Closed crazy-max closed 5 months ago
/usr/bin/docker buildx build --cache-from type=gha,scope=attests-image --cache-to type=gha,scope=attests-image,mode=max --file ./test/go/Dockerfile --iidfile /home/runner/work/_temp/docker-actions-toolkit-3KzNXb/iidfile --output type=image,name=localhost:5000/name/app:latest,push=true --attest type=provenance,mode=max,builder-id=https://github.com/docker/build-push-action/actions/runs/8437957902 --attest type=sbom,true --target image --metadata-file /home/runner/work/_temp/docker-actions-toolkit-3KzNXb/metadata-file ./test/go
ERROR: invalid value true
We need the canonical representation when using --attest
similar to https://github.com/docker/buildx/blob/8abef5908705e49f7ba88ef8c957e1127b597a2a/util/buildflags/attests.go#L13-L21
Edit: added resolveAttestationAttrs
in https://github.com/docker/actions-toolkit/pull/287 to return the canonical representation.
We don't detect usage of
attests
input and therefore settingattests: type=provenance,mode=max
will result in a duplicated provenance as we already set it automatically and build will fail with:This will also set
builder-id
automatically ifprovenance
is used inattests
which was not the case before.To keep everything consistent across our flags such as
load
andpush
,provenance
andsbom
inputs take precedence over ones set inattests