CI/github: [potential] docker build SBOM error - Pin docker buildx version to v0.9.1 #656
Description
Potential CI failures related to Docker buildx and SBOM
From: cilium/cilium#23316
GitHub recently rolled out Docker buildx version v0.10.0 on their
builders, which transparently changed the MediaType of docker images to
OCI v1 and added provenance attestations.
Unfortunately, various tools we use in CI like SBOM tooling and docker
manifest inspect do not properly support some aspect of the new image
formats. This resulted in breaking CI, with some messages like this:
level=fatal msg="generating doc: creating SPDX document: generating
SPDX package from image ref quay.io/cilium/docker-plugin-ci:XXX:
generating image package"