Unpin buildx version in CI #735
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Related to commit `f1cbb5f` on cilium/cilium.
GitHub recently rolled out Docker buildx version v0.10.0 on their
builders, which transparently changed the MediaType of docker images to
OCI v1 and added provenance attestations.
Unfortunately, various tools we use in CI like SBOM tooling and docker
manifest inspect do not properly support some aspect of the new image
formats. This resulted in breaking CI, with some messages like this:
level=fatal msg="generating doc: creating SPDX document: generating
SPDX package from image ref quay.io/cilium/docker-plugin-ci:XXX:
generating image package"
This could also lead CI to fail while waiting for image builds to
complete, because the command we use to test whether the image is
available did not support the image types.
The commit 7f9ac8a attempted to fix this problem by pinning the buildx
version to v0.9.1 but unfortunately that didn't work since that version
became unavailable. This commit reverts those changes and adds the
"provenance: false", which is a flag available in docker buildx >=
v0.10.0, to disable the provenance attestation.
Signed-off-by: Mahe Tardy <[email protected]>
mtardy
force-pushed
the
pr/mtardy/bump-buildx
branch
from
ff78cd8 to
ebe1ce0
Compare
willfindlay
approved these changes
Feb 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related to commit
f1cbb5fon cilium/cilium.GitHub recently rolled out Docker buildx version v0.10.0 on their builders, which transparently changed the MediaType of docker images to OCI v1 and added provenance attestations.
Unfortunately, various tools we use in CI like SBOM tooling and docker manifest inspect do not properly support some aspect of the new image formats. This resulted in breaking CI, with some messages like this:
This could also lead CI to fail while waiting for image builds to complete, because the command we use to test whether the image is available did not support the image types.
The commit 7f9ac8a attempted to fix this problem by pinning the buildx version to v0.9.1 but unfortunately that didn't work since that version became unavailable. This commit reverts those changes and adds the "provenance: false", which is a flag available in docker buildx >= v0.10.0, to disable the provenance attestation.