Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM and Provenance generated, but not pushed #1207

Closed
PSanetra opened this issue Aug 9, 2024 · 1 comment
Closed

SBOM and Provenance generated, but not pushed #1207

PSanetra opened this issue Aug 9, 2024 · 1 comment

Comments

@PSanetra
Copy link

PSanetra commented Aug 9, 2024
edited
Loading

Description

It seems like SBOM and Provenance can be generated, but are not pushed.

Expected behaviour

Setting push: true, provenance: mode=max and sbom: true should push, the image and both the sbom and provenance information as well.

Actual behaviour

The provenance and sbom information does not seem to be pushed:

docker pull registry-1.docker.io/codecentric/single-page-application-server:latest
docker buildx imagetools inspect registry-1.docker.io/codecentric/single-page-application-server:latest --format "{{ json .Provenance.SLSA }}"
null

Repository URL

https://github.com/codecentric/single-page-application-server

Workflow run URL

https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553

YAML workflow

name: Test and Push Images on new Tag

on:
  push:
    tags:
      - v*

jobs:
  push_images:
    name: Test and Push Images
    runs-on: ubuntu-latest
    strategy:
      matrix:
        # "{0}" will be replaced by the latest pushed nginx version
        nginx: [ "mainline", "stable", "{0}" ]
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}
          fetch-depth: 0
          fetch-tags: true

      - name: Get latest nginx tag
        id: latest_nginx_tag
        uses: ./.github/actions/latest-docker-repository-version
        with:
          repository: "nginxinc/nginx-unprivileged"
      - name: Set target nginx tag
        id: target_nginx_tag
        run: |
          NGINX_TAG="${{ format(matrix.nginx, steps.latest_nginx_tag.outputs.version) }}-alpine"
          echo "::set-output name=tag::${NGINX_TAG}"
          echo "NGINX_TAG=${NGINX_TAG}"
      - run: "./.github/workflows/install-dependencies.sh"
      - uses: actions/setup-java@v1
        with:
          java-version: '11'
      - run: "make test NGINX_TAG=\"${{ steps.target_nginx_tag.outputs.tag }}\""
      - name: Determine tags to push
        id: target_tags
        uses: ./.github/actions/determine-target-image-tags
        with:
          git-ref: "${{ github.ref }}"
          nginx-tag: "${{ steps.target_nginx_tag.outputs.tag }}"
          matrix-nginx: "${{ matrix.nginx }}"
          docker-repository: "${{ vars.DOCKER_REPOSITORY }}"
      - uses: docker/setup-qemu-action@v3
        name: Set up QEMU
      - uses: docker/setup-buildx-action@v3
        name: Set up Docker Buildx
      - uses: docker/login-action@v3
        name: Login to Docker Hub
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - uses: docker/build-push-action@v6
        name: Build and push
        if: ${{ steps.target_tags.outputs.tags != '' }}
        with:
          context: .
          platforms: linux/arm/v7,linux/amd64,linux/arm64
          push: true
          pull: true
          tags: ${{ steps.target_tags.outputs.tags }}
          build-args: NGINX_TAG=${{ steps.target_nginx_tag.outputs.tag }}
          provenance: mode=max
          sbom: true

Workflow logs

Run docker/build-push-action@v6
  with:
    context: .
    platforms: linux/arm/v7,linux/amd64,linux/arm64
    push: true
    pull: true
    tags: registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:1.7.0,registry-1.docker.io/codecentric/single-page-application-server:1,registry-1.docker.io/codecentric/single-page-application-server:latest
    build-args: NGINX_TAG=stable-alpine
    provenance: mode=max
    sbom: true
    load: false
    no-cache: false
    github-token: ***
  env:
    JAVA_HOME_11.0.[2](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:2)4_x64: /opt/hostedtoolcache/jdk/11.0.24/x64
    JAVA_HOME: /opt/hostedtoolcache/jdk/11.0.24/x64
    JAVA_HOME_11_0_24_X64: /opt/hostedtoolcache/jdk/11.0.24/x64
GitHub Actions runtime token ACs
  refs/tags/v1.7.0: read/write
  refs/heads/master: read
Docker info
  /usr/bin/docker version
  Client: Docker Engine - Community
   Version:           26.1.[3](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:3)
   API version:       1.[4](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:4)5
   Go version:        go1.21.10
   Git commit:        b72abbb
   Built:             Thu May 16 08:33:29 2024
   OS/Arch:           linux/amd64
   Context:           default
  
  Server: Docker Engine - Community
   Engine:
    Version:          26.1.3
    API version:      1.4[5](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:5) (minimum version 1.24)
    Go version:       go1.21.10
    Git commit:       8e9[6](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:6)db1
    Built:            Thu May 16 08:33:29 2024
    OS/Arch:          linux/amd64
    Experimental:     false
   containerd:
    Version:          1.[7](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:7).19
    GitCommit:        2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
   runc:
    Version:          1.7.19
    GitCommit:        v1.1.13-0-g58aa920
   docker-init:
    Version:          0.19.0
    GitCommit:        de40ad0
  /usr/bin/docker info
  Client: Docker Engine - Community
   Version:    26.1.3
   Context:    default
   Debug Mode: false
   Plugins:
    buildx: Docker Buildx (Docker Inc.)
      Version:  v0.16.2
      Path:     /usr/libexec/docker/cli-plugins/docker-buildx
    compose: Docker Compose (Docker Inc.)
      Version:  v2.27.1
      Path:     /usr/libexec/docker/cli-plugins/docker-compose
  
  Server:
   Containers: 2
    Running: 2
    Paused: 0
    Stopped: 0
   Images: 22
   Server Version: 26.1.3
   Storage Driver: overlay2
    Backing Filesystem: extfs
    Supports d_type: true
    Using metacopy: false
    Native Overlay Diff: false
    userxattr: false
   Logging Driver: json-file
   Cgroup Driver: cgroupfs
   Cgroup Version: 2
   Plugins:
    Volume: local
    Network: bridge host ipvlan macvlan null overlay
    Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
   Swarm: inactive
   Runtimes: io.containerd.runc.v2 runc
   Default Runtime: runc
   Init Binary: docker-init
   containerd version: 2bf793ef6dc9a1[8](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:8)e00cb12efb64355c2c9d5eb41
   runc version: v1.1.13-0-g58aa[9](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:9)20
   init version: de40ad0
   Security Options:
    apparmor
    seccomp
     Profile: builtin
    cgroupns
   Kernel Version: 6.5.0-[10](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:10)25-azure
   Operating System: Ubuntu 22.04.4 LTS
   OSType: linux
   Architecture: x86_64
   CPUs: 4
   Total Memory: 15.61GiB
   Name: fv-az849-582
   ID: 3882bec0-d8f5-4df1-8563-cf5f7db8a86b
   Docker Root Dir: /var/lib/docker
   Debug Mode: false
   Username: ***
   Experimental: false
   Insecure Registries:
    127.0.0.0/8
   Live Restore Enabled: false
  
Proxy configuration
  No proxy configuration found
Buildx version
  /usr/bin/docker buildx version
  github.com/docker/buildx v0.16.2 99dea6dacacc3d604788953088560b9880550570
Builder info
  {
    "nodes": [
      {
        "name": "builder-afa27ee7-14d9-4d6e-8068-ee70142f[11](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:11)280",
        "endpoint": "unix:///var/run/docker.sock",
        "status": "running",
        "buildkitd-flags": "--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host",
        "buildkit": "v0.15.1",
        "platforms": "linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6",
        "features": {
          "Automatically load images to the Docker Engine image store": true,
          "Cache export": true,
          "Docker exporter": true,
          "Multi-platform build": true,
          "OCI exporter": true
        },
        "labels": {
          "org.mobyproject.buildkit.worker.executor": "oci",
          "org.mobyproject.buildkit.worker.hostname": "519f8ff66b42",
          "org.mobyproject.buildkit.worker.network": "host",
          "org.mobyproject.buildkit.worker.oci.process-mode": "sandbox",
          "org.mobyproject.buildkit.worker.selinux.enabled": "false",
          "org.mobyproject.buildkit.worker.snapshotter": "overlayfs"
        },
        "gcPolicy": [
          {
            "all": false,
            "filter": [
              "type==source.local",
              "type==exec.cachemount",
              "type==source.git.checkout"
            ],
            "keepDuration": "48h0m0s",
            "keepBytes": "488.3MiB"
          },
          {
            "all": false,
            "keepDuration": "1440h0m0s",
            "keepBytes": "7.451GiB"
          },
          {
            "all": false,
            "keepBytes": "7.451GiB"
          },
          {
            "all": true,
            "keepBytes": "7.451GiB"
          }
        ]
      }
    ],
    "name": "builder-afa27ee7-14d9-4d6e-8068-ee70142f1[12](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:12)8",
    "driver": "docker-container",
    "lastActivity": "2024-08-09T09:07:32.000Z"
  }
/usr/bin/docker buildx build --build-arg NGINX_TAG=stable-alpine --iidfile /home/runner/work/_temp/docker-actions-toolkit-LVpnVz/build-iidfile-d8c5a5bcab.txt --platform linux/arm/v7,linux/amd64,linux/arm64 --attest type=provenance,mode=max,builder-id=https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/attempts/1 --attest type=sbom,disabled=false --tag registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine --tag registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine --tag registry-1.docker.io/codecentric/single-page-application-server:1.7.0 --tag registry-1.docker.io/codecentric/single-page-application-server:1 --tag registry-1.docker.io/codecentric/single-page-application-server:latest --metadata-file /home/runner/work/_temp/docker-actions-toolkit-LVpnVz/build-metadata-34f9203ade.json --pull --push .
#0 building with "builder-afa27ee7-14d9-4d6e-8068-ee70142f1128" instance using docker-container driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 798B done
#1 DONE 0.0s

#2 [auth] docker/buildkit-syft-scanner:pull token for registry-1.docker.io
#2 DONE 0.0s

#3 resolve image config for docker-image://docker.io/docker/buildkit-syft-scanner:stable-1
#3 DONE 0.3s

#4 [auth] nginxinc/nginx-unprivileged:pull token for registry-1.docker.io
#4 DONE 0.0s

#5 [linux/arm64 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#5 ...

#6 [linux/amd64 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#6 DONE 2.6s

#7 [linux/arm/v7 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#7 DONE 2.6s

#5 [linux/arm64 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#5 DONE 2.6s

#8 [linux/arm64 internal] load metadata for docker.io/nginxinc/nginx-unprivileged:stable-alpine
#8 DONE 2.6s

#9 [linux/arm/v7 internal] load metadata for docker.io/nginxinc/nginx-unprivileged:stable-alpine
#9 DONE 2.6s

#10 [internal] load .dockerignore
#10 transferring context: 89B done
#10 DONE 0.0s

#11 [linux/amd64 internal] load metadata for docker.io/nginxinc/nginx-unprivileged:stable-alpine
#11 DONE 2.6s

#12 [internal] load build context
#12 transferring context: 17.57kB done
#12 DONE 0.0s

#[13](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:13) [linux/arm64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d[14](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:14)64
#13 resolve ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464 0.0s done
#13 sha256:810fabde107c706afbfec4c53d5d28661853cab3140274c9f3e9b50089ec7bd2 127.52kB / 127.52kB 0.0s done
#13 extracting sha256:810fabde107c706afbfec4c53d5d28661853cab3140274c9f3e9b50089ec7bd2 0.0s done
#13 sha256:4dfbff9a6f6686c0984007212063c48a46fe65ab54b6a2d560ee9c1440d30ae8 17.18MB / 17.18MB 0.1s done
#13 ...

#14 [linux/arm64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c687327[15](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:15)ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#14 resolve docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a32[16](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:16)e29cf30d39f511ce399db6f 0.0s done
#14 DONE 0.3s

#13 [linux/arm64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#13 extracting sha256:4dfbff9a6f6686c0984007212063c48a46fe65ab54b6a2d560ee9c1440d30ae8
#13 ...

#15 docker-image://docker.io/docker/buildkit-syft-scanner:stable-1
#15 resolve docker.io/docker/buildkit-syft-scanner:stable-1 0.1s done
#15 sha256:8f55b7fda2c88820456a8687c5a0032f59bc1247451cfdbc968d773124f5da01 24.35MB / 24.35MB 0.3s done
#15 DONE 0.4s

#16 [linux/arm/v7 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#16 resolve docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f 0.0s done
#16 sha256:b0469353aaf8[17](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:17)951a89c34a49877323cd7324a98a91b130725fe16f36b6f968 1.21kB / 1.21kB 0.0s done
#16 sha256:4e9902f7346d8b79cddf6b64ec911096f19e575fddcb9a79ace9ac96bb5bcb9c 395B / 395B 0.0s done
#16 sha256:07516bd1e263a4dffcb8023864d7d5fb4751fa27e132c707492a6c1cfe6871e3 1.40kB / 1.40kB 0.1s done
#16 sha256:8b568d7764cc0dd7dae235fd20ea5fbc996878d8dce9e227f1d8dc954dd8dca3 958B / 958B 0.0s done
#16 sha256:d9687d9551263102961f502df5a3e6a7b4f5e50793a26e48cf3adb6472e89f3d 10.95MB / 10.95MB 0.1s done
#16 sha256:266cd4b6eb5c2f6fa3cd0a930dbc9b16496b7ef95c2aba87f55cd31db03cdee7 2.79kB / 2.79kB 0.1s done
#16 sha256:b0d7a039f3a43de87e90b30c146bb17d83d070da75eb1d31cebee0bec59ad6f6 1.89MB / 1.89MB 0.1s done
#16 sha256:8f161eaa88b843263b696c64fddf34[18](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:19)b0e44eaf5043acda85e43596a2978f9b 2.93MB / 2.93MB 0.1s done
#16 sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc 629B / 629B 0.1s done
#16 extracting sha256:8f161eaa88b843263b696c64fddf3418b0e44eaf5043acda85e43596a2978f9b
#16 extracting sha256:8f161eaa88b843263b696c64fddf3418b0e44eaf5043acda85e43596a2978f9b 0.2s done
#16 extracting sha256:b0d7a039f3a43de87e90b30c146bb17d83d070da75eb1d31cebee0bec59ad6f6
#16 ...

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 resolve docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f 0.0s done
#17 sha256:2b64eae2c2010978c0e827b897b7f031624376dbbd4e853f[19](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:20)206dc0154847b5 1.40kB / 1.40kB 0.0s done
#17 sha256:eac8bc5d40f658acb51de283fb2ef0d808dbd5caf4f7e31295c07891a863f411 1.[20](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:21)kB / 1.20kB 0.0s done
#17 sha256:55dc640efad2457acfa87d778b7a2f540306bead08651d78818973278048ed8f 393B / 393B 0.0s done
#17 sha256:e0b5f3683ce3dfc229d41d7dc3[21](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:23)9ad64b3f7a48a0bceaf07092ce7f5870a170 2.80kB / 2.80kB 0.0s done
#17 sha256:b6b84f87cdcd10eb3514f2af04a55f0f4475d1a1a702bbebd87726c6bdea06bf 956B / 956B 0.1s done
#17 sha256:26b510516f942ee4b20306b71dd486443ac84484eff14dcca2997d21175327c3 13.06MB / 13.06MB 0.1s done
#17 sha256:892d5dc36fde477e5f513c24d294bf53cef41a590d08[22](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:24)7da0cdc15f29274792 1.92MB / 1.92MB 0.0s done
#17 sha256:46b060cc26202cf98e28414d790b5cabd67094bba50315a1ae2e9daf913fca4f 3.42MB / 3.42MB 0.1s done
#17 extracting sha256:46b060cc26202cf98e28414d790b5cabd67094bba50315a1ae2e9daf913fca4f 0.4s done
#17 DONE 0.9s

#13 [linux/arm64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#13 extracting sha256:4dfbff9a6f6686c0984007212063c48a46fe65ab54b6a2d560ee9c1440d30ae8 0.8s done
#13 DONE 1.0s

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 extracting sha256:892d5dc36fde477e5f513c24d294bf53cef41a590d08227da0cdc15f29274792
#17 ...

#18 [linux/arm/v7 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#18 resolve ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464 0.0s done
#18 sha256:333cf68039376cf076054a7da71d96de00f5d5d51a6945ab2c1662930c5b2ddb 17.19MB / 17.19MB 0.2s done
#18 extracting sha256:333cf68039376cf076054a7da71d96de00f5d5d51a6945ab2c1662930c5b2ddb 0.8s done
#18 DONE 1.1s

#19 [linux/amd64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#19 resolve ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464 0.0s done
#19 sha256:6f70a46b0b8a15b48a25e96982fac0cb10c5b16d7faf9b310a214aeda4929df8 18.67MB / 18.67MB 0.2s done
#19 extracting sha256:6f70a46b0b8a15b48a25e96982fac0cb10c5b16d7faf9b310a214aeda4929df8 0.9s done
#19 DONE 1.1s

#15 docker-image://docker.io/docker/buildkit-syft-scanner:stable-1
#15 extracting sha256:8f55b7fda2c88820456a8687c5a0032f59bc1247451cfdbc968d773124f5da01 0.8s done
#15 DONE 1.2s

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 extracting sha256:892d5dc36fde477e5f513c24d294bf53cef41a590d08227da0cdc15f29274792 0.4s done
#17 DONE 1.3s

#16 [linux/arm/v7 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#16 extracting sha256:b0d7a039f3a43de87e90b30c146bb17d83d070da75eb1d31cebee0bec59ad6f6 0.6s done
#16 extracting sha256:266cd4b6eb5c2f6fa3cd0a930dbc9b16496b7ef95c2aba87f55cd31db03cdee7 done
#16 extracting sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc done
#16 extracting sha256:8b568d7764cc0dd7dae[23](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:25)5fd20ea5fbc996878d8dce9e227f1d8dc954dd8dca3 done
#16 extracting sha256:4e9902f7346d8b79cddf6b64ec911096f19e575fddcb9a79ace9ac96bb5bcb9c
#16 extracting sha256:4e9902f7346d8b79cddf6b64ec911096f19e575fddcb9a79ace9ac96bb5bcb9c 0.0s done
#16 extracting sha256:b0469353aaf817951a89c34a49877323cd73[24](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:26)a98a91b130725fe16f36b6f968 done
#16 extracting sha[25](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:27)6:07516bd1e263a4dffcb8023864d7d5fb4751fa27e132c707492a6c1cfe6871e3 done
#16 extracting sha256:d9687d9551[26](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:28)3102961f502df5a3e6a7b4f5e50793a26e48cf3adb6472e89f3d
#16 extracting sha256:d9687d9551263102961f502df5a3e6a7b4f5e50793a26e48cf3adb6472e89f3d 0.3s done
#16 DONE 1.5s

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c6873[27](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:29)15ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 extracting sha256:e0b5f3683ce3dfc229d41d7dc3219ad64b3f7a48a0bceaf07092ce7f5870a170 done
#17 extracting sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc done
#17 extracting sha256:b6b84f87cdcd10eb3514f2af04a55f0f4475d1a1a702bbebd87726c6bdea06bf 0.0s done
#17 extracting sha256:55dc640efad2457acfa87d778b7a2f540306bead08651d78818973278048ed8f done
#17 extracting sha256:eac8bc5d40f658acb51de[28](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:30)3fb2ef0d808dbd5caf4f7e31295c07891a863f411 done
#17 extracting sha256:2b64eae2c2010978c0e827b897b7f031624376dbbd4e853f19206dc0154847b5 done
#17 extracting sha256:26b510516f942ee4b20306b71dd486443ac84484eff14dcca[29](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:31)97d21175327c3
#17 extracting sha256:26b510516f942ee4b20[30](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:32)6b71dd486443ac84484eff14dcca2997d21175327c3 0.4s done
#17 DONE 1.7s

#14 [linux/arm64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:[31](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:33)fd0a1c687[32](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:34)715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#14 sha256:15b4d4e2935570ae1d749b3252d109662e43d9702c1b9cde7843b1e597d0a7ff 1.40kB / 1.40kB 0.0s done
#14 sha256:6710a10ed2d65e51267ece279e169bdf4cebf6f950ca2a0f22536eb44ad42c[33](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:35) 1.20kB / 1.20kB 0.0s done
#14 sha256:987dbd924757ffc4063d050dd616e70578d0cf701663a1e1c287fca7e91e13cc 393B / 393B 0.0s done
#14 sha256:ee0b3a688664d8d4b65054cafbda8cc98e0184aa0e8ce48d5aa22c47ec21610e 956B / 956B 0.0s done
#14 sha256:1f8d6d4912055b938e20750becc9ff62386f171ae9efaf0b95378c23c53cfed9 12.94MB / 12.94MB 0.1s done
#14 sha256:0ca62804923016328d[34](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:36)ea29f7695397848744f147e85ee622d3bd26a2db84c6 2.80kB / 2.80kB 0.1s done
#14 sha256:8053abc1aabccb64447ccebb91a8ea4a0c7406824b7994f2e30cb046c2f60251 1.95MB / 1.95MB 0.1s done
#14 sha256:119661e64d8d593a625274dd829d8550c61de6dd5631287dfea42e99c1c2c736 3.36MB / 3.36MB 0.1s done
#14 extracting sha256:119661e64d8d593a625274dd829d8550c61de6dd5631287dfea42e99c1c2c736 0.4s done
#14 extracting sha256:8053abc1aabccb64447ccebb91a8ea4a0c7406824b7994f2e30cb046c2f60251 0.3s done
#14 extracting sha256:0ca62804923016328d34ea29f7695397848744f147e85ee622d3bd26a2db84c6 0.0s done
#14 extracting sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc done
#14 extracting sha256:ee0b3a688664d8d4b65054cafbda8cc98e0184aa0e8ce48d5aa22c47ec21610e done
#14 extracting sha256:987dbd924757ffc4063d050dd616e70578d0cf701663a1e1c287fca7e91e13cc done
#14 extracting sha256:6710a10ed2d65e51267ece279e169bdf4cebf6f950ca2a0f22536eb44ad42c33 done
#14 extracting sha256:15b4d4e29[35](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:37)570ae1d749b3252d109662e43d9702c1b9cde7843b1e597d0a7ff done
#14 extracting sha256:1f8d6d4912055b938e20750becc9ff62386f171ae9efaf0b95378c23c53cfed9
#14 extracting sha256:1f8d6d4912055b938e20750becc9ff62386f171ae9efaf0b95378c23c53cfed9 0.4s done
#14 DONE 1.7s

#20 [linux/arm64 single-page-app-server 2/8] COPY --from=gomplate /gomplate /usr/local/bin/gomplate
#20 DONE 0.5s

#21 [linux/amd64 single-page-app-server 2/8] COPY --from=gomplate /gomplate /usr/local/bin/gomplate
#21 DONE 0.6s

#22 [linux/arm/v7 single-page-app-server 2/8] COPY --from=gomplate /gomplate /usr/local/bin/gomplate
#22 DONE 0.7s

#23 [linux/arm64 single-page-app-server 3/8] WORKDIR /app
#23 DONE 0.0s

#24 [linux/amd64 single-page-app-server 3/8] WORKDIR /app
#24 DONE 0.0s

#25 [linux/arm/v7 single-page-app-server 3/8] WORKDIR /app
#25 DONE 0.0s

#26 [linux/amd64 single-page-app-server 4/8] COPY ./docker-entrypoint.sh /docker-entrypoint.sh
#26 DONE 0.0s

#27 [linux/arm64 single-page-app-server 4/8] COPY ./docker-entrypoint.sh /docker-entrypoint.sh
#27 DONE 0.0s

#28 [linux/arm/v7 single-page-app-server 4/8] COPY ./docker-entrypoint.sh /docker-entrypoint.sh
#28 DONE 0.0s

#29 [linux/amd64 single-page-app-server 5/8] COPY ./config/ /config/
#29 DONE 0.0s

#30 [linux/arm/v7 single-page-app-server 5/8] COPY ./config/ /config/
#30 DONE 0.0s

#31 [linux/arm64 single-page-app-server 5/8] COPY ./config/ /config/
#31 DONE 0.0s

#32 [linux/arm64 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#32 ...

#33 [linux/amd64 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#33 DONE 0.5s

#32 [linux/arm64 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#32 DONE 0.6s

#34 [linux/arm/v7 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#34 DONE 0.6s

#35 [linux/amd64 single-page-app-server 7/8] RUN rm -r /etc/nginx/conf.d/ && ln -s "/config/.out/conf.d" /etc/nginx/conf.d
#35 DONE 0.1s

#[36](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:38) [linux/amd64 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#36 0.054 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
#36 ...

#[37](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:39) [linux/arm64 single-page-app-server 7/8] RUN rm -r /etc/nginx/conf.d/ && ln -s "/config/.out/conf.d" /etc/nginx/conf.d
#37 DONE 0.1s

#[38](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:40) [linux/arm/v7 single-page-app-server 7/8] RUN rm -r /etc/nginx/conf.d/ && ln -s "/config/.out/conf.d" /etc/nginx/conf.d
#38 DONE 0.1s

#36 [linux/amd64 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#36 0.170 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
#36 0.487 (1/5) Installing libcap2 (2.69-r1)
#36 0.491 (2/5) Installing libcap-getcap (2.69-r1)
#36 0.493 (3/5) Installing libcap-setcap (2.69-r1)
#36 0.496 (4/5) Installing libcap-utils (2.69-r1)
#36 0.502 (5/5) Installing libcap (2.69-r1)
#36 0.505 Executing busybox-1.36.1-r19.trigger
#36 0.511 OK: 46 MiB in 71 packages
#36 0.586 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
#36 0.671 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
#36 0.949 (1/5) Purging libcap (2.69-r1)
#36 0.949 (2/5) Purging libcap-utils (2.69-r1)
#36 0.950 (3/5) Purging libcap-getcap (2.69-r1)
#36 0.951 (4/5) Purging libcap-setcap (2.69-r1)
#36 0.951 (5/5) Purging libcap2 (2.69-r1)
#36 0.951 Executing busybox-1.36.1-r19.trigger
#36 0.958 OK: 46 MiB in 66 packages
#36 DONE 1.1s

#[39](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:41) [linux/arm/v7 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#39 0.169 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/armv7/APKINDEX.tar.gz
#39 0.945 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/armv7/APKINDEX.tar.gz
#39 ...

#[40](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:42) [linux/amd64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#40 0.097 time="2024-08-09T09:07:42Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#40 DONE 1.0s

#39 [linux/arm/v7 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#39 2.281 (1/5) Installing libcap2 (2.69-r1)
#39 2.290 (2/5) Installing libcap-getcap (2.69-r1)
#39 2.294 (3/5) Installing libcap-setcap (2.69-r1)
#39 2.299 (4/5) Installing libcap-utils (2.69-r1)
#39 2.305 (5/5) Installing libcap (2.69-r1)
#39 2.309 Executing busybox-1.36.1-r19.trigger
#39 2.356 OK: 33 MiB in 72 packages
#39 2.554 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/armv7/APKINDEX.tar.gz
#39 3.103 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/armv7/APKINDEX.tar.gz
#39 ...

#[41](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:43) [linux/arm64 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#41 0.145 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/aarch64/APKINDEX.tar.gz
#41 0.669 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/aarch64/APKINDEX.tar.gz
#41 1.729 (1/5) Installing libcap2 (2.69-r1)
#41 1.743 (2/5) Installing libcap-getcap (2.69-r1)
#41 1.748 (3/5) Installing libcap-setcap (2.69-r1)
#41 1.752 (4/5) Installing libcap-utils (2.69-r1)
#41 1.760 (5/5) Installing libcap (2.69-r1)
#41 1.765 Executing busybox-1.36.1-r19.trigger
#41 1.840 OK: 48 MiB in 71 packages
#41 2.080 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/aarch64/APKINDEX.tar.gz
#41 2.722 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/aarch64/APKINDEX.tar.gz
#41 3.637 (1/5) Purging libcap (2.69-r1)
#41 3.638 (2/5) Purging libcap-utils (2.69-r1)
#41 3.639 (3/5) Purging libcap-getcap (2.69-r1)
#41 3.639 (4/5) Purging libcap-setcap (2.69-r1)
#41 3.639 (5/5) Purging libcap2 (2.69-r1)
#41 3.640 Executing busybox-1.36.1-r19.trigger
#41 3.686 OK: 47 MiB in 66 packages
#41 DONE 3.8s

#39 [linux/arm/v7 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#39 3.934 (1/5) Purging libcap (2.69-r1)
#39 3.934 (2/5) Purging libcap-utils (2.69-r1)
#39 3.935 (3/5) Purging libcap-getcap (2.69-r1)
#39 3.935 (4/5) Purging libcap-setcap (2.69-r1)
#39 3.935 (5/5) Purging libcap2 (2.69-r1)
#39 3.936 Executing busybox-1.36.1-r19.trigger
#39 3.987 OK: 33 MiB in 67 packages
#39 DONE 4.1s

#[42](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:44) [linux/arm64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#42 0.069 time="2024-08-09T09:07:44Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#42 DONE 0.8s

#[43](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:45) [linux/arm/v7] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#43 0.076 time="2024-08-09T09:07:45Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#43 DONE 0.8s

#[44](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:46) exporting to image
#44 exporting layers
#44 exporting layers 2.5s done
#44 exporting manifest sha256:bf1b[45](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:47)d618c12f65574ee61f5012eb61db93774150890215fbcca44caf6d8a0f done
#44 exporting config sha256:eb63583cdd354ddf392e0cc92c3dcd0e33fed2b09cc2868b36ef24999aa3e199 done
#44 exporting attestation manifest sha256:10ac6562eb256bb6724fc3ea719778d6ccdcd3502cfa319b8bffa401a3e0c04f
#44 exporting attestation manifest sha256:10ac6562eb256bb6724fc3ea719778d6ccdcd3502cfa319b8bffa401a3e0c04f done
#44 exporting manifest sha256:6019b0868e945e1c7d7[46](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:48)0cf22817a88da0894e716d5a9570a603590ffec959c done
#44 exporting config sha256:f50e36b840318aa986977e5532e1da5ddf20[47](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:49)35ca1a807d834faed5f64f7f14 done
#44 exporting attestation manifest sha256:9421c82fead38287d605e9393d23c1a6cd3be646[48](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:50)5fcefeed75e02837573e57
#44 exporting attestation manifest sha256:9421c82fead38287d605e9393d23c1a6cd3be646485fcefeed75e02837573e57 done
#44 exporting manifest sha256:351bcdf7bae7ffbb9fa0321b712d7dbd63dce6f899fc0ef3d836fe1c0ec9b956 done
#44 exporting config sha256:b88cfb60c2c3536530316eb776821afcb42be34c6dc995c540ea415ae429bffc done
#44 exporting attestation manifest sha256:fe157900f4fcc62a995e5c718d709b33561e2ff7[50](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:52)2364cc2b4d773ca0e26b28
#44 ...

#45 [auth] codecentric/single-page-application-server:pull,push token for registry-1.docker.io
#45 DONE 0.0s

#44 exporting to image
#44 exporting attestation manifest sha256:fe157900f4fcc62a995e5c718d709b33561e2ff7502364cc2b4d773ca0e26b28 done
#44 exporting manifest list sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de[52](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:54)acc701 done
#44 pushing layers
#44 pushing layers 3.8s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 1.2s done
#44 pushing layers 0.9s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.4s done
#44 pushing layers 0.3s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1.7.0@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1.7.0@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.5s done
#44 pushing layers 0.3s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.5s done
#44 pushing layers 0.3s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.4s done
#44 DONE 12.9s

#46 resolving provenance for metadata file
#46 DONE 0.0s

 3 warnings found (use docker --debug to expand):
 - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 2)
 - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 3)
 - InvalidDefaultArgInFrom: Default value for ARG nginxinc/nginx-unprivileged:${NGINX_TAG} results in empty or invalid base image name (line 3)
ImageID
  sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
Digest
  sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
Metadata
  {
    "buildx.build.ref": "builder-afa27ee7-14d9-4d6e-8068-ee70142f1128/builder-afa27ee7-14d9-4d6e-8068-ee70142f11280/pnoimr60lu9xd7eoy7tp0jezq",
    "buildx.build.warnings": [
      {
        "vertex": "sha256:e1aff[54](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:56)02f8d9b4a8077f295b7f2b78d6dc9adc0c92054c0f3cf1[56](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:58)5031f7abf",
        "level": 1,
        "short": "RnJvbUFzQ2FzaW5nOiAnYXMnIGFuZCAnRlJPTScga2V5d29yZHMnIGNhc2luZyBkbyBub3QgbWF0Y2ggKGxpbmUgMyk=",
        "detail": [
          "VGhlICdhcycga2V5d29yZCBzaG91bGQgbWF0Y2ggdGhlIGNhc2Ugb2YgdGhlICdmcm9tJyBrZXl3b3Jk"
        ],
        "url": "https://docs.docker.com/go/dockerfile/rule/from-as-casing/",
        "sourceInfo": {
          "filename": "Dockerfile",
          "data": "QVJHIE5HSU5YX1RBRwpGUk9NIGdoY3IuaW8vaGFpcnloZW5kZXJzb24vZ29tcGxhdGU6c3RhYmxlIGFzIGdvbXBsYXRlCkZST00gbmdpbnhpbmMvbmdpbngtdW5wcml2aWxlZ2VkOiR7TkdJTlhfVEFHfSBhcyBzaW5nbGUtcGFnZS1hcHAtc2VydmVyCkNPUFkgLS1mcm9tPWdvbXBsYXRlIC9nb21wbGF0ZSAvdXNyL2xvY2FsL2Jpbi9nb21wbGF0ZQoKRU5WIEFQUF9ST09UPSIvYXBwIgpFTlYgQ09ORklHX0RJUj0iL2NvbmZpZyIKRU5WIENPTkZJR19GSUxFUz0iIgoKV09SS0RJUiAke0FQUF9ST09UfQoKQ09QWSAuL2RvY2tlci1lbnRyeXBvaW50LnNoIC9kb2NrZXItZW50cnlwb2ludC5zaApDT1BZIC4vY29uZmlnLyAiJHtDT05GSUdfRElSfS8iCgpVU0VSIHJvb3QKUlVOIGNob3duIC1SIDEwMToxMDEgL2RvY2tlci1lbnRyeXBvaW50LnNoICIke0NPTkZJR19ESVJ9IiAiJHtBUFBfUk9PVH0iClJVTiBybSAtciAvZXRjL25naW54L2NvbmYuZC8gJiYgbG4gLXMgIiR7Q09ORklHX0RJUn0vLm91dC9jb25mLmQiIC9ldGMvbmdpbngvY29uZi5kCiMgRW5hYmxlIGJpbmRpbmcgcHJpdmlsZWdlZCBwb3J0cyB3aXRoIG5vbiByb290IHVzZXIKUlVOIGFwayAtLW5vLWNhY2hlIGFkZCBsaWJjYXAgJiYgXAogICAgc2V0Y2FwIGNhcF9uZXRfYmluZF9zZXJ2aWNlPStlcCAvdXNyL3NiaW4vbmdpbnggJiYgXAogICAgYXBrIC0tbm8tY2FjaGUgZGVsIGxpYmNhcApVU0VSIG5naW54CgpFTlRSWVBPSU5UIFsiL2RvY2tlci1lbnRyeXBvaW50LnNoIl0K",
          "language": "Dockerfile"
        },
        "range": [
          {
            "start": {
              "line": 3
            },
            "end": {
              "line": 3
            }
          }
        ]
      },
      {
        "vertex": "sha256:e1aff5402f8d9b4a8077f295b7f2b78d6dc9adc0c92054c0f3cf1565031f7abf",
        "level": 1,
        "short": "SW52YWxpZERlZmF1bHRBcmdJbkZyb206IERlZmF1bHQgdmFsdWUgZm9yIEFSRyBuZ2lueGluYy9uZ2lueC11bnByaXZpbGVnZWQ6JHtOR0lOWF9UQUd9IHJlc3VsdHMgaW4gZW1wdHkgb3IgaW52YWxpZCBiYXNlIGltYWdlIG5hbWUgKGxpbmUgMyk=",
        "detail": [
          "RGVmYXVsdCB2YWx1ZSBmb3IgZ2xvYmFsIEFSRyByZXN1bHRzIGluIGFuIGVtcHR5IG9yIGludmFsaWQgYmFzZSBpbWFnZSBuYW1l"
        ],
        "url": "https://docs.docker.com/go/dockerfile/rule/invalid-default-arg-in-from/",
        "sourceInfo": {
          "filename": "Dockerfile",
          "data": "QVJHIE5HSU5YX1RBRwpGUk9NIGdoY3IuaW8vaGFpcnloZW5kZXJzb24vZ29tcGxhdGU6c3RhYmxlIGFzIGdvbXBsYXRlCkZST00gbmdpbnhpbmMvbmdpbngtdW5wcml2aWxlZ2VkOiR7TkdJTlhfVEFHfSBhcyBzaW5nbGUtcGFnZS1hcHAtc2VydmVyCkNPUFkgLS1mcm9tPWdvbXBsYXRlIC9nb21wbGF0ZSAvdXNyL2xvY2FsL2Jpbi9nb21wbGF0ZQoKRU5WIEFQUF9ST09UPSIvYXBwIgpFTlYgQ09ORklHX0RJUj0iL2NvbmZpZyIKRU5WIENPTkZJR19GSUxFUz0iIgoKV09SS0RJUiAke0FQUF9ST09UfQoKQ09QWSAuL2RvY2tlci1lbnRyeXBvaW50LnNoIC9kb2NrZXItZW50cnlwb2ludC5zaApDT1BZIC4vY29uZmlnLyAiJHtDT05GSUdfRElSfS8iCgpVU0VSIHJvb3QKUlVOIGNob3duIC1SIDEwMToxMDEgL2RvY2tlci1lbnRyeXBvaW50LnNoICIke0NPTkZJR19ESVJ9IiAiJHtBUFBfUk9PVH0iClJVTiBybSAtciAvZXRjL25naW54L2NvbmYuZC8gJiYgbG4gLXMgIiR7Q09ORklHX0RJUn0vLm91dC9jb25mLmQiIC9ldGMvbmdpbngvY29uZi5kCiMgRW5hYmxlIGJpbmRpbmcgcHJpdmlsZWdlZCBwb3J0cyB3aXRoIG5vbiByb290IHVzZXIKUlVOIGFwayAtLW5vLWNhY2hlIGFkZCBsaWJjYXAgJiYgXAogICAgc2V0Y2FwIGNhcF9uZXRfYmluZF9zZXJ2aWNlPStlcCAvdXNyL3NiaW4vbmdpbnggJiYgXAogICAgYXBrIC0tbm8tY2FjaGUgZGVsIGxpYmNhcApVU0VSIG5naW54CgpFTlRSWVBPSU5UIFsiL2RvY2tlci1lbnRyeXBvaW50LnNoIl0K",
          "language": "Dockerfile"
        },
        "range": [
          {
            "start": {
              "line": 3
            },
            "end": {
              "line": 3
            }
          }
        ]
      },
      {
        "vertex": "sha256:e1aff5402f8d9b4a8077f295b7f2b78d6dc9adc0c92054c0f3cf1565031f7abf",
        "level": 1,
        "short": "RnJvbUFzQ2FzaW5nOiAnYXMnIGFuZCAnRlJPTScga2V5d29yZHMnIGNhc2luZyBkbyBub3QgbWF0Y2ggKGxpbmUgMik=",
        "detail": [
          "VGhlICdhcycga2V5d29yZCBzaG91bGQgbWF0Y2ggdGhlIGNhc2Ugb2YgdGhlICdmcm9tJyBrZXl3b3Jk"
        ],
        "url": "https://docs.docker.com/go/dockerfile/rule/from-as-casing/",
        "sourceInfo": {
          "filename": "Dockerfile",
          "data": "QVJHIE5HSU5YX1RBRwpGUk9NIGdoY3IuaW8vaGFpcnloZW5kZXJzb24vZ29tcGxhdGU6c3RhYmxlIGFzIGdvbXBsYXRlCkZST00gbmdpbnhpbmMvbmdpbngtdW5wcml2aWxlZ2VkOiR7TkdJTlhfVEFHfSBhcyBzaW5nbGUtcGFnZS1hcHAtc2VydmVyCkNPUFkgLS1mcm9tPWdvbXBsYXRlIC9nb21wbGF0ZSAvdXNyL2xvY2FsL2Jpbi9nb21wbGF0ZQoKRU5WIEFQUF9ST09UPSIvYXBwIgpFTlYgQ09ORklHX0RJUj0iL2NvbmZpZyIKRU5WIENPTkZJR19GSUxFUz0iIgoKV09SS0RJUiAke0FQUF9ST09UfQoKQ09QWSAuL2RvY2tlci1lbnRyeXBvaW50LnNoIC9kb2NrZXItZW50cnlwb2ludC5zaApDT1BZIC4vY29uZmlnLyAiJHtDT05GSUdfRElSfS8iCgpVU0VSIHJvb3QKUlVOIGNob3duIC1SIDEwMToxMDEgL2RvY2tlci1lbnRyeXBvaW50LnNoICIke0NPTkZJR19ESVJ9IiAiJHtBUFBfUk9PVH0iClJVTiBybSAtciAvZXRjL25naW54L2NvbmYuZC8gJiYgbG4gLXMgIiR7Q09ORklHX0RJUn0vLm91dC9jb25mLmQiIC9ldGMvbmdpbngvY29uZi5kCiMgRW5hYmxlIGJpbmRpbmcgcHJpdmlsZWdlZCBwb3J0cyB3aXRoIG5vbiByb290IHVzZXIKUlVOIGFwayAtLW5vLWNhY2hlIGFkZCBsaWJjYXAgJiYgXAogICAgc2V0Y2FwIGNhcF9uZXRfYmluZF9zZXJ2aWNlPStlcCAvdXNyL3NiaW4vbmdpbnggJiYgXAogICAgYXBrIC0tbm8tY2FjaGUgZGVsIGxpYmNhcApVU0VSIG5naW54CgpFTlRSWVBPSU5UIFsiL2RvY2tlci1lbnRyeXBvaW50LnNoIl0K",
          "language": "Dockerfile"
        },
        "range": [
          {
            "start": {
              "line": 2
            },
            "end": {
              "line": 2
            }
          }
        ]
      }
    ],
    "containerimage.descriptor": {
      "mediaType": "application/vnd.oci.image.index.v1+json",
      "digest": "sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701",
      "size": 2385
    },
    "containerimage.digest": "sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701",
    "image.name": "registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:1.7.0,registry-1.docker.io/codecentric/single-page-application-server:1,registry-1.docker.io/codecentric/single-page-application-server:latest"
  }
Reference
  builder-afa27ee7-14d9-4d6e-8068-ee70142f1128/builder-afa27ee7-14d9-4d6e-8068-ee70142f11280/pnoimr[60](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:62)lu9xd7eoy7tp0jezq
Generating GitHub annotations (3 build checks found)
  Warning: FromAsCasing: 'as' and 'FROM' keywords' casing do not match
  More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/
  Warning: InvalidDefaultArgInFrom: Default value for ARG nginxinc/nginx-unprivileged:${NGINX_TAG} results in empty or invalid base image name
  More info: https://docs.docker.com/go/dockerfile/rule/invalid-default-arg-in-from/
  Warning: FromAsCasing: 'as' and 'FROM' keywords' casing do not match
  More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/
Check build summary support
  Build summary supported!

BuildKit logs

No response

Additional info

No response
@crazy-max
Copy link
Member

crazy-max commented Aug 9, 2024
edited
Loading

The provenance and sbom information does not seem to be pushed:

I see the provenance pushed for each platform: https://explore.ggcr.dev/?image=registry-1.docker.io%2Fcodecentric%2Fsingle-page-application-server%3Alatest

For example: https://explore.ggcr.dev/?blob=registry-1.docker.io/codecentric/single-page-application-server@sha256:d99c1f4bad10eb109ce72a46f0036457426f9c9c378295f6e368db333f4751c6&mt=application%2Fvnd.in-toto%2Bjson&size=1456582

I see SBOM generated in your pipeline: https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:478

#40 [linux/amd64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#40 0.097 time="2024-08-09T09:07:42Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#40 DONE 1.0s
...

#42 [linux/arm64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#42 0.069 time="2024-08-09T09:07:44Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#42 DONE 0.8s

#43 [linux/arm/v7] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#43 0.076 time="2024-08-09T09:07:45Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#43 DONE 0.8s

And I see the attestation manifest as well: https://explore.ggcr.dev/?image=registry-1.docker.io/codecentric/single-page-application-server@sha256:10ac6562eb256bb6724fc3ea719778d6ccdcd3502cfa319b8bffa401a3e0c04f&mt=application%2Fvnd.oci.image.manifest.v1%2Bjson&size=841

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 241,
    "digest": "sha256:b2cae79b4ef3a33113e001a4cf2d65b47ce823d00a05febd4359c334e3fa6cc3"
  },
  "layers": [
    {
      "mediaType": "application/vnd.in-toto+json",
      "size": 1456582,
      "digest": "sha256:d99c1f4bad10eb109ce72a46f0036457426f9c9c378295f6e368db333f4751c6",
      "annotations": {
        "in-toto.io/predicate-type": "https://spdx.dev/Document"
      }
    },
    {
      "mediaType": "application/vnd.in-toto+json",
      "size": 25918,
      "digest": "sha256:cb2f94c255c270e68f37053aa326e4730e1dab984469f0e6a54e7fe2942705f3",
      "annotations": {
        "in-toto.io/predicate-type": "https://slsa.dev/provenance/v0.2"
      }
    }
  ]
}

See https://explore.ggcr.dev/?blob=registry-1.docker.io/codecentric/single-page-application-server@sha256:d99c1f4bad10eb109ce72a46f0036457426f9c9c378295f6e368db333f4751c6&mt=application%2Fvnd.in-toto%2Bjson&size=1456582

docker pull registry-1.docker.io/codecentric/single-page-application-server:latest
docker buildx imagetools inspect registry-1.docker.io/codecentric/single-page-application-server:latest --format "{{ json .Provenance.SLSA }}"
null

Syntax is not correct to check provenance with imagetools: https://docs.docker.com/reference/cli/docker/buildx/imagetools/inspect/#json-output

$ docker buildx imagetools inspect registry-1.docker.io/codecentric/single-page-application-server:latest --format "{{ json .Provenance }}"

Also no need to pull the image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @PSanetra