Skip to main content
RUN --mount flags are not supported on Windows containers and will fail at runtime.

Description

All RUN --mount types (cache, secret, ssh, bind, tmpfs) fail at runtime on Windows containers. BuildKit’s Dockerfile frontend has no platform guard for mount flags — dispatchRunMounts() processes every mount type identically regardless of OS. The build starts successfully, pulls the base image, and begins executing layers, only to fail at the containerd/HCS runtime layer when the mount is set up. On large Windows images (5+ GB base layers), this means the user may wait minutes before hitting the error. This rule catches the problem immediately at lint time.

Why this matters

  • Guaranteed build failure — this is not a style issue; the build will break
  • Late failure — BuildKit validates mounts without error; the failure only surfaces at container runtime
  • Expensive retry — Windows base image pulls are large (ServerCore ~5 GB); catching early saves minutes

Examples

Violation

No violation

Affected mount types

Configuration

This rule has no rule-specific options.

References