Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MIssing signature for docker.io/dockereng/export-build on notary.docker.io #1177

Closed
3 tasks done
hairmare opened this issue Jul 10, 2024 · 1 comment
Closed
3 tasks done

MIssing signature for docker.io/dockereng/export-build on notary.docker.io #1177

hairmare opened this issue Jul 10, 2024 · 1 comment

Comments

@hairmare
Copy link

hairmare commented Jul 10, 2024
edited
Loading

Contributing guidelines

I've found a bug, and:

  • The documentation does not mention anything about my problem
  • There are no open or closed issues that are related to my problem

Description

The next export-build image being pulled in the "Post Build Container Image" is not signed making it log the following (non-fatal) error when DOCKER_CONTENT_TRUST is set to 1.

Expected behaviour

I would expect docker to successfully validate the docker.io/dockereng/export-build

Actual behaviour

It logs an error:

docker: Error: remote trust data does not exist for docker.io/dockereng/export-build: notary.docker.io does not have trust data for docker.io/dockereng/export-build.

Repository URL

https://github.com/radiorabe/container-image-minio

Workflow run URL

https://github.com/radiorabe/container-image-minio/actions/runs/9877531310/job/27279378066#step:38:8

YAML workflow

# https://github.com/radiorabe/actions/blob/a723e1bc33cde66126868f696f33ddeef36b2890/.github/workflows/release-container.yaml#L161-L175

      - name: Push Container Image
        id: docker_push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: ${{ github.event_name != 'pull_request' && startsWith(github.event.ref, 'refs/tags/v') }}
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          labels: |
            ${{ steps.meta.outputs.labels }}
            version=${{ steps.meta.outputs.version }}
        env:
          DOCKER_CONTENT_TRUST: 1

Workflow logs

 Post job cleanup.
Generating build summary
  exporting build record to /home/runner/work/_temp/docker-actions-toolkit-CpVpjs/export
  /usr/bin/mkfifo /home/runner/work/_temp/docker-actions-toolkit-CpVpjs/buildx-in-ydNrmq.fifo
  /usr/bin/mkfifo /home/runner/work/_temp/docker-actions-toolkit-CpVpjs/buildx-out-aBtBKI.fifo
  docker buildx --builder builder-ebe838d3-26c2-40dd-98f5-1e40acdb159a dial-stdio
  docker run --rm -i -v /home/runner/.docker/buildx/refs:/buildx-refs -v /home/runner/work/_temp/docker-actions-toolkit-CpVpjs/export:/out docker.io/dockereng/export-build:latest --ref-state-dir=/buildx-refs --node=builder-ebe838d3-26c2-40dd-98f5-1e40acdb159a/builder-ebe838d3-26c2-40dd-98f5-1e40acdb159a0 --ref=ze56eed1flszyge8y94a3b4nk --uid=1001 --gid=127
  docker: Error: remote trust data does not exist for docker.io/dockereng/export-build: notary.docker.io does not have trust data for docker.io/dockereng/export-build.
  See 'docker run --help'.
  Process "docker run" exited with code 125
  Warning: Process "docker run" closed with code 125
Removing temp folder /home/runner/work/_temp/docker-actions-toolkit-qMGm2L
Post cache
  State not set
ERROR: read unix @->/run/docker.sock: use of closed network connection
Process "buildx dial-stdio" was killed with signal SIGKILL

BuildKit logs

No response

Additional info

No response
@crazy-max crazy-max mentioned this issue Jul 16, 2024
Merged
@crazy-max
Copy link
Member

Should be fixed in latest 6.5.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hairmare @crazy-max