Skip to content

build: disable provenance attestations in container builds#523

Merged
mostlygeek merged 2 commits intomainfrom
fix-container-publish
Feb 14, 2026
Merged

build: disable provenance attestations in container builds#523
mostlygeek merged 2 commits intomainfrom
fix-container-publish

Conversation

@mostlygeek
Copy link
Copy Markdown
Owner

@mostlygeek mostlygeek commented Feb 14, 2026
edited by coderabbitai bot
Loading

Summary

Summary by CodeRabbit

  • Chores
    • Updated CI/CD workflow permissions to support package publishing.
    • Optimized container build configuration for improved build efficiency.

@mostlygeek
.github/workflows: fix expired token in publishing images
28050f8
@mostlygeek
build: disable provenance attestations in container builds
4c72944 
BuildKit attestation manifests are stored as untagged images in GHCR.
The delete-untagged-containers cleanup job deletes them, breaking the
manifest list and causing "manifest unknown" errors on pull.
@mostlygeek mostlygeek merged commit d5e52d7 into main Feb 14, 2026
6 of 7 checks passed
@mostlygeek mostlygeek deleted the fix-container-publish branch February 14, 2026 18:23
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Feb 14, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

This PR adds GitHub Actions token permissions for package publishing to the container workflow and disables Docker build provenance in the build script by adding the --provenance=false flag to docker build invocations.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow Permissions
.github/workflows/containers.yml		 Adds a permissions block granting GITHUB_TOKEN access with contents: read, packages: write, and id-token: write for enabling package publishing capabilities.
Docker Build Configuration
docker/build-container.sh		 Adds --provenance=false flag to both llama-swap.Containerfile and llama-swap-sd.Containerfile docker build invocations.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Possibly related PRs

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-container-publish

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mostlygeek mostlygeek mentioned this pull request Feb 14, 2026
Closed
rohitpaul pushed a commit to rohitpaul/llama-swap that referenced this pull request Mar 29, 2026
@mostlygeek
build: disable provenance attestations in container builds (mostlygee…
0dc4a9e 
…k#523)

## Summary
- Add `--provenance=false` to docker build commands in
`build-container.sh`
- BuildKit attestation manifests are stored as untagged images in GHCR,
and the `delete-untagged-containers` cleanup job deletes them, breaking
the manifest list and causing `manifest unknown` errors on pull
- ref: actions/delete-package-versions#162
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mostlygeek