diff --git a/.github/workflows/build-publish-from-fork.yaml b/.github/workflows/build-publish-from-fork.yaml
deleted file mode 100644
index 7a2ff2b9f..000000000
--- a/.github/workflows/build-publish-from-fork.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-name: build-publish-from-fork
-on:
-  workflow_dispatch: {}
-  push: {}
-  pull_request: {}
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    if: github.repository != 'getporter/porter'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-      - uses: actions/setup-go@v3
-        with:
-          go-version-file: go.mod
-          cache: true
-          cache-dependency-path: go.sum
-      - name: Set up Mage
-        run: go run mage.go EnsureMage
-      - name: Publish
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          PORTER_REGISTRY: ghcr.io/${{ github.repository }}
-        run: |
-          mage -v XBuildAll
-          mage -v PublishServerMultiArchImages
diff --git a/.github/workflows/build_pipelinesrelease_template.yml b/.github/workflows/build_pipelinesrelease_template.yml
index c4cc138da..7261baf28 100644
--- a/.github/workflows/build_pipelinesrelease_template.yml
+++ b/.github/workflows/build_pipelinesrelease_template.yml
@@ -91,34 +91,12 @@ jobs:
       run: mage TestUnit
       shell: bash
   Validate-integration_test:
-    env:
-      GHCR_IOGETPORTER_DOCKER_REGISTRY: https://ghcr.io
-      GHCR_IOGETPORTER_DOCKER_USERNAME: getporterbot
     name: Integration Test
     needs:
     - Validate-build
-    runs-on: ubuntu-latest
-    steps:
-    - name: checkout
-      uses: actions/checkout@v4.1.0
-    - uses: actions/setup-go@v4
-      with:
-        go-version: "${{ inputs.GOVERSION }}"
-    - name: Download Bin
-      uses: actions/download-artifact@v4.1.0
-      with:
-        name: build-bin
-        path: bin
-    - name: Docker Login
-      uses: docker/login-action@v3.0.0
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Configure Agent
-      run: go run mage.go ConfigureAgent SetBinExecutable
-    - name: Integration Test
-      run: mage -v TestIntegration
+    uses: "./.github/workflows/porter-integration-release.yml"
+    with:
+      registry: ${{inputs.registry}}
   Validate-smoke_test:
     name: Run smoke tests on
     needs:
@@ -140,7 +118,7 @@ jobs:
       run: go run mage.go ConfigureAgent UseXBuildBinaries
     - name: Run Smoke Tests
       run: mage -v TestSmoke
-  Publish-publish_binaries:
+  publish_binaries:
     name: Publish Binaries
     needs:
     - Validate-build
@@ -150,6 +128,7 @@ jobs:
     - Validate-integration_test
     - Validate-smoke_test
     runs-on: ubuntu-latest
+    permissions: write-all
     if: success() && inputs.shouldPublish
     steps:
     - name: checkout
@@ -167,11 +146,13 @@ jobs:
     - name: Publish Porter Binaries
       env:
         GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        VERSION: ${{github.ref_name}}
       run: mage PublishPorter PublishMixins
-  Publish-publish_docker:
+  publish-ghcr:
     env:
-      DOCKER_REGISTRY:
-      DOCKER_USERNAME:
+      DOCKER_REGISTRY: ${{inputs.registry}}
+      DOCKER_USERNAME: getporterbot
+      VERSION: ${{github.ref_name}}
     name: Publish Docker Images
     needs:
     - Validate-build
@@ -181,6 +162,7 @@ jobs:
     - Validate-integration_test
     - Validate-smoke_test
     runs-on: ubuntu-latest
+    permissions: write-all
     if: success() && inputs.shouldPublish
     steps:
     - name: checkout
@@ -195,12 +177,11 @@ jobs:
         path: bin
     - name: Setup Bin
       run: go run mage.go ConfigureAgent UseXBuildBinaries
-    # Unable to determine registry '${{parameters.registry}}' type. The service connection was not found or the authentication type not supported.
-    - name: Docker Login
+    - name: Login to Container Registry
       uses: docker/login-action@v3.0.0
       with:
-        registry: "${{ env.DOCKER_REGISTRY }}"
-        username: "${{ env.DOCKER_USERNAME }}"
-        password: "${{ secrets.DOCKER_PASSWORD }}"
+        registry: "${{inputs.registry}}"
+        username: "${{ github.actor }}"
+        password: "${{ secrets.GITHUB_TOKEN }}"
     - name: Publish Docker Images to ${{inputs.registry}}
       run: PORTER_REGISTRY=${{inputs.registry}} mage PublishImages
diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index 99576c64f..9d306c380 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -14,7 +14,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           cache: true
diff --git a/.github/workflows/close-issues.yaml b/.github/workflows/close-issues.yaml
index 3487ea91b..702fc94a7 100644
--- a/.github/workflows/close-issues.yaml
+++ b/.github/workflows/close-issues.yaml
@@ -10,10 +10,10 @@ on:
       - release/*
 
 jobs:
-  closeIssue:
+  closeIssueOnPrMergeTrigger:
     runs-on: ubuntu-latest
     steps:
       - name: Closes issues related to a merged pull request.
-        uses: ldez/gha-mjolnir@v1.1.0
+        uses: ldez/gha-mjolnir@v1.0.3
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 6b4fea43c..51c579f2b 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -21,7 +21,7 @@ jobs:
         with:
           fetch-depth: 0 # Get all git history
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           cache: true
diff --git a/.github/workflows/integ-reuseable-workflow.yml b/.github/workflows/integ-reuseable-workflow.yml
new file mode 100644
index 000000000..699e82e65
--- /dev/null
+++ b/.github/workflows/integ-reuseable-workflow.yml
@@ -0,0 +1,45 @@
+name: integ reusable workflow
+
+on:
+  workflow_call:
+    inputs:
+        test_name:
+            type: string
+            required: true
+        registry:
+            type: string
+            required: true
+            default: ghcr.io
+env:
+    GOVERSION: 1.20.7
+    PORTER_INTEG_FILE: ${{inputs.test_name}}.go
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4.1.0
+    - uses: actions/setup-go@v4
+      with:
+        go-version: "${{ env.GOVERSION }}"
+        cache: true
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Cache Docker layers
+      uses: actions/cache@v3
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.sha }}
+    - name: Docker Login
+      uses: docker/login-action@v3.0.0
+      with:
+        registry: ${{inputs.registry}}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Configure Agent
+      run: go run mage.go build
+      shell: bash
+    - name: Integration Test
+      run: go run mage.go -v TestIntegration
+      shell: bash
diff --git a/.github/workflows/porter-integration-pr.yml b/.github/workflows/porter-integration-pr.yml
new file mode 100644
index 000000000..4dfe1972b
--- /dev/null
+++ b/.github/workflows/porter-integration-pr.yml
@@ -0,0 +1,123 @@
+name: porter/porter-integration
+on:
+  pull_request:
+    branches:
+    - main
+    paths-ignore:
+    - 'docs/**'
+
+env:
+    GOVERSION: 1.20.7
+
+jobs:
+  archive_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: archive_test
+  build_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: build_test
+  cli_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: cli_test
+  connection_nix_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: connection_nix_test
+  copy_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: copy_test
+  dependenciesv1_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: dependenciesv1_test
+  dependenciesv2_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: dependenciesv2_test
+  driver_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: driver_test
+  install_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: install_test
+  invoke_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: invoke_test
+  lint_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: lint_test
+  migration_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: migration_test
+  outputs_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: outputs_test
+  publish_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: publish_test
+  pull_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: pull_test
+  registry_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: registry_integration_test
+  schema_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: schema_test
+  sensitive_data_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: sensitive_data_test
+  suppress_output_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: suppress_output_test
+  telemetry_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: telemetry_test
+   # Reusable workflows only supports 20 jobs
+  uninstall_test_integ:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4.1.0
+    - uses: actions/setup-go@v4
+      with:
+        go-version: "${{ env.GOVERSION }}"
+        cache: true
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Cache Docker layers
+      uses: actions/cache@v3
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.sha }}
+    - name: Docker Login
+      uses: docker/login-action@v3.0.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Configure Agent
+      run: go run mage.go build
+      shell: bash
+    - name: Integration Test
+      env: 
+        PORTER_INTEG_FILE: uninstall_test.go
+      run: go run mage.go -v TestIntegration 
+      shell: bash
diff --git a/.github/workflows/porter-integration-release.yml b/.github/workflows/porter-integration-release.yml
new file mode 100644
index 000000000..e6876b39c
--- /dev/null
+++ b/.github/workflows/porter-integration-release.yml
@@ -0,0 +1,144 @@
+name: porter/porter-integration
+on:
+  workflow_call:
+    inputs:
+      registry:
+        type: string
+        required: false
+        default: ghcr.io
+
+env:
+  GOVERSION: 1.20.7
+
+jobs:
+  archive_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: archive_test
+      registry: ${{inputs.registry}}
+  build_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: build_test
+      registry: ${{inputs.registry}}
+  cli_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: cli_test
+      registry: ${{inputs.registry}}
+  connection_nix_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: connection_nix_test
+      registry: ${{inputs.registry}}
+  copy_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: copy_test
+      registry: ${{inputs.registry}}
+  dependenciesv1_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: dependenciesv1_test
+      registry: ${{inputs.registry}}
+  dependenciesv2_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: dependenciesv2_test
+      registry: ${{inputs.registry}}
+  driver_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: driver_test
+      registry: ${{inputs.registry}}
+  install_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: install_test
+      registry: ${{inputs.registry}}
+  invoke_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: invoke_test
+      registry: ${{inputs.registry}}
+  lint_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: lint_test
+      registry: ${{inputs.registry}}
+  migration_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: migration_test
+      registry: ${{inputs.registry}}
+  outputs_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: outputs_test
+      registry: ${{inputs.registry}}
+  publish_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: publish_test
+      registry: ${{inputs.registry}}
+  pull_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: pull_test
+      registry: ${{inputs.registry}}
+  registry_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: registry_integration_test
+      registry: ${{inputs.registry}}
+  schema_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: schema_test
+      registry: ${{inputs.registry}}
+  sensitive_data_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: sensitive_data_test
+      registry: ${{inputs.registry}}
+  suppress_output_integration_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: suppress_output_test
+      registry: ${{inputs.registry}}
+  telemetry_test:
+    uses: getporter/porter/.github/workflows/integ-reuseable-workflow.yml@main
+    with:
+      test_name: telemetry_test
+      registry: ${{inputs.registry}}
+   # Reusable workflows only supports 20 jobs
+  uninstall_test_integ:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4.1.0
+    - uses: actions/setup-go@v4
+      with:
+        go-version: "${{ env.GOVERSION }}"
+        cache: true
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Cache Docker layers
+      uses: actions/cache@v3
+      with:
+        path: /tmp/.buildx-cache
+        key: ${{ runner.os }}-buildx-${{ github.sha }}
+    - name: Docker Login
+      uses: docker/login-action@v3.0.0
+      with:
+        registry: ${{inputs.registry}}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Configure Agent
+      run: go run mage.go build
+      shell: bash
+    - name: Integration Test
+      env: 
+        PORTER_INTEG_FILE: uninstall_test.go
+      run: go run mage.go -v TestIntegration 
+      shell: bash
diff --git a/.github/workflows/porter-integration.yml b/.github/workflows/porter-integration.yml
deleted file mode 100644
index 7a177e2f3..000000000
--- a/.github/workflows/porter-integration.yml
+++ /dev/null
@@ -1,37 +0,0 @@
-name: porter/porter-integration
-# this will only run when this is on main branch apparently so use pr for now (temporary)
-#on:
-#  issue_comment:
-#    types: [created, edited]
-on:
-  pull_request:
-    branches:
-    - main
-    paths-ignore:
-    - 'docs/**'
-
-env:
-  GOVERSION: 1.20.7
-
-jobs:
-  Integration_test:
-    name: Integration Test
-    runs-on: ubuntu-latest
-    steps:
-    - name: checkout
-      uses: actions/checkout@v4.1.0
-    - uses: actions/setup-go@v4
-      with:
-        go-version: "${{ env.GOVERSION }}"
-    - name: Docker Login
-      uses: docker/login-action@v3.0.0
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Native Build
-      run: go run mage.go Build
-      shell: bash
-    - name: Integration Test
-      run: go run mage.go -v TestIntegration
-      shell: bash
diff --git a/.github/workflows/porter.yml b/.github/workflows/porter.yml
index 348c73d3f..14472eefc 100644
--- a/.github/workflows/porter.yml
+++ b/.github/workflows/porter.yml
@@ -18,6 +18,7 @@ jobs:
     - uses: actions/setup-go@v4
       with:
         go-version: "${{ env.GOVERSION }}" # The Go version to download (if necessary) and use.
+        cache: true
     - run: go version
     - name: Native Build
       run: go run mage.go build
@@ -37,6 +38,7 @@ jobs:
     - uses: actions/setup-go@v4
       with:
         go-version: "${{ env.GOVERSION }}" # The Go version to download (if necessary) and use.
+        cache: true
     - run: go version
     - name: Cross Compile
       run: go run mage.go -v XBuildAll
@@ -56,6 +58,7 @@ jobs:
     - uses: actions/setup-go@v4
       with:
         go-version: "${{ env.GOVERSION }}" # The Go version to download (if necessary) and use.
+        cache: true
     - run: go version
     - name: Unit Test
       run: go run mage.go -v TestUnit
@@ -70,6 +73,7 @@ jobs:
     - uses: actions/setup-go@v4
       with:
         go-version: "${{ env.GOVERSION }}" # The Go version to download (if necessary) and use.
+        cache: true
     - run: go version
     - name: Vet
       run: go run mage.go Vet
@@ -90,6 +94,7 @@ jobs:
     - uses: actions/setup-go@v4
       with:
         go-version: "${{ env.GOVERSION }}" # The Go version to download (if necessary) and use.
+        cache: true
     - run: go version
     - name: Download Cross-Compiled Porter Binaries
       uses: actions/download-artifact@v3.0.1
@@ -117,6 +122,7 @@ jobs:
     - uses: actions/setup-go@v4
       with:
         go-version: "${{ env.GOVERSION }}" # The Go version to download (if necessary) and use.
+        cache: true
     - run: go version
     - name: Setup Bin
       run: go run mage.go UseXBuildBinaries
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 05ac36e4a..d6c0fa8fb 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -21,7 +21,7 @@ jobs:
         with:
           fetch-depth: 0 # Get all git history
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version-file: go.mod
           cache: true
diff --git a/build/testdata/bundles/wordpress/.gitignore b/build/testdata/bundles/wordpress/.gitignore
index ea5d8c03a..e69de29bb 100644
--- a/build/testdata/bundles/wordpress/.gitignore
+++ b/build/testdata/bundles/wordpress/.gitignore
@@ -1,2 +0,0 @@
-Dockerfile
-.cnab
diff --git a/build/testdata/bundles/wordpressv2/.gitignore b/build/testdata/bundles/wordpressv2/.gitignore
new file mode 100644
index 000000000..e69de29bb
diff --git a/cmd/porter/installations.go b/cmd/porter/installations.go
index 2d9daedc2..94105b77b 100644
--- a/cmd/porter/installations.go
+++ b/cmd/porter/installations.go
@@ -418,6 +418,7 @@ func addBundleActionFlags(f *pflag.FlagSet, actionOpts porter.BundleAction) {
 	addBundlePullFlags(f, &opts.BundlePullOptions)
 	f.BoolVar(&opts.AllowDockerHostAccess, "allow-docker-host-access", false,
 		"Controls if the bundle should have access to the host's Docker daemon with elevated privileges. See https://getporter.org/configuration/#allow-docker-host-access for the full implications of this flag.")
+	f.StringArrayVar(&opts.HostVolumeMounts, "mount-host-volume", nil, "Mount a host volume into the bundle. Format is <host path>:<container path>[:<option>]. May be specified multiple times. Option can be ro (read-only), rw (read-write), default is ro.")
 	f.BoolVar(&opts.NoLogs, "no-logs", false,
 		"Do not persist the bundle execution logs")
 	f.StringArrayVarP(&opts.ParameterSets, "parameter-set", "p", nil,
diff --git a/go.mod b/go.mod
index 28d4f8939..717c06faf 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ replace (
 )
 
 require (
-	get.porter.sh/magefiles v0.6.1-0.20230822194230-77c3a69ead68
+	get.porter.sh/magefiles v0.6.1
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/carolynvs/aferox v0.3.0
@@ -46,7 +46,7 @@ require (
 	github.com/mikefarah/yq/v3 v3.0.0-20201202084205-8846255d1c37
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/mmcdole/gofeed v1.2.1
-	github.com/moby/buildkit v0.12.2
+	github.com/moby/buildkit v0.12.5
 	github.com/moby/term v0.5.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/opencontainers/go-digest v1.0.0
@@ -61,7 +61,7 @@ require (
 	github.com/tidwall/gjson v1.15.0
 	github.com/tidwall/sjson v1.2.5
 	github.com/xeipuuv/gojsonschema v1.2.0
-	go.mongodb.org/mongo-driver v1.12.0
+	go.mongodb.org/mongo-driver v1.13.1
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0
 	go.opentelemetry.io/otel v1.19.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0
@@ -89,7 +89,7 @@ require (
 	github.com/PaesslerAG/gval v1.2.2 // indirect
 	github.com/PuerkitoBio/goquery v1.8.1 // indirect
 	github.com/Shopify/logrus-bugsnag v0.0.0-20230117174420-439a4b8ba167 // indirect
-	github.com/andybalholm/brotli v1.0.5 // indirect
+	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect
@@ -152,7 +152,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/compress v1.17.6 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/kr/pty v1.1.5 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
@@ -185,7 +185,7 @@ require (
 	github.com/opencontainers/runc v1.1.12 // indirect
 	github.com/opencontainers/runtime-spec v1.1.0 // indirect
 	github.com/osteele/tuesday v1.0.3 // indirect
-	github.com/pierrec/lz4/v4 v4.1.18 // indirect
+	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index 6f67fa13d..5e5c2523e 100644
--- a/go.sum
+++ b/go.sum
@@ -43,6 +43,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 get.porter.sh/magefiles v0.6.1-0.20230822194230-77c3a69ead68 h1:DP6jiRuZC6iLFvriQdQBAnV8Iav/vb64Q123dkIEunw=
 get.porter.sh/magefiles v0.6.1-0.20230822194230-77c3a69ead68/go.mod h1:YsSlQWtGoXCGC4pdD7NxPpvh/FryM1bM0wzMWlJC+Bg=
+get.porter.sh/magefiles v0.6.1 h1:JuGYK9us7Y9GJTr172wK3Y8W5rOz9CBnheuZa8yJjGc=
+get.porter.sh/magefiles v0.6.1/go.mod h1:YsSlQWtGoXCGC4pdD7NxPpvh/FryM1bM0wzMWlJC+Bg=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
@@ -91,6 +93,8 @@ github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1
 github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
 github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
@@ -536,6 +540,8 @@ github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
 github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI=
+github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
@@ -630,8 +636,8 @@ github.com/mmcdole/gofeed v1.2.1 h1:tPbFN+mfOLcM1kDF1x2c/N68ChbdBatkppdzf/vDe1s=
 github.com/mmcdole/gofeed v1.2.1/go.mod h1:2wVInNpgmC85q16QTTuwbuKxtKkHLCDDtf0dCmnrNr4=
 github.com/mmcdole/goxpp v1.1.0 h1:WwslZNF7KNAXTFuzRtn/OKZxFLJAAyOA9w82mDz2ZGI=
 github.com/mmcdole/goxpp v1.1.0/go.mod h1:v+25+lT2ViuQ7mVxcncQ8ch1URund48oH+jhjiwEgS8=
-github.com/moby/buildkit v0.12.2 h1:B7guBgY6sfk4dBlv/ORUxyYlp0UojYaYyATgtNwSCXc=
-github.com/moby/buildkit v0.12.2/go.mod h1:adB4y0SxxX8trnrY+oEulb48ODLqPO6pKMF0ppGcCoI=
+github.com/moby/buildkit v0.12.5 h1:RNHH1l3HDhYyZafr5EgstEu8aGNCwyfvMtrQDtjH9T0=
+github.com/moby/buildkit v0.12.5/go.mod h1:YGwjA2loqyiYfZeEo8FtI7z4x5XponAaIWsWcSjWwso=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
@@ -733,6 +739,8 @@ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi
 github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
 github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
+github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -933,8 +941,8 @@ github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb h1:vxqkjztXSaPVDc8FQCdH
 github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb/go.mod h1:29UiAJNsiVdvTBFCJW8e3q6dcDbOoPkhMgttOSCIMMY=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
-go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
+go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
+go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
diff --git a/magefile.go b/magefile.go
index 039261c4d..66475feca 100644
--- a/magefile.go
+++ b/magefile.go
@@ -487,7 +487,7 @@ func PublishPorter() {
 	// Create or update GitHub release for the permalink (canary/latest) with the version's assets (porter binaries, exec binaries and install scripts)
 	if info.ShouldPublishPermalink() {
 		// Move the permalink tag. The existing release automatically points to the tag.
-		must.RunV("git", "tag", info.Permalink, info.Version+"^{}", "-f")
+		must.RunV("git", "tag", "-f", info.Permalink, info.Version)
 		must.RunV("git", "push", "-f", remote, info.Permalink)
 
 		releases.AddFilesToRelease(repo, info.Permalink, porterVersionDir)
@@ -580,7 +580,15 @@ func TestIntegration() {
 		verbose = "-v"
 	}
 
-	must.Command("go", "test", verbose, "-timeout=30m", run, "-tags=integration", "./...").CollapseArgs().RunV()
+	var path string
+	filename := os.Getenv("PORTER_INTEG_FILE")
+	if filename == "" {
+		path = "./..."
+	} else {
+		path = "./tests/integration/" + filename
+	}
+
+	must.Command("go", "test", verbose, "-timeout=30m", run, "-tags=integration", path).CollapseArgs().RunV()
 }
 
 func TestInitWarnings() {
diff --git a/pkg/cnab/provider/action.go b/pkg/cnab/provider/action.go
index 2f3d9813b..75940d366 100644
--- a/pkg/cnab/provider/action.go
+++ b/pkg/cnab/provider/action.go
@@ -18,6 +18,12 @@ import (
 	"go.uber.org/zap/zapcore"
 )
 
+type HostVolumeMountSpec struct {
+	Source   string
+	Target   string
+	ReadOnly bool
+}
+
 // Shared arguments for all CNAB actions
 type ActionArguments struct {
 	// Action to execute, e.g. install, upgrade.
@@ -42,6 +48,9 @@ type ActionArguments struct {
 	// Give the bundle privileged access to the docker daemon.
 	AllowDockerHostAccess bool
 
+	// MountHostVolumes is a map of host paths to container paths to mount.
+	HostVolumeMounts []HostVolumeMountSpec
+
 	// PersistLogs specifies if the invocation image output should be saved as an output.
 	PersistLogs bool
 }
diff --git a/pkg/cnab/provider/docker_linux.go b/pkg/cnab/provider/docker_linux.go
index 73934e3a8..9b8a9fc07 100644
--- a/pkg/cnab/provider/docker_linux.go
+++ b/pkg/cnab/provider/docker_linux.go
@@ -47,3 +47,14 @@ func (r *Runtime) mountDockerSocket(cfg *container.Config, hostCfg *container.Ho
 	hostCfg.Mounts = append(hostCfg.Mounts, dockerSockMount)
 	return nil
 }
+
+func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool) error {
+	mount := mount.Mount{
+		Source:   source,
+		Target:   target,
+		Type:     "bind",
+		ReadOnly: readOnly,
+	}
+	hostConfig.Mounts = append(hostConfig.Mounts, mount)
+	return nil
+}
diff --git a/pkg/cnab/provider/driver.go b/pkg/cnab/provider/driver.go
index fd04ee2f1..da4952743 100644
--- a/pkg/cnab/provider/driver.go
+++ b/pkg/cnab/provider/driver.go
@@ -28,23 +28,55 @@ func (r *Runtime) newDriver(driverName string, args ActionArguments) (driver.Dri
 		return nil, err
 	}
 
-	if args.AllowDockerHostAccess {
-		if driverName != DriverNameDocker {
-			return nil, fmt.Errorf("allow-docker-host-access was enabled, but the driver is %s", driverName)
-		}
+	if args.AllowDockerHostAccess && driverName != DriverNameDocker {
+		return nil, fmt.Errorf("allow-docker-host-access was enabled, but the driver is %s", driverName)
+	}
 
-		driverImpl, err = r.dockerDriverWithHostAccess(dockerExt)
-	} else {
-		if dockerRequired {
-			return nil, fmt.Errorf("extension %q is required but allow-docker-host-access was not enabled",
-				cnab.DockerExtensionKey)
-		}
+	if dockerRequired && !args.AllowDockerHostAccess {
+		return nil, fmt.Errorf("extension %q is required but allow-docker-host-access was not enabled", cnab.DockerExtensionKey)
+	}
+
+	if len(args.HostVolumeMounts) > 0 && driverName != DriverNameDocker {
+		return nil, fmt.Errorf("mount-host-volume was was used to mount a volume, but the driver is %s", driverName)
+	}
+
+	if !args.AllowDockerHostAccess && len(args.HostVolumeMounts) == 0 {
 		driverImpl, err = drivers.LookupDriver(r.Context, driverName)
 	}
 	if err != nil {
 		return nil, err
 	}
 
+	var d *docker.Driver
+	if args.AllowDockerHostAccess || len(args.HostVolumeMounts) > 0 {
+		d = &docker.Driver{}
+	}
+
+	if args.AllowDockerHostAccess {
+		driverImpl, err = r.dockerDriverWithHostAccess(dockerExt, d)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if len(args.HostVolumeMounts) > 0 {
+		driverImpl, err = func(dr *docker.Driver) (driver.Driver, error) {
+
+			dr.AddConfigurationOptions(func(cfg *container.Config, hostCfg *container.HostConfig) error {
+				err := r.addVolumeMountsToHostConfig(hostCfg, args.HostVolumeMounts)
+				if err != nil {
+					return err
+				}
+				return nil
+			})
+
+			return driver.Driver(dr), nil
+		}(d)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	if configurable, ok := driverImpl.(driver.Configurable); ok {
 		driverCfg := make(map[string]string)
 		// Load any driver-specific config out of the environment
@@ -60,8 +92,7 @@ func (r *Runtime) newDriver(driverName string, args ActionArguments) (driver.Dri
 	return driverImpl, nil
 }
 
-func (r *Runtime) dockerDriverWithHostAccess(config cnab.Docker) (driver.Driver, error) {
-	d := &docker.Driver{}
+func (r *Runtime) dockerDriverWithHostAccess(config cnab.Docker, d *docker.Driver) (driver.Driver, error) {
 
 	// Run the container with privileged access if necessary
 	if config.Privileged {
@@ -78,3 +109,13 @@ func (r *Runtime) dockerDriverWithHostAccess(config cnab.Docker) (driver.Driver,
 
 	return driver.Driver(d), nil
 }
+
+func (r *Runtime) addVolumeMountsToHostConfig(hostConfig *container.HostConfig, mounts []HostVolumeMountSpec) error {
+	for _, mount := range mounts {
+		err := r.addVolumeMountToHostConfig(hostConfig, mount.Source, mount.Target, mount.ReadOnly)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/pkg/cnab/provider/driver_darwin.go b/pkg/cnab/provider/driver_darwin.go
index cdeccf883..62826cf96 100644
--- a/pkg/cnab/provider/driver_darwin.go
+++ b/pkg/cnab/provider/driver_darwin.go
@@ -19,3 +19,14 @@ func (r *Runtime) mountDockerSocket(cfg *container.Config, hostCfg *container.Ho
 	hostCfg.Mounts = append(hostCfg.Mounts, dockerSockMount)
 	return nil
 }
+
+func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool) error {
+	mount := mount.Mount{
+		Source:   source,
+		Target:   target,
+		Type:     "bind",
+		ReadOnly: readOnly,
+	}
+	hostConfig.Mounts = append(hostConfig.Mounts, mount)
+	return nil
+}
diff --git a/pkg/cnab/provider/driver_test.go b/pkg/cnab/provider/driver_test.go
index 32f5243bb..770e279ac 100644
--- a/pkg/cnab/provider/driver_test.go
+++ b/pkg/cnab/provider/driver_test.go
@@ -120,4 +120,177 @@ func TestNewDriver_Docker(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, true, containerHostCfg.Privileged)
 	})
+
+	t.Run("docker with host access, default config, and host volume mounts", func(t *testing.T) {
+		t.Parallel()
+
+		r := NewTestRuntime(t)
+		r.MockGetDockerGroupId()
+		defer r.Close()
+
+		r.Extensions[cnab.DockerExtensionKey] = cnab.Docker{}
+		r.FileSystem.Create("/var/run/docker.sock")
+		r.FileSystem.Create("/sourceFolder")
+		r.FileSystem.Create("/sourceFolder2")
+		r.FileSystem.Create("/sourceFolder3")
+
+		args := ActionArguments{
+			AllowDockerHostAccess: true,
+			HostVolumeMounts: []HostVolumeMountSpec{
+				{
+					Source: "/sourceFolder",
+					Target: "/targetFolder",
+				},
+				{
+					Source:   "/sourceFolder2",
+					Target:   "/targetFolder2",
+					ReadOnly: true,
+				},
+				{
+					Source:   "/sourceFolder3",
+					Target:   "/targetFolder3",
+					ReadOnly: false,
+				},
+			},
+		}
+
+		driver, err := r.newDriver(DriverNameDocker, args)
+		require.NoError(t, err)
+		assert.IsType(t, driver, &docker.Driver{})
+
+		dockerish, ok := driver.(*docker.Driver)
+		assert.True(t, ok)
+
+		err = dockerish.ApplyConfigurationOptions()
+		assert.NoError(t, err)
+
+		containerHostCfg, err := dockerish.GetContainerHostConfig()
+		require.NoError(t, err)
+		require.Equal(t, false, containerHostCfg.Privileged)
+
+		require.Len(t, containerHostCfg.Mounts, 4) //includes the docker socket mount
+		assert.Equal(t, "/sourceFolder", containerHostCfg.Mounts[1].Source)
+		assert.Equal(t, "/targetFolder", containerHostCfg.Mounts[1].Target)
+		assert.Equal(t, false, containerHostCfg.Mounts[1].ReadOnly)
+		assert.Equal(t, "/sourceFolder2", containerHostCfg.Mounts[2].Source)
+		assert.Equal(t, "/targetFolder2", containerHostCfg.Mounts[2].Target)
+		assert.Equal(t, true, containerHostCfg.Mounts[2].ReadOnly)
+		assert.Equal(t, "/sourceFolder3", containerHostCfg.Mounts[3].Source)
+		assert.Equal(t, "/targetFolder3", containerHostCfg.Mounts[3].Target)
+		assert.Equal(t, false, containerHostCfg.Mounts[3].ReadOnly)
+	})
+
+	t.Run("host volume mount, docker driver, with multiple mounts", func(t *testing.T) {
+		t.Parallel()
+
+		r := NewTestRuntime(t)
+		defer r.Close()
+
+		r.FileSystem.Create("/sourceFolder")
+		r.FileSystem.Create("/sourceFolder2")
+		r.FileSystem.Create("/sourceFolder3")
+
+		args := ActionArguments{
+			HostVolumeMounts: []HostVolumeMountSpec{
+				{
+					Source: "/sourceFolder",
+					Target: "/targetFolder",
+				},
+				{
+					Source:   "/sourceFolder2",
+					Target:   "/targetFolder2",
+					ReadOnly: true,
+				},
+				{
+					Source:   "/sourceFolder3",
+					Target:   "/targetFolder3",
+					ReadOnly: false,
+				},
+			},
+		}
+
+		driver, err := r.newDriver(DriverNameDocker, args)
+
+		require.NoError(t, err)
+		assert.IsType(t, driver, &docker.Driver{})
+
+		dockerish, ok := driver.(*docker.Driver)
+		assert.True(t, ok)
+
+		err = dockerish.ApplyConfigurationOptions()
+		assert.NoError(t, err)
+
+		containerHostCfg, err := dockerish.GetContainerHostConfig()
+		require.NoError(t, err)
+
+		require.Len(t, containerHostCfg.Mounts, 3)
+		assert.Equal(t, "/sourceFolder", containerHostCfg.Mounts[0].Source)
+		assert.Equal(t, "/targetFolder", containerHostCfg.Mounts[0].Target)
+		assert.Equal(t, false, containerHostCfg.Mounts[0].ReadOnly)
+		assert.Equal(t, "/sourceFolder2", containerHostCfg.Mounts[1].Source)
+		assert.Equal(t, "/targetFolder2", containerHostCfg.Mounts[1].Target)
+		assert.Equal(t, true, containerHostCfg.Mounts[1].ReadOnly)
+		assert.Equal(t, "/sourceFolder3", containerHostCfg.Mounts[2].Source)
+		assert.Equal(t, "/targetFolder3", containerHostCfg.Mounts[2].Target)
+		assert.Equal(t, false, containerHostCfg.Mounts[2].ReadOnly)
+
+	})
+
+	t.Run("host volume mount, docker driver, with single mount", func(t *testing.T) {
+		t.Parallel()
+
+		r := NewTestRuntime(t)
+		defer r.Close()
+
+		r.FileSystem.Create("/sourceFolder")
+
+		args := ActionArguments{
+			HostVolumeMounts: []HostVolumeMountSpec{
+				{
+					Source: "/sourceFolder",
+					Target: "/targetFolder",
+				},
+			},
+		}
+
+		driver, err := r.newDriver(DriverNameDocker, args)
+
+		require.NoError(t, err)
+		assert.IsType(t, driver, &docker.Driver{})
+
+		dockerish, ok := driver.(*docker.Driver)
+		assert.True(t, ok)
+
+		err = dockerish.ApplyConfigurationOptions()
+		assert.NoError(t, err)
+
+		containerHostCfg, err := dockerish.GetContainerHostConfig()
+		require.NoError(t, err)
+
+		require.Len(t, containerHostCfg.Mounts, 1)
+		assert.Equal(t, "/sourceFolder", containerHostCfg.Mounts[0].Source)
+		assert.Equal(t, "/targetFolder", containerHostCfg.Mounts[0].Target)
+		assert.Equal(t, false, containerHostCfg.Mounts[0].ReadOnly)
+	})
+
+	t.Run("host volume mount, mismatch driver name", func(t *testing.T) {
+		t.Parallel()
+
+		r := NewTestRuntime(t)
+		r.MockGetDockerGroupId()
+		defer r.Close()
+
+		args := ActionArguments{
+			HostVolumeMounts: []HostVolumeMountSpec{
+				{
+					Source: "/sourceFolder",
+					Target: "/targetFolder",
+				},
+			},
+		}
+
+		_, err := r.newDriver("custom-driver", args)
+
+		assert.EqualError(t, err, "mount-host-volume was was used to mount a volume, but the driver is custom-driver")
+	})
 }
diff --git a/pkg/cnab/provider/driver_windows.go b/pkg/cnab/provider/driver_windows.go
index 39e356a3f..029d10f75 100644
--- a/pkg/cnab/provider/driver_windows.go
+++ b/pkg/cnab/provider/driver_windows.go
@@ -17,3 +17,14 @@ func (r *Runtime) mountDockerSocket(cfg *container.Config, hostCfg *container.Ho
 	hostCfg.Mounts = append(hostCfg.Mounts, dockerSockMount)
 	return nil
 }
+
+func (r *Runtime) addVolumeMountToHostConfig(hostConfig *container.HostConfig, source string, target string, readOnly bool) error {
+	mount := mount.Mount{
+		Source:   source,
+		Target:   target,
+		Type:     "bind",
+		ReadOnly: readOnly,
+	}
+	hostConfig.Mounts = append(hostConfig.Mounts, mount)
+	return nil
+}
diff --git a/pkg/porter/lifecycle.go b/pkg/porter/lifecycle.go
index c75d48599..0bcd7b3de 100644
--- a/pkg/porter/lifecycle.go
+++ b/pkg/porter/lifecycle.go
@@ -5,7 +5,9 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"runtime"
 	"strings"
+	"unicode"
 
 	"get.porter.sh/porter/pkg/cache"
 	"get.porter.sh/porter/pkg/cnab"
@@ -43,6 +45,11 @@ type BundleExecutionOptions struct {
 	// AllowDockerHostAccess grants the bundle access to the Docker socket.
 	AllowDockerHostAccess bool
 
+	// MountHostVolume mounts provides the bundle access to a host volume.
+	// This is the unparsed list of HOST_PATH:TARGET_PATH:OPTION
+	// OPTION can be ro (read-only) or rw (read-write). Defaults to ro.
+	HostVolumeMounts []string
+
 	// DebugMode indicates if the bundle should be run in debug mode.
 	DebugMode bool
 
@@ -92,6 +99,47 @@ func (o *BundleExecutionOptions) GetParameters() map[string]interface{} {
 	return o.finalParams
 }
 
+// Sets the final resolved set of host volumes to be made availabe to the bundle
+func (o *BundleExecutionOptions) GetHostVolumeMounts() []cnabprovider.HostVolumeMountSpec {
+	var hostVolumeMounts []cnabprovider.HostVolumeMountSpec
+	for _, mount := range o.HostVolumeMounts {
+		var isReadOnlyMount bool
+		parts := strings.Split(mount, ":") // HOST_PATH:TARGET_PATH:OPTION
+
+		// if parts[0] is a single character, it's a drive letter on Windows
+		// so we need to join it with the next part
+		if runtime.GOOS == "windows" && len(parts) > 1 && len(parts[0]) == 1 && unicode.IsLetter(rune(parts[0][0])) {
+			parts[1] = fmt.Sprintf("%s:%s", parts[0], parts[1])
+			parts = parts[1:]
+		}
+
+		l := len(parts)
+		if l < 2 || l > 3 {
+			continue
+		}
+
+		switch {
+		case l == 2:
+			isReadOnlyMount = true
+			// next cases are l == 3
+		case parts[2] == "ro":
+			isReadOnlyMount = true
+		case parts[2] == "rw":
+			isReadOnlyMount = false
+		default:
+			isReadOnlyMount = true
+		}
+
+		hostVolumeMounts = append(hostVolumeMounts, cnabprovider.HostVolumeMountSpec{
+			Source:   parts[0],
+			Target:   parts[1],
+			ReadOnly: isReadOnlyMount,
+		})
+	}
+
+	return hostVolumeMounts
+}
+
 func (o *BundleExecutionOptions) Validate(ctx context.Context, args []string, p *Porter) error {
 	if err := o.BundleReferenceOptions.Validate(ctx, args, p); err != nil {
 		return err
@@ -300,6 +348,7 @@ func (p *Porter) BuildActionArgs(ctx context.Context, installation storage.Insta
 		Params:                opts.GetParameters(),
 		Driver:                opts.Driver,
 		AllowDockerHostAccess: opts.AllowDockerHostAccess,
+		HostVolumeMounts:      opts.GetHostVolumeMounts(),
 		PersistLogs:           !opts.NoLogs,
 	}
 	return args, nil
diff --git a/pkg/porter/lifecycle_test.go b/pkg/porter/lifecycle_test.go
index 8c7510446..031e62315 100644
--- a/pkg/porter/lifecycle_test.go
+++ b/pkg/porter/lifecycle_test.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"runtime"
 	"strings"
 	"testing"
 
 	"get.porter.sh/porter/pkg"
 	"get.porter.sh/porter/pkg/cnab"
 	configadapter "get.porter.sh/porter/pkg/cnab/config-adapter"
+	cnabprovider "get.porter.sh/porter/pkg/cnab/provider"
 	"get.porter.sh/porter/pkg/config"
 	"get.porter.sh/porter/pkg/manifest"
 	"get.porter.sh/porter/pkg/secrets"
@@ -698,3 +700,134 @@ func Test_ensureVPrefix_latest(t *testing.T) {
 		})
 	}
 }
+
+func TestBundleExecutionOptions_GetHostVolumeMounts(t *testing.T) {
+	t.Run("valid host volume mounts", func(t *testing.T) {
+		opts := &BundleExecutionOptions{
+			HostVolumeMounts: []string{
+				"/host/path:/target/path:ro",
+				"/host/path:/target/path:rw",
+				"/host/path:/target/path",
+			},
+		}
+
+		expected := []cnabprovider.HostVolumeMountSpec{
+			{
+				Source:   "/host/path",
+				Target:   "/target/path",
+				ReadOnly: true,
+			},
+			{
+				Source:   "/host/path",
+				Target:   "/target/path",
+				ReadOnly: false,
+			},
+			{
+				Source:   "/host/path",
+				Target:   "/target/path",
+				ReadOnly: true,
+			},
+		}
+
+		actual := opts.GetHostVolumeMounts()
+
+		if len(expected) != len(actual) {
+			t.Errorf("expected %v but got %v", expected, actual)
+		}
+		for i := range expected {
+			if expected[i].Source != actual[i].Source {
+				t.Errorf("expected %v but got %v", expected[i].Source, actual[i].Source)
+			}
+			if expected[i].Target != actual[i].Target {
+				t.Errorf("expected %v but got %v", expected[i].Target, actual[i].Target)
+			}
+			if expected[i].ReadOnly != actual[i].ReadOnly {
+				t.Errorf("expected %v but got %v", expected[i].ReadOnly, actual[i].ReadOnly)
+			}
+		}
+	})
+
+	t.Run("invalid host volume mounts", func(t *testing.T) {
+		opts := &BundleExecutionOptions{
+			HostVolumeMounts: []string{
+				"1=",
+				"/host/path",
+			},
+		}
+
+		actual := opts.GetHostVolumeMounts()
+
+		if len(actual) != 0 {
+			t.Errorf("expected no host volume mounts but got %v", actual)
+		}
+
+	})
+
+	t.Run("invalid host volume mount r/w option value", func(t *testing.T) {
+		opts := &BundleExecutionOptions{
+			HostVolumeMounts: []string{
+				"/host/path:/target/path:invalid-option",
+			},
+		}
+
+		actual := opts.GetHostVolumeMounts()
+
+		if !actual[0].ReadOnly {
+			t.Errorf("expected ReadOnly to be true but got %v", actual[0].ReadOnly)
+		}
+
+	})
+}
+
+func TestBundleExecutionOptions_GetHostVolumeMountsWindows(t *testing.T) {
+
+	if runtime.GOOS != "windows" {
+		t.Skip("Skipping test on non-windows platform")
+	}
+
+	t.Run("valid host volume mounts", func(t *testing.T) {
+		opts := &BundleExecutionOptions{
+			HostVolumeMounts: []string{
+				"C:\\Users\\testuser\\folderpath:/target/path:rw",
+				"C:\\Users\\testuser\\folderpath:/target/path",
+				"C:\\Users\\Test User\\test path:/target/path",
+			},
+		}
+
+		expected := []cnabprovider.HostVolumeMountSpec{
+			{
+				Source:   "C:\\Users\\testuser\\folderpath",
+				Target:   "/target/path",
+				ReadOnly: false,
+			},
+			{
+				Source:   "C:\\Users\\testuser\\folderpath",
+				Target:   "/target/path",
+				ReadOnly: true,
+			},
+			{
+				Source:   "C:\\Users\\Test User\\test path",
+				Target:   "/target/path",
+				ReadOnly: true,
+			},
+		}
+
+		actual := opts.GetHostVolumeMounts()
+
+		if len(expected) != len(actual) {
+			t.Errorf("expected %v but got %v", expected, actual)
+		}
+		for i := range expected {
+			if expected[i].Source != actual[i].Source {
+				t.Errorf("expected %v but got %v", expected[i].Source, actual[i].Source)
+			}
+			if expected[i].Target != actual[i].Target {
+				t.Errorf("expected %v but got %v", expected[i].Target, actual[i].Target)
+			}
+			if expected[i].ReadOnly != actual[i].ReadOnly {
+				t.Errorf("expected %v but got %v", expected[i].ReadOnly, actual[i].ReadOnly)
+			}
+		}
+	})
+
+}
diff --git a/tests/integration/archive_test.go b/tests/integration/archive_test.go
index d6330e89f..f3b03f5c9 100644
--- a/tests/integration/archive_test.go
+++ b/tests/integration/archive_test.go
@@ -19,7 +19,6 @@ import (
 // Validate that archiving a bundle twice results in the same digest
 func TestArchive_StableDigest(t *testing.T) {
 	t.Parallel()
-
 	p := porter.NewTestPorter(t)
 	defer p.Close()
 	ctx := p.SetupIntegrationTest()
diff --git a/tests/integration/dependenciesv1_test.go b/tests/integration/dependenciesv1_test.go
index d5065fa67..2732bf987 100644
--- a/tests/integration/dependenciesv1_test.go
+++ b/tests/integration/dependenciesv1_test.go
@@ -19,7 +19,6 @@ import (
 
 func TestDependenciesLifecycle(t *testing.T) {
 	t.Parallel()
-
 	p := porter.NewTestPorter(t)
 	defer p.Close()
 	ctx := p.SetupIntegrationTest()
diff --git a/tests/integration/dependenciesv2_test.go b/tests/integration/dependenciesv2_test.go
index 328dcb4e8..cb0ada7d2 100644
--- a/tests/integration/dependenciesv2_test.go
+++ b/tests/integration/dependenciesv2_test.go
@@ -18,8 +18,8 @@ import (
 
 func TestSharedDependencies(t *testing.T) {
 	t.Parallel()
-
 	p := porter.NewTestPorter(t)
+	defer p.Close()
 	ctx := p.SetupIntegrationTest()
 
 	p.Config.SetExperimentalFlags(experimental.FlagDependenciesV2)