Managing OCI artifacts : artifact type is missing

[mmauro-betclic]

Describe the bug The artifact type is missing from artifacts attached to an image in ACR.

To Reproduce

1. I'm pushing a very simple image to my ACR, and then I'm signing it with Notation by using the Referrers API (bug also happens when using tag schema) :

docker push registry/image:tag
IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' registry/image:tag)
notation sign --force-referrers-tag=false $IMAGE_DIGEST -k my-cert

2. When using ORAS CLI to check the artifacts linked to the image, I can see the signature, but the type is "unknown" :

oras discover $IMAGE_DIGEST
registry/image@sha256:468b9521bd60b12b8fa40383e6cde62036a1de2bd6b905482af4bd845e4c61f9
└── <unknown>
    └── sha256:876f89db57fe46f521935215fe880725731730f5ab81f17f2551edb894f6abcc

3. Moreover on the Azure portal, the Referrers tab does not display anything but "Loading ..." :

with an error in browser console :

wiHDObdGiqqZ.js:2 Uncaught (in promise) TypeError: n.artifactType is not a function
    at d.<anonymous> (wiHDObdGiqqZ.js:2:7263)
    at W9yayfMU8ZNP.js:17:4222
    at Object.next (W9yayfMU8ZNP.js:17:4327)
    at a (W9yayfMU8ZNP.js:17:3034)

Expected behavior This image manifest should contain an artifact type on the signature such as : application/vnd.cncf.notary.signature

Additional context ACR is located in North Europe with CMK encryption, pricing plan is Premium.

Any relevant environment information

• OS: macOS Sonoma 14.6.1
• Notation 1.2.0
• ORAS 1.2.0
• Docker 27.2.0

[FeynmanZhou]

Hi @mmauro-betclic,

Apologize for the late response, the referrers API is not supported yet in CMK-enabled registry.

Was this issue also existed when you sign the image using the default tag schema (without --force-referrers-tag=false)?

[mmauro-betclic]

Hi @FeynmanZhou,

Yes absolutely, the same issue happens without --force-referrers-tag=false.