Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting "no such manifest" since provenance was added #764

Closed
ddelange opened this issue Jan 17, 2023 · 5 comments
Closed

Getting "no such manifest" since provenance was added #764

ddelange opened this issue Jan 17, 2023 · 5 comments

Comments

@ddelange
Copy link

ddelange commented Jan 17, 2023

Troubleshooting

Before submitting a bug report please read the Troubleshooting doc.

Behaviour

  • workflow file in the left column
  • recently added by default: --provenance mode=max,builder-id=https://github.com/***/actions-runner-controller-releases/actions/runs/3939568621
  • the manifest now seems broken
    $ docker manifest inspect ddelange/actions-runner:latest
    no such manifest: docker.io/ddelange/actions-runner:latest
    $ docker manifest inspect ghcr.io/ddelange/actions-runner-controller-releases/actions-runner:latest
    no such manifest: ghcr.io/ddelange/actions-runner-controller-releases/actions-runner:latest
  • it also causes a third OS/Arch to show up on ghcr.io (on hub.docker.com it is hidden) with sha corresponding to exporting attestation manifest ...
    image
  • when I set provenance: false (I'm running v3.3.0), the manifests are fixed

Steps to reproduce this issue

workflow linked above

Expected behaviour

i expect the manifests on docker.io and ghcr.io not to be broken (or it should be a v4 bump or so and fixed differently? should I update docker cli?)

Actual behaviour

manifests broken, see above

Configuration

Logs

logs_14.zip

@crazy-max
Copy link
Member

This is expected. See docker/buildx#1509 (comment) and also docker/buildx#1509 (comment) for more context.

@ddelange
Copy link
Author

Hi @crazy-max 👋 thanks for the quick reply!

do I understand correctly this change ships with buildx 0.10.0 (included in docker desktop 4.16.0)?

will docker manifest inspect work again if I were able to upgrade Docker Deskop? (need to upgrade MacOS to v11+ first...)

@ddelange
Copy link
Author

looks like docker buildx imagetools inspect misses a verbosity flag, so I can't use it as a replacement for docker manifest inspect -v to sum up layer sizes: https://stackoverflow.com/a/73108928/5511061

@crazy-max
Copy link
Member

do I understand correctly this change ships with buildx 0.10.0 (included in docker desktop 4.16.0)?

Not just Buildx but also BuildKit 0.11 (which is used by default with the setup-buildx-action step in your workflow (here) that creates a docker-container builder)

On Docker Desktop, the default builder is the docker driver (BuildKit in the Docker engine) which is still BuildKit 0.8 so there is no attestation support.

will docker manifest inspect work again if I were able to upgrade Docker Deskop? (need to upgrade MacOS to v11+ first...)

This is currently discussed in docker/buildx#1509. If you can add your use case with docker manifest cmd on this issue, that would help.

@billinghamj
Copy link

@crazy-max Could I suggest a pinned issue in this repo, to help people find the buildx issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants