GitHub Actions Container Retention Policy is Wrongly Configured

[xfoxfu]

Currently the workflow is configured to preserve 5 untagged or COMMIT_SHA1 container images. However, this is not suitable as GZCTF is currently publishing multi-arch + provenance-enabled containers. These containers will have tags applied on a virtual image, which contains metadata of actual images. The actual images is not tagged. Therefore, the images of previous versions is removed.

$ docker pull ghcr.io/gztimewalker/gzctf/gzctf:v0.14.4
v0.14.4: Pulling from gztimewalker/gzctf/gzctf
manifest unknown

Workaround: disable image retention.

Reference:

• https://www.github.com/snok/container-retention-policy/issues/43
• https://www.github.com/snok/container-retention-policy/issues/63

[GZTimeWalker]

Will disabling provenance solve the issue?

 - uses: docker/build-push-action@v4
   with:
     provenance: false
     ...

[xfoxfu]

No, because images are multi-arch.

[GZTimeWalker]

No, because images are multi-arch.

May create a PR for this issue? I may not particularly understand how to solve this.

[xfoxfu]

As this is not supported, the only way is to disable retention currently.