add Google Artifact Registry support to containers registries configure

    wrangler containers registries configure now recognizes *-docker.pkg.dev (Google Artifact Registry) domains.

    • The Google service account email is the public credential, supplied with --gar-email. It must match the client_email in the service account key.
    • The service account JSON key is the private credential. It is provided via stdin (a file path, raw JSON, or base64) or an interactive prompt (a file path or base64) — never as a CLI flag, so it does not appear in shell history. The key is validated against --gar-email and stored base64-encoded.
    • Secret reuse inherits the existence-first flow: when the target Secrets Store secret already exists, it is reused by reference and the key is not required. In that case the email cannot be verified locally; it is validated against the key when images are pulled.
    <path-to-key>.json | npx wrangler@latest containers registries configure <region>-docker.pkg.dev --gar-email=<service-account-email> --secret-name=Google_Service_Account_JSON_Key
    

0.15.1

Patch Changes

  • #13963 adc9221 Thanks @gabivlj! - Preserve sibling container image tags during local dev cleanup

    Wrangler now keeps other cloudflare-dev image tags from the same dev session when multiple containers share a Dockerfile. Previously, duplicate-image cleanup could remove earlier container tags if Docker BuildKit produced the same image ID for each build.

0.15.0

Minor Changes

  • #12656 ae047ee Thanks @mikenomitch! - Add --containers-rollout=none

    This allows you to skip deploying a container. This is useful if you know that your container is not going to be updated or you don't have Docker locally, but still want to make changes to your Worker.

Patch Changes

  • #13950 f78d435 Thanks @dario-piotrowicz! - Improve the Docker CLI error message to be more actionable.

    Include a link to Docker installation docs, platform-specific instructions for starting the daemon, and guidance for alternative Docker-compatible CLIs.

  • #13950 f78d435 Thanks @dario-piotrowicz! - Refactor verifyDockerInstalled to accept an options object instead of positional parameters

    The function signature changed from (dockerPath: string, isDev?: boolean) to ({ dockerPath, isDev }: { dockerPath: string; isDev?: boolean }) for improved readability and extensibility.

0.14.1

Patch Changes

  • #13611 6e99feb Thanks @smaldd14! - Support Cloudflare-managed registry images in Vite plugin local dev

    Previously, using a registry.cloudflare.com image in a containers binding would crash vite dev with an unsupported error. The Vite plugin now configures the Cloudflare API client using CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID before pulling container images, matching the behavior of wrangler dev.

0.14.0

Minor Changes

  • #13571 7dc0433 Thanks @must108! - Add regional and jurisdictional placement constraints for Containers. Users can now set constraints.regions and constraints.jurisdiction in wrangler config to control where containers run.

0.13.1

Patch Changes

  • #13049 7a5be20 Thanks @nikitassharma! - add library-push flag to containers registries credentials

    This flag is not available for public use.

0.13.0

Minor Changes

  • #12943 0f10583 Thanks @gabivlj! - containers: Upgrade proxy-everything to cloudflare/proxy-everything:3cb1195

    This proxy-everything version adds support to filter DNS queries, necessary for interceptOutboundHttp constrained by domain.

Patch Changes

  • #12893 782df44 Thanks @gpanders! - Rewrite wrangler containers list to use the paginated Dash API endpoint

    wrangler containers list now fetches from the /dash/applications endpoint instead of /applications, displaying results in a paginated table with columns for ID, Name, State, Live Instances, and Last Modified. Container state is derived from health instance counters (active, degraded, provisioning, ready).

    The command supports --per-page (default 25) for interactive pagination with Enter to load more and q/Esc to quit, and --json for machine-readable output. Non-interactive environments load all results in a single request.

0.12.0

Minor Changes

  • #12873 2b9a186 Thanks @gpanders! - Add wrangler containers instances <application_id> command to list container instances

    Lists all container instances for a given application, matching the Dash instances view. Displays instance ID, state, location, version, and creation time. Supports pagination for applications with many instances. Also adds paginated request support to the containers-shared API client.

0.11.0

Minor Changes

  • #12857 3f09bb2 Thanks @gabivlj! - Update the proxy-everything image used for containers local dev

    The egress interceptor image now supports HTTPS and ingress over HTTP CONNECT in workerd.

0.10.0

Minor Changes

  • #12649 35b2c56 Thanks @gabivlj! - Add experimental support for containers to workers communication with interceptOutboundHttp

    This feature is experimental and requires adding the "experimental" compatibility flag to your Wrangler configuration.

Patch Changes

  • #11332 6a8aa5f Thanks @nikitassharma! - Users are now able to configure DockerHub credentials and have containers reference images stored there.

    DockerHub can be configured as follows:

    echo $PAT_TOKEN | npx wrangler@latest containers registries configure docker.io --dockerhub-username=user --secret-name=DockerHub_PAT_Token
    

    Containers can then specify an image from DockerHub in their wrangler.jsonc as follows:

    "containers": {
      "image": "docker.io/namespace/image:tag",
      ...
    }
    

0.9.0

Minor Changes

  • #12433 2acb277 Thanks @martinezjandrew! - Updated registries delete subcommand to handle new API response that now returns a secrets store secret reference after deletion. Wrangler will now prompt the user if they want to delete the associated secret. If so, added new logic to retrieve a secret by its name. The subcommand will then delete the secret.

0.8.0

Minor Changes

  • #11755 0f8d69d Thanks @nikitassharma! - Users can now specify constraints.tiers for their container applications. tier is deprecated in favor of tiers. If left unset, we will default to tiers: [1, 2]. Note that constraints is an experimental feature.

0.7.0

Minor Changes

  • #11702 f612b46 Thanks @gpanders! - Add support for trusted_user_ca_keys in Wrangler

    You can now configure SSH trusted user CA keys for containers. Add the following to your wrangler.toml:

    [[containers.trusted_user_ca_keys]]
    public_key = "ssh-ed25519 AAAAC3..."
    

    This allows you to specify CA public keys that can be used to verify SSH user certificates.

  • #11437 9e360f6 Thanks @ichernetsky-cf! - Drop deprecated containers observability.logging field

Patch Changes

  • #11768 2a4299d Thanks @gpanders! - Rename "durable_objects_active" field in ApplicationHealthInstances to "active"

0.6.0

Minor Changes

  • #11196 171cfd9 Thanks @emily-shen! - For containers being created in a FedRAMP high environment, registry credentials are encrypted by the container platform. Update wrangler to correctly send a request to configure a registry for FedRAMP containers.

0.5.0

Minor Changes

0.4.0

Minor Changes

  • #11360 6b38532 Thanks @emily-shen! - Containers: Allow users to directly authenticate external image registries in local dev

    Previously, we always queried the API for stored registry credentials and used those to pull images. This means that if you are using an external registry (ECR, dockerhub) then you have to configure registry credentials remotely before running local dev.

    Now you can directly authenticate with your external registry provider (using docker login etc.), and Wrangler or Vite will be able to pull the image specified in the containers.image field in your config file.

    The Cloudflare-managed registry (registry.cloudflare.com) currently still does not work with the Vite plugin.

0.3.0

Minor Changes

  • #10605 b55a3c7 Thanks @emily-shen! - Add command to configure credentials for non-Cloudflare container registries

    Note this is a closed/experimental command that will not work without the appropriate account-level capabilities.

0.2.13

Patch Changes

  • #11007 cf16deb Thanks @gpanders! - Correctly handle image names that contain a slash

  • #11000 a6de9db Thanks @jonboulle! - always load container image into local store during build

    BuildKit supports different build drivers. When using the more modern docker-container driver (which is now the default on some systems, e.g. a standard Docker installation on Fedora Linux), it will not automatically load the built image into the local image store. Since wrangler expects the image to be there (e.g. when calling getImageRepoTags), it will thus fail, e.g.:

    ⎔ Preparing container image(s)...
    [+] Building 0.3s (8/8) FINISHED                                                                                                                                                                                                     docker-container:default
    
    [...]
    
    WARNING: No output specified with docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load
    
    ✘ [ERROR] failed inspecting image locally: Error response from daemon: failed to find image cloudflare-dev/sandbox:f86e40e4: docker.io/cloudflare-dev/sandbox:f86e40e4: No such image
    
    

    Explicitly setting the --load flag (equivalent to -o type=docker) during the build fixes this and should make the build a bit more portable without requiring users to change their default build driver configuration.

0.2.12

Patch Changes

  • #10634 62656bd Thanks @emily-shen! - fix: error if the container image uri has an account id that doesn't match the current account

0.2.11

Patch Changes

  • #10623 7a6381c Thanks @IRCody! - Handle more cases for correctly resolving the full uri for an image when using containers push.

  • #10808 a7f6966 Thanks @nikitassharma! - When returning the default managed registry, inspect the environment variable WRANGLER_API_ENVIRONMENT to determine if we should be returning the production or staging registry.

  • #10769 0a554f9 Thanks @penalosa! - Mark more errors as UserError to disable Sentry reporting

0.2.10

Patch Changes

  • #10289 a5a1426 Thanks @emily-shen! - Cleanup container images created during local dev if no changes have been made.

    We now untag old images that were created by Wrangler/Vite if we find that the image content and configuration is unchanged, so that we don't keep accumulating image tags.

0.2.9

Patch Changes

0.2.8

Patch Changes

  • #10061 f8a80a8 Thanks @emily-shen! - feat(containers): try to automatically get the socket path that the container engine is listening on.

    Currently, if your container engine isn't set up to listen on unix:///var/run/docker.sock (or isn't symlinked to that), then you have to manually set this via the dev.containerEngine field in your Wrangler config, or via the env vars WRANGLER_DOCKER_HOST. This change means that we will try and get the socket of the current context automatically. This should reduce the occurrence of opaque internal errors thrown by the runtime when the daemon is not listening on unix:///var/run/docker.sock.

    In addition to WRANGLER_DOCKER_HOST, DOCKER_HOST can now also be used to set the container engine socket address.

0.2.7

Patch Changes

  • #9819 0c4008c Thanks @CarmenPopoviciu! - feat(vite-plugin): Add containers support in vite dev

    Adds support for Cloudflare Containers in vite dev. Please note that at the time of this PR a container image can only specify the path to a Dockerfile. Support for registry links will be added in a later version, as will containers support in vite preview.

0.2.6

Patch Changes

0.2.5

Patch Changes

0.2.4

Patch Changes

0.2.3

Patch Changes

  • #9872 a727db3 Thanks @emily-shen! - fix: resolve Dockerfile path relative to the Wrangler config path

    This fixes a bug where Wrangler would not be able to find a Dockerfile if a Wrangler config path had been specified with the --config flag.

0.2.2

Patch Changes

0.2.1

Patch Changes

0.2.0

Minor Changes

  • #9675 caf97e4 Thanks @emily-shen! - containers-shared contains shared code relating to containers that is used across workers-sdk.

Patch Changes

  • #9653 8a60fe7 Thanks @penalosa! - Rename WRANGLER_CONTAINERS_DOCKER_PATH to WRANGLER_DOCKER_BIN

  • #9653 8a60fe7 Thanks @penalosa! - Add a warning banner to wrangler cloudchamber and wrangler containers commands

  • #9605 17d23d8 Thanks @emily-shen! - Add rebuild hotkey for containers local dev, and clean up containers at the end of a dev session.