RUN --mount flags are not supported on Windows containers and will fail at runtime.
Description
AllRUN --mount types (cache, secret, ssh, bind, tmpfs) fail at runtime on Windows containers.
BuildKit’s Dockerfile frontend has no platform guard for mount flags — dispatchRunMounts() processes every
mount type identically regardless of OS. The build starts successfully, pulls the base image, and begins
executing layers, only to fail at the containerd/HCS runtime layer when the mount is set up.
On large Windows images (5+ GB base layers), this means the user may wait minutes before hitting the error.
This rule catches the problem immediately at lint time.
Why this matters
- Guaranteed build failure — this is not a style issue; the build will break
- Late failure — BuildKit validates mounts without error; the failure only surfaces at container runtime
- Expensive retry — Windows base image pulls are large (ServerCore ~5 GB); catching early saves minutes