build:
context: .
dockerfile_inline: |
FROM baseimage
RUN some command
```
### `entitlements`
{{< summary-bar feature_name="Build entitlements" >}}
`entitlements` defines extra privileged entitlements to be allowed during the build.
```yaml
entitlements:
- network.host
- security.insecure
```
### `extra_hosts`
`extra_hosts` adds hostname mappings at build-time. Use the same syntax as [`extra_hosts`](services.md#extra_hosts).
```yml
extra_hosts:
- "somehost=162.242.195.82"
- "otherhost=50.31.209.229"
- "myhostv6=::1"
```
IPv6 addresses can be enclosed in square brackets, for example:
```yml
extra_hosts:
- "myhostv6=[::1]"
```
The separator `=` is preferred, but `:` can also be used. Introduced in Docker Compose version [2.24.1](/manuals/compose/releases/release-notes.md#2241). For example:
```yml
extra_hosts:
- "somehost:162.242.195.82"
- "myhostv6:::1"
```
Compose creates matching entry with the IP address and hostname in the container's network
configuration, which means for Linux `/etc/hosts` will get extra lines:
```text
162.242.195.82 somehost
50.31.209.229 otherhost
::1 myhostv6
```
### `isolation`
`isolation` specifies a build’s container isolation technology. Like [isolation](services.md#isolation), supported values
are platform specific.
### `labels`
`labels` add metadata to the resulting image. `labels` can be set either as an array or a map.
It's recommended that you use reverse-DNS notation to prevent your labels from conflicting with other software.
```yml
build:
context: .
labels:
com.example.description: "Accounting webapp"
com.example.department: "Finance"
com.example.label-with-empty-value: ""
```
```yml
build:
context: .
labels:
- "com.example.description=Accounting webapp"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
```
### `network`
Set the network containers connect to for the `RUN` instructions during build.
```yaml
build:
context: .
network: host
```
```yaml
build:
context: .
network: custom_network_1
```
Use `none` to disable networking during build:
```yaml
build:
context: .
network: none
```
### `no_cache`
`no_cache` disables image builder cache and enforces a full rebuild from source for all image layers. This only
applies to layers declared in the Dockerfile, referenced images can be retrieved from local image store whenever tag
has been updated on registry (see [pull](#pull)).
### `platforms`
`platforms` defines a list of target [platforms](services.md#platform).
```yml
build:
context: "."
platforms:
- "linux/amd64"
- "linux/arm64"
```
When the `platforms` attribute is omitted, Compose includes the service's platform
in the list of the default build target platforms.
When the `platforms` attribute is defined, Compose includes the service's
platform, otherwise users won't be able to run images they built.
Composes reports an error in the following cases:
- When the list contains multiple platforms but the implementation is incapable of storing multi-platform images.
- When the list contains an unsupported platform.
```yml
build:
context: "."
platforms:
- "linux/amd64"
- "unsupported/unsupported"
```
- When the list is non-empty and does not contain the service's platform.
```yml
services:
frontend:
platform: "linux/amd64"
build:
context: "."
platforms:
- "linux/arm64"
```
### `privileged`
{{< summary-bar feature_name="Build privileged" >}}
`privileged` configures the service image to build with elevated privileges. Support and actual impacts are platform specific.
```yml
build:
context: .
privileged: true
```
### `pull`
`pull` requires the image builder to pull referenced images (`FROM` Dockerfile directive), even if those are already
available in the local image store.
### `secrets`
`secrets` grants access to sensitive data defined by [secrets](services.md#secrets) on a per-service build basis. Two