Push attestation to registry - Error: No credential file found at /home/runner/.docker/config.json

[pealtrufo]

Hi.

I am running this action in my own self-hosted runners, which are configured with Buildah instead of Docker to build the container images and push them to the registry.

The action is configured with push-to-registry: true, so that the generated attestation is pushed to the container registry too.

This step to push the attestation to the registry is failing with this message: Error: Error: No credential file found at /home/runner/.docker/config.json

My understanding is that this happens because attest action expects the registry auth file to be on that specific path (docker default), but that path is not the one used by default when authenticating to the registry with buildah or podman.

Is this expected? Should this be another input in the action? An easy workaround would be copying the registry auth file to the path attest action expects, but I was wondering what's your view on this one.

Thanks

[bdehamer]

At this point there is no option which would allow you to specify an alternate location for the auth file.

I believe that buildah will fall-back to using the docker-default path if no auth file is found at the buildah-default location. From the buildah docs:

Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. See containers-auth.json(5) for more information. This file is created using buildah login.

If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.

Note: You can also override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. export REGISTRY_AUTH_FILE=path

My recommendation would be either to use the docker/login-action and let buildah find the auth file in docker location, or use the REGISTRY_AUTH_FILE env var to force buildah to write the auth file to the expected location.