Allow skipping provenance #113
Conversation
ErikSchierboom
force-pushed
the
build-platform-image
branch
from
ac7e9e4
to
c297005
Compare
There was a problem hiding this comment.
LGTM.
To others: it looks like the problem is due to the docker/build-push-action bump from 3.2.0 to 3.3.0 (which isn't present yet in main in this repo):
Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. https://www.github.com/docker/buildx/issues/1533). You can optionally disable the default provenance attestation functionality using
provenance: false.
Do we need to do this anywhere else?
|
I don't think we need to. There is nothing inherently wrong with provenance, it's just that Amazon ECR deploys fail for our lambdas, which apparently don't handle provenance well (we're just running Docker for the track tooling so should be fine). |
|
Status: it seems to all work! Lines of code counter: https://github.com/exercism/lines-of-code-counter/actions/runs/4023666857 |
When trying to use the docker image built by the pipeline for lambda it fails with this error The image manifest or layer media type for the source image 305686791668.dkr.ecr.ap-southeast-2.amazonaws.com/auto-scheduler:main-e3745b8 is not supported. this always happens on the main branch for some reason as it was not encountered with the test tag but nevertheless here is the issue on github: docker/buildx#1509 (comment) exercism/github-actions#113
This PR allows caller to pass
provenance: falseto skip generating provenance attestation.This fixes an issue we had where our AWS lambda Docker images could not be published.
See https://stackoverflow.com/questions/65608802/cant-deploy-container-image-to-lambda-function, docker/buildx#1509 (comment), docker/build-push-action#764