search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.42k stars 561 forks source link

SBOM and Provenance generated, but not pushed #1207

Closed PSanetra closed 3 months ago

PSanetra commented 3 months ago

Description

It seems like SBOM and Provenance can be generated, but are not pushed.

Expected behaviour

Setting push: true, provenance: mode=max and sbom: true should push, the image and both the sbom and provenance information as well.

Actual behaviour

The provenance and sbom information does not seem to be pushed:

docker pull registry-1.docker.io/codecentric/single-page-application-server:latest
docker buildx imagetools inspect registry-1.docker.io/codecentric/single-page-application-server:latest --format "{{ json .Provenance.SLSA }}"
null

Repository URL

https://github.com/codecentric/single-page-application-server

Workflow run URL

https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553

YAML workflow

name: Test and Push Images on new Tag

on:
  push:
    tags:
      - v*

jobs:
  push_images:
    name: Test and Push Images
    runs-on: ubuntu-latest
    strategy:
      matrix:
        # "{0}" will be replaced by the latest pushed nginx version
        nginx: [ "mainline", "stable", "{0}" ]
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}
          fetch-depth: 0
          fetch-tags: true

      - name: Get latest nginx tag
        id: latest_nginx_tag
        uses: ./.github/actions/latest-docker-repository-version
        with:
          repository: "nginxinc/nginx-unprivileged"
      - name: Set target nginx tag
        id: target_nginx_tag
        run: |
          NGINX_TAG="${{ format(matrix.nginx, steps.latest_nginx_tag.outputs.version) }}-alpine"
          echo "::set-output name=tag::${NGINX_TAG}"
          echo "NGINX_TAG=${NGINX_TAG}"
      - run: "./.github/workflows/install-dependencies.sh"
      - uses: actions/setup-java@v1
        with:
          java-version: '11'
      - run: "make test NGINX_TAG=\"${{ steps.target_nginx_tag.outputs.tag }}\""
      - name: Determine tags to push
        id: target_tags
        uses: ./.github/actions/determine-target-image-tags
        with:
          git-ref: "${{ github.ref }}"
          nginx-tag: "${{ steps.target_nginx_tag.outputs.tag }}"
          matrix-nginx: "${{ matrix.nginx }}"
          docker-repository: "${{ vars.DOCKER_REPOSITORY }}"
      - uses: docker/setup-qemu-action@v3
        name: Set up QEMU
      - uses: docker/setup-buildx-action@v3
        name: Set up Docker Buildx
      - uses: docker/login-action@v3
        name: Login to Docker Hub
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - uses: docker/build-push-action@v6
        name: Build and push
        if: ${{ steps.target_tags.outputs.tags != '' }}
        with:
          context: .
          platforms: linux/arm/v7,linux/amd64,linux/arm64
          push: true
          pull: true
          tags: ${{ steps.target_tags.outputs.tags }}
          build-args: NGINX_TAG=${{ steps.target_nginx_tag.outputs.tag }}
          provenance: mode=max
          sbom: true

Workflow logs

Run docker/build-push-action@v6
  with:
    context: .
    platforms: linux/arm/v7,linux/amd64,linux/arm64
    push: true
    pull: true
    tags: registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:1.7.0,registry-1.docker.io/codecentric/single-page-application-server:1,registry-1.docker.io/codecentric/single-page-application-server:latest
    build-args: NGINX_TAG=stable-alpine
    provenance: mode=max
    sbom: true
    load: false
    no-cache: false
    github-token: ***
  env:
    JAVA_HOME_11.0.[2](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:2)4_x64: /opt/hostedtoolcache/jdk/11.0.24/x64
    JAVA_HOME: /opt/hostedtoolcache/jdk/11.0.24/x64
    JAVA_HOME_11_0_24_X64: /opt/hostedtoolcache/jdk/11.0.24/x64
GitHub Actions runtime token ACs
  refs/tags/v1.7.0: read/write
  refs/heads/master: read
Docker info
  /usr/bin/docker version
  Client: Docker Engine - Community
   Version:           26.1.[3](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:3)
   API version:       1.[4](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:4)5
   Go version:        go1.21.10
   Git commit:        b72abbb
   Built:             Thu May 16 08:33:29 2024
   OS/Arch:           linux/amd64
   Context:           default

  Server: Docker Engine - Community
   Engine:
    Version:          26.1.3
    API version:      1.4[5](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:5) (minimum version 1.24)
    Go version:       go1.21.10
    Git commit:       8e9[6](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:6)db1
    Built:            Thu May 16 08:33:29 2024
    OS/Arch:          linux/amd64
    Experimental:     false
   containerd:
    Version:          1.[7](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:7).19
    GitCommit:        2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
   runc:
    Version:          1.7.19
    GitCommit:        v1.1.13-0-g58aa920
   docker-init:
    Version:          0.19.0
    GitCommit:        de40ad0
  /usr/bin/docker info
  Client: Docker Engine - Community
   Version:    26.1.3
   Context:    default
   Debug Mode: false
   Plugins:
    buildx: Docker Buildx (Docker Inc.)
      Version:  v0.16.2
      Path:     /usr/libexec/docker/cli-plugins/docker-buildx
    compose: Docker Compose (Docker Inc.)
      Version:  v2.27.1
      Path:     /usr/libexec/docker/cli-plugins/docker-compose

  Server:
   Containers: 2
    Running: 2
    Paused: 0
    Stopped: 0
   Images: 22
   Server Version: 26.1.3
   Storage Driver: overlay2
    Backing Filesystem: extfs
    Supports d_type: true
    Using metacopy: false
    Native Overlay Diff: false
    userxattr: false
   Logging Driver: json-file
   Cgroup Driver: cgroupfs
   Cgroup Version: 2
   Plugins:
    Volume: local
    Network: bridge host ipvlan macvlan null overlay
    Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
   Swarm: inactive
   Runtimes: io.containerd.runc.v2 runc
   Default Runtime: runc
   Init Binary: docker-init
   containerd version: 2bf793ef6dc9a1[8](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:8)e00cb12efb64355c2c9d5eb41
   runc version: v1.1.13-0-g58aa[9](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:9)20
   init version: de40ad0
   Security Options:
    apparmor
    seccomp
     Profile: builtin
    cgroupns
   Kernel Version: 6.5.0-[10](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:10)25-azure
   Operating System: Ubuntu 22.04.4 LTS
   OSType: linux
   Architecture: x86_64
   CPUs: 4
   Total Memory: 15.61GiB
   Name: fv-az849-582
   ID: 3882bec0-d8f5-4df1-8563-cf5f7db8a86b
   Docker Root Dir: /var/lib/docker
   Debug Mode: false
   Username: ***
   Experimental: false
   Insecure Registries:
    127.0.0.0/8
   Live Restore Enabled: false

Proxy configuration
  No proxy configuration found
Buildx version
  /usr/bin/docker buildx version
  github.com/docker/buildx v0.16.2 99dea6dacacc3d604788953088560b9880550570
Builder info
  {
    "nodes": [
      {
        "name": "builder-afa27ee7-14d9-4d6e-8068-ee70142f[11](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:11)280",
        "endpoint": "unix:///var/run/docker.sock",
        "status": "running",
        "buildkitd-flags": "--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host",
        "buildkit": "v0.15.1",
        "platforms": "linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6",
        "features": {
          "Automatically load images to the Docker Engine image store": true,
          "Cache export": true,
          "Docker exporter": true,
          "Multi-platform build": true,
          "OCI exporter": true
        },
        "labels": {
          "org.mobyproject.buildkit.worker.executor": "oci",
          "org.mobyproject.buildkit.worker.hostname": "519f8ff66b42",
          "org.mobyproject.buildkit.worker.network": "host",
          "org.mobyproject.buildkit.worker.oci.process-mode": "sandbox",
          "org.mobyproject.buildkit.worker.selinux.enabled": "false",
          "org.mobyproject.buildkit.worker.snapshotter": "overlayfs"
        },
        "gcPolicy": [
          {
            "all": false,
            "filter": [
              "type==source.local",
              "type==exec.cachemount",
              "type==source.git.checkout"
            ],
            "keepDuration": "48h0m0s",
            "keepBytes": "488.3MiB"
          },
          {
            "all": false,
            "keepDuration": "1440h0m0s",
            "keepBytes": "7.451GiB"
          },
          {
            "all": false,
            "keepBytes": "7.451GiB"
          },
          {
            "all": true,
            "keepBytes": "7.451GiB"
          }
        ]
      }
    ],
    "name": "builder-afa27ee7-14d9-4d6e-8068-ee70142f1[12](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:12)8",
    "driver": "docker-container",
    "lastActivity": "2024-08-09T09:07:32.000Z"
  }
/usr/bin/docker buildx build --build-arg NGINX_TAG=stable-alpine --iidfile /home/runner/work/_temp/docker-actions-toolkit-LVpnVz/build-iidfile-d8c5a5bcab.txt --platform linux/arm/v7,linux/amd64,linux/arm64 --attest type=provenance,mode=max,builder-id=https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/attempts/1 --attest type=sbom,disabled=false --tag registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine --tag registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine --tag registry-1.docker.io/codecentric/single-page-application-server:1.7.0 --tag registry-1.docker.io/codecentric/single-page-application-server:1 --tag registry-1.docker.io/codecentric/single-page-application-server:latest --metadata-file /home/runner/work/_temp/docker-actions-toolkit-LVpnVz/build-metadata-34f9203ade.json --pull --push .
#0 building with "builder-afa27ee7-14d9-4d6e-8068-ee70142f1128" instance using docker-container driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 798B done
#1 DONE 0.0s

#2 [auth] docker/buildkit-syft-scanner:pull token for registry-1.docker.io
#2 DONE 0.0s

#3 resolve image config for docker-image://docker.io/docker/buildkit-syft-scanner:stable-1
#3 DONE 0.3s

#4 [auth] nginxinc/nginx-unprivileged:pull token for registry-1.docker.io
#4 DONE 0.0s

#5 [linux/arm64 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#5 ...

#6 [linux/amd64 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#6 DONE 2.6s

#7 [linux/arm/v7 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#7 DONE 2.6s

#5 [linux/arm64 internal] load metadata for ghcr.io/hairyhenderson/gomplate:stable
#5 DONE 2.6s

#8 [linux/arm64 internal] load metadata for docker.io/nginxinc/nginx-unprivileged:stable-alpine
#8 DONE 2.6s

#9 [linux/arm/v7 internal] load metadata for docker.io/nginxinc/nginx-unprivileged:stable-alpine
#9 DONE 2.6s

#10 [internal] load .dockerignore
#10 transferring context: 89B done
#10 DONE 0.0s

#11 [linux/amd64 internal] load metadata for docker.io/nginxinc/nginx-unprivileged:stable-alpine
#11 DONE 2.6s

#12 [internal] load build context
#12 transferring context: 17.57kB done
#12 DONE 0.0s

#[13](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:13) [linux/arm64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d[14](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:14)64
#13 resolve ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464 0.0s done
#13 sha256:810fabde107c706afbfec4c53d5d28661853cab3140274c9f3e9b50089ec7bd2 127.52kB / 127.52kB 0.0s done
#13 extracting sha256:810fabde107c706afbfec4c53d5d28661853cab3140274c9f3e9b50089ec7bd2 0.0s done
#13 sha256:4dfbff9a6f6686c0984007212063c48a46fe65ab54b6a2d560ee9c1440d30ae8 17.18MB / 17.18MB 0.1s done
#13 ...

#14 [linux/arm64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c687327[15](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:15)ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#14 resolve docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a32[16](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:16)e29cf30d39f511ce399db6f 0.0s done
#14 DONE 0.3s

#13 [linux/arm64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#13 extracting sha256:4dfbff9a6f6686c0984007212063c48a46fe65ab54b6a2d560ee9c1440d30ae8
#13 ...

#15 docker-image://docker.io/docker/buildkit-syft-scanner:stable-1
#15 resolve docker.io/docker/buildkit-syft-scanner:stable-1 0.1s done
#15 sha256:8f55b7fda2c88820456a8687c5a0032f59bc1247451cfdbc968d773124f5da01 24.35MB / 24.35MB 0.3s done
#15 DONE 0.4s

#16 [linux/arm/v7 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#16 resolve docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f 0.0s done
#16 sha256:b0469353aaf8[17](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:17)951a89c34a49877323cd7324a98a91b130725fe16f36b6f968 1.21kB / 1.21kB 0.0s done
#16 sha256:4e9902f7346d8b79cddf6b64ec911096f19e575fddcb9a79ace9ac96bb5bcb9c 395B / 395B 0.0s done
#16 sha256:07516bd1e263a4dffcb8023864d7d5fb4751fa27e132c707492a6c1cfe6871e3 1.40kB / 1.40kB 0.1s done
#16 sha256:8b568d7764cc0dd7dae235fd20ea5fbc996878d8dce9e227f1d8dc954dd8dca3 958B / 958B 0.0s done
#16 sha256:d9687d9551263102961f502df5a3e6a7b4f5e50793a26e48cf3adb6472e89f3d 10.95MB / 10.95MB 0.1s done
#16 sha256:266cd4b6eb5c2f6fa3cd0a930dbc9b16496b7ef95c2aba87f55cd31db03cdee7 2.79kB / 2.79kB 0.1s done
#16 sha256:b0d7a039f3a43de87e90b30c146bb17d83d070da75eb1d31cebee0bec59ad6f6 1.89MB / 1.89MB 0.1s done
#16 sha256:8f161eaa88b843263b696c64fddf34[18](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:19)b0e44eaf5043acda85e43596a2978f9b 2.93MB / 2.93MB 0.1s done
#16 sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc 629B / 629B 0.1s done
#16 extracting sha256:8f161eaa88b843263b696c64fddf3418b0e44eaf5043acda85e43596a2978f9b
#16 extracting sha256:8f161eaa88b843263b696c64fddf3418b0e44eaf5043acda85e43596a2978f9b 0.2s done
#16 extracting sha256:b0d7a039f3a43de87e90b30c146bb17d83d070da75eb1d31cebee0bec59ad6f6
#16 ...

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 resolve docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f 0.0s done
#17 sha256:2b64eae2c2010978c0e827b897b7f031624376dbbd4e853f[19](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:20)206dc0154847b5 1.40kB / 1.40kB 0.0s done
#17 sha256:eac8bc5d40f658acb51de283fb2ef0d808dbd5caf4f7e31295c07891a863f411 1.[20](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:21)kB / 1.20kB 0.0s done
#17 sha256:55dc640efad2457acfa87d778b7a2f540306bead08651d78818973278048ed8f 393B / 393B 0.0s done
#17 sha256:e0b5f3683ce3dfc229d41d7dc3[21](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:23)9ad64b3f7a48a0bceaf07092ce7f5870a170 2.80kB / 2.80kB 0.0s done
#17 sha256:b6b84f87cdcd10eb3514f2af04a55f0f4475d1a1a702bbebd87726c6bdea06bf 956B / 956B 0.1s done
#17 sha256:26b510516f942ee4b20306b71dd486443ac84484eff14dcca2997d21175327c3 13.06MB / 13.06MB 0.1s done
#17 sha256:892d5dc36fde477e5f513c24d294bf53cef41a590d08[22](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:24)7da0cdc15f29274792 1.92MB / 1.92MB 0.0s done
#17 sha256:46b060cc26202cf98e28414d790b5cabd67094bba50315a1ae2e9daf913fca4f 3.42MB / 3.42MB 0.1s done
#17 extracting sha256:46b060cc26202cf98e28414d790b5cabd67094bba50315a1ae2e9daf913fca4f 0.4s done
#17 DONE 0.9s

#13 [linux/arm64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#13 extracting sha256:4dfbff9a6f6686c0984007212063c48a46fe65ab54b6a2d560ee9c1440d30ae8 0.8s done
#13 DONE 1.0s

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 extracting sha256:892d5dc36fde477e5f513c24d294bf53cef41a590d08227da0cdc15f29274792
#17 ...

#18 [linux/arm/v7 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#18 resolve ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464 0.0s done
#18 sha256:333cf68039376cf076054a7da71d96de00f5d5d51a6945ab2c1662930c5b2ddb 17.19MB / 17.19MB 0.2s done
#18 extracting sha256:333cf68039376cf076054a7da71d96de00f5d5d51a6945ab2c1662930c5b2ddb 0.8s done
#18 DONE 1.1s

#19 [linux/amd64 gomplate 1/1] FROM ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464
#19 resolve ghcr.io/hairyhenderson/gomplate:stable@sha256:352552aa583f824675eddb4e3e90e78c4901c3f3906033195402bb3ffc1d1464 0.0s done
#19 sha256:6f70a46b0b8a15b48a25e96982fac0cb10c5b16d7faf9b310a214aeda4929df8 18.67MB / 18.67MB 0.2s done
#19 extracting sha256:6f70a46b0b8a15b48a25e96982fac0cb10c5b16d7faf9b310a214aeda4929df8 0.9s done
#19 DONE 1.1s

#15 docker-image://docker.io/docker/buildkit-syft-scanner:stable-1
#15 extracting sha256:8f55b7fda2c88820456a8687c5a0032f59bc1247451cfdbc968d773124f5da01 0.8s done
#15 DONE 1.2s

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 extracting sha256:892d5dc36fde477e5f513c24d294bf53cef41a590d08227da0cdc15f29274792 0.4s done
#17 DONE 1.3s

#16 [linux/arm/v7 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c68732715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#16 extracting sha256:b0d7a039f3a43de87e90b30c146bb17d83d070da75eb1d31cebee0bec59ad6f6 0.6s done
#16 extracting sha256:266cd4b6eb5c2f6fa3cd0a930dbc9b16496b7ef95c2aba87f55cd31db03cdee7 done
#16 extracting sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc done
#16 extracting sha256:8b568d7764cc0dd7dae[23](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:25)5fd20ea5fbc996878d8dce9e227f1d8dc954dd8dca3 done
#16 extracting sha256:4e9902f7346d8b79cddf6b64ec911096f19e575fddcb9a79ace9ac96bb5bcb9c
#16 extracting sha256:4e9902f7346d8b79cddf6b64ec911096f19e575fddcb9a79ace9ac96bb5bcb9c 0.0s done
#16 extracting sha256:b0469353aaf817951a89c34a49877323cd73[24](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:26)a98a91b130725fe16f36b6f968 done
#16 extracting sha[25](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:27)6:07516bd1e263a4dffcb8023864d7d5fb4751fa27e132c707492a6c1cfe6871e3 done
#16 extracting sha256:d9687d9551[26](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:28)3102961f502df5a3e6a7b4f5e50793a26e48cf3adb6472e89f3d
#16 extracting sha256:d9687d9551263102961f502df5a3e6a7b4f5e50793a26e48cf3adb6472e89f3d 0.3s done
#16 DONE 1.5s

#17 [linux/amd64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:31fd0a1c6873[27](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:29)15ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#17 extracting sha256:e0b5f3683ce3dfc229d41d7dc3219ad64b3f7a48a0bceaf07092ce7f5870a170 done
#17 extracting sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc done
#17 extracting sha256:b6b84f87cdcd10eb3514f2af04a55f0f4475d1a1a702bbebd87726c6bdea06bf 0.0s done
#17 extracting sha256:55dc640efad2457acfa87d778b7a2f540306bead08651d78818973278048ed8f done
#17 extracting sha256:eac8bc5d40f658acb51de[28](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:30)3fb2ef0d808dbd5caf4f7e31295c07891a863f411 done
#17 extracting sha256:2b64eae2c2010978c0e827b897b7f031624376dbbd4e853f19206dc0154847b5 done
#17 extracting sha256:26b510516f942ee4b20306b71dd486443ac84484eff14dcca[29](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:31)97d21175327c3
#17 extracting sha256:26b510516f942ee4b20[30](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:32)6b71dd486443ac84484eff14dcca2997d21175327c3 0.4s done
#17 DONE 1.7s

#14 [linux/arm64 single-page-app-server 1/8] FROM docker.io/nginxinc/nginx-unprivileged:stable-alpine@sha256:[31](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:33)fd0a1c687[32](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:34)715ec813ddb0438f74ce4d5a3216e29cf30d39f511ce399db6f
#14 sha256:15b4d4e2935570ae1d749b3252d109662e43d9702c1b9cde7843b1e597d0a7ff 1.40kB / 1.40kB 0.0s done
#14 sha256:6710a10ed2d65e51267ece279e169bdf4cebf6f950ca2a0f22536eb44ad42c[33](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:35) 1.20kB / 1.20kB 0.0s done
#14 sha256:987dbd924757ffc4063d050dd616e70578d0cf701663a1e1c287fca7e91e13cc 393B / 393B 0.0s done
#14 sha256:ee0b3a688664d8d4b65054cafbda8cc98e0184aa0e8ce48d5aa22c47ec21610e 956B / 956B 0.0s done
#14 sha256:1f8d6d4912055b938e20750becc9ff62386f171ae9efaf0b95378c23c53cfed9 12.94MB / 12.94MB 0.1s done
#14 sha256:0ca62804923016328d[34](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:36)ea29f7695397848744f147e85ee622d3bd26a2db84c6 2.80kB / 2.80kB 0.1s done
#14 sha256:8053abc1aabccb64447ccebb91a8ea4a0c7406824b7994f2e30cb046c2f60251 1.95MB / 1.95MB 0.1s done
#14 sha256:119661e64d8d593a625274dd829d8550c61de6dd5631287dfea42e99c1c2c736 3.36MB / 3.36MB 0.1s done
#14 extracting sha256:119661e64d8d593a625274dd829d8550c61de6dd5631287dfea42e99c1c2c736 0.4s done
#14 extracting sha256:8053abc1aabccb64447ccebb91a8ea4a0c7406824b7994f2e30cb046c2f60251 0.3s done
#14 extracting sha256:0ca62804923016328d34ea29f7695397848744f147e85ee622d3bd26a2db84c6 0.0s done
#14 extracting sha256:5411467d6b42583a2bf18c867b22522001c8bc41cf06ae1316f587f8442bbbbc done
#14 extracting sha256:ee0b3a688664d8d4b65054cafbda8cc98e0184aa0e8ce48d5aa22c47ec21610e done
#14 extracting sha256:987dbd924757ffc4063d050dd616e70578d0cf701663a1e1c287fca7e91e13cc done
#14 extracting sha256:6710a10ed2d65e51267ece279e169bdf4cebf6f950ca2a0f22536eb44ad42c33 done
#14 extracting sha256:15b4d4e29[35](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:37)570ae1d749b3252d109662e43d9702c1b9cde7843b1e597d0a7ff done
#14 extracting sha256:1f8d6d4912055b938e20750becc9ff62386f171ae9efaf0b95378c23c53cfed9
#14 extracting sha256:1f8d6d4912055b938e20750becc9ff62386f171ae9efaf0b95378c23c53cfed9 0.4s done
#14 DONE 1.7s

#20 [linux/arm64 single-page-app-server 2/8] COPY --from=gomplate /gomplate /usr/local/bin/gomplate
#20 DONE 0.5s

#21 [linux/amd64 single-page-app-server 2/8] COPY --from=gomplate /gomplate /usr/local/bin/gomplate
#21 DONE 0.6s

#22 [linux/arm/v7 single-page-app-server 2/8] COPY --from=gomplate /gomplate /usr/local/bin/gomplate
#22 DONE 0.7s

#23 [linux/arm64 single-page-app-server 3/8] WORKDIR /app
#23 DONE 0.0s

#24 [linux/amd64 single-page-app-server 3/8] WORKDIR /app
#24 DONE 0.0s

#25 [linux/arm/v7 single-page-app-server 3/8] WORKDIR /app
#25 DONE 0.0s

#26 [linux/amd64 single-page-app-server 4/8] COPY ./docker-entrypoint.sh /docker-entrypoint.sh
#26 DONE 0.0s

#27 [linux/arm64 single-page-app-server 4/8] COPY ./docker-entrypoint.sh /docker-entrypoint.sh
#27 DONE 0.0s

#28 [linux/arm/v7 single-page-app-server 4/8] COPY ./docker-entrypoint.sh /docker-entrypoint.sh
#28 DONE 0.0s

#29 [linux/amd64 single-page-app-server 5/8] COPY ./config/ /config/
#29 DONE 0.0s

#30 [linux/arm/v7 single-page-app-server 5/8] COPY ./config/ /config/
#30 DONE 0.0s

#31 [linux/arm64 single-page-app-server 5/8] COPY ./config/ /config/
#31 DONE 0.0s

#32 [linux/arm64 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#32 ...

#33 [linux/amd64 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#33 DONE 0.5s

#32 [linux/arm64 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#32 DONE 0.6s

#34 [linux/arm/v7 single-page-app-server 6/8] RUN chown -R 101:101 /docker-entrypoint.sh "/config" "/app"
#34 DONE 0.6s

#35 [linux/amd64 single-page-app-server 7/8] RUN rm -r /etc/nginx/conf.d/ && ln -s "/config/.out/conf.d" /etc/nginx/conf.d
#35 DONE 0.1s

#[36](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:38) [linux/amd64 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#36 0.054 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
#36 ...

#[37](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:39) [linux/arm64 single-page-app-server 7/8] RUN rm -r /etc/nginx/conf.d/ && ln -s "/config/.out/conf.d" /etc/nginx/conf.d
#37 DONE 0.1s

#[38](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:40) [linux/arm/v7 single-page-app-server 7/8] RUN rm -r /etc/nginx/conf.d/ && ln -s "/config/.out/conf.d" /etc/nginx/conf.d
#38 DONE 0.1s

#36 [linux/amd64 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#36 0.170 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
#36 0.487 (1/5) Installing libcap2 (2.69-r1)
#36 0.491 (2/5) Installing libcap-getcap (2.69-r1)
#36 0.493 (3/5) Installing libcap-setcap (2.69-r1)
#36 0.496 (4/5) Installing libcap-utils (2.69-r1)
#36 0.502 (5/5) Installing libcap (2.69-r1)
#36 0.505 Executing busybox-1.36.1-r19.trigger
#36 0.511 OK: 46 MiB in 71 packages
#36 0.586 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
#36 0.671 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
#36 0.949 (1/5) Purging libcap (2.69-r1)
#36 0.949 (2/5) Purging libcap-utils (2.69-r1)
#36 0.950 (3/5) Purging libcap-getcap (2.69-r1)
#36 0.951 (4/5) Purging libcap-setcap (2.69-r1)
#36 0.951 (5/5) Purging libcap2 (2.69-r1)
#36 0.951 Executing busybox-1.36.1-r19.trigger
#36 0.958 OK: 46 MiB in 66 packages
#36 DONE 1.1s

#[39](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:41) [linux/arm/v7 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#39 0.169 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/armv7/APKINDEX.tar.gz
#39 0.945 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/armv7/APKINDEX.tar.gz
#39 ...

#[40](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:42) [linux/amd64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#40 0.097 time="2024-08-09T09:07:42Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#40 DONE 1.0s

#39 [linux/arm/v7 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#39 2.281 (1/5) Installing libcap2 (2.69-r1)
#39 2.290 (2/5) Installing libcap-getcap (2.69-r1)
#39 2.294 (3/5) Installing libcap-setcap (2.69-r1)
#39 2.299 (4/5) Installing libcap-utils (2.69-r1)
#39 2.305 (5/5) Installing libcap (2.69-r1)
#39 2.309 Executing busybox-1.36.1-r19.trigger
#39 2.356 OK: 33 MiB in 72 packages
#39 2.554 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/armv7/APKINDEX.tar.gz
#39 3.103 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/armv7/APKINDEX.tar.gz
#39 ...

#[41](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:43) [linux/arm64 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#41 0.145 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/aarch64/APKINDEX.tar.gz
#41 0.669 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/aarch64/APKINDEX.tar.gz
#41 1.729 (1/5) Installing libcap2 (2.69-r1)
#41 1.743 (2/5) Installing libcap-getcap (2.69-r1)
#41 1.748 (3/5) Installing libcap-setcap (2.69-r1)
#41 1.752 (4/5) Installing libcap-utils (2.69-r1)
#41 1.760 (5/5) Installing libcap (2.69-r1)
#41 1.765 Executing busybox-1.36.1-r19.trigger
#41 1.840 OK: 48 MiB in 71 packages
#41 2.080 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/aarch64/APKINDEX.tar.gz
#41 2.722 fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/aarch64/APKINDEX.tar.gz
#41 3.637 (1/5) Purging libcap (2.69-r1)
#41 3.638 (2/5) Purging libcap-utils (2.69-r1)
#41 3.639 (3/5) Purging libcap-getcap (2.69-r1)
#41 3.639 (4/5) Purging libcap-setcap (2.69-r1)
#41 3.639 (5/5) Purging libcap2 (2.69-r1)
#41 3.640 Executing busybox-1.36.1-r19.trigger
#41 3.686 OK: 47 MiB in 66 packages
#41 DONE 3.8s

#39 [linux/arm/v7 single-page-app-server 8/8] RUN apk --no-cache add libcap &&     setcap cap_net_bind_service=+ep /usr/sbin/nginx &&     apk --no-cache del libcap
#39 3.934 (1/5) Purging libcap (2.69-r1)
#39 3.934 (2/5) Purging libcap-utils (2.69-r1)
#39 3.935 (3/5) Purging libcap-getcap (2.69-r1)
#39 3.935 (4/5) Purging libcap-setcap (2.69-r1)
#39 3.935 (5/5) Purging libcap2 (2.69-r1)
#39 3.936 Executing busybox-1.36.1-r19.trigger
#39 3.987 OK: 33 MiB in 67 packages
#39 DONE 4.1s

#[42](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:44) [linux/arm64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#42 0.069 time="2024-08-09T09:07:44Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#42 DONE 0.8s

#[43](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:45) [linux/arm/v7] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#43 0.076 time="2024-08-09T09:07:45Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#43 DONE 0.8s

#[44](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:46) exporting to image
#44 exporting layers
#44 exporting layers 2.5s done
#44 exporting manifest sha256:bf1b[45](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:47)d618c12f65574ee61f5012eb61db93774150890215fbcca44caf6d8a0f done
#44 exporting config sha256:eb63583cdd354ddf392e0cc92c3dcd0e33fed2b09cc2868b36ef24999aa3e199 done
#44 exporting attestation manifest sha256:10ac6562eb256bb6724fc3ea719778d6ccdcd3502cfa319b8bffa401a3e0c04f
#44 exporting attestation manifest sha256:10ac6562eb256bb6724fc3ea719778d6ccdcd3502cfa319b8bffa401a3e0c04f done
#44 exporting manifest sha256:6019b0868e945e1c7d7[46](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:48)0cf22817a88da0894e716d5a9570a603590ffec959c done
#44 exporting config sha256:f50e36b840318aa986977e5532e1da5ddf20[47](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:49)35ca1a807d834faed5f64f7f14 done
#44 exporting attestation manifest sha256:9421c82fead38287d605e9393d23c1a6cd3be646[48](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:50)5fcefeed75e02837573e57
#44 exporting attestation manifest sha256:9421c82fead38287d605e9393d23c1a6cd3be646485fcefeed75e02837573e57 done
#44 exporting manifest sha256:351bcdf7bae7ffbb9fa0321b712d7dbd63dce6f899fc0ef3d836fe1c0ec9b956 done
#44 exporting config sha256:b88cfb60c2c3536530316eb776821afcb42be34c6dc995c540ea415ae429bffc done
#44 exporting attestation manifest sha256:fe157900f4fcc62a995e5c718d709b33561e2ff7[50](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:52)2364cc2b4d773ca0e26b28
#44 ...

#45 [auth] codecentric/single-page-application-server:pull,push token for registry-1.docker.io
#45 DONE 0.0s

#44 exporting to image
#44 exporting attestation manifest sha256:fe157900f4fcc62a995e5c718d709b33561e2ff7502364cc2b4d773ca0e26b28 done
#44 exporting manifest list sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de[52](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:54)acc701 done
#44 pushing layers
#44 pushing layers 3.8s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 1.2s done
#44 pushing layers 0.9s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.4s done
#44 pushing layers 0.3s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1.7.0@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1.7.0@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.5s done
#44 pushing layers 0.3s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:1@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.5s done
#44 pushing layers 0.3s done
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
#44 pushing manifest for registry-1.docker.io/codecentric/single-page-application-server:latest@sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701 0.4s done
#44 DONE 12.9s

#46 resolving provenance for metadata file
#46 DONE 0.0s

 3 warnings found (use docker --debug to expand):
 - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 2)
 - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 3)
 - InvalidDefaultArgInFrom: Default value for ARG nginxinc/nginx-unprivileged:${NGINX_TAG} results in empty or invalid base image name (line 3)
ImageID
  sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
Digest
  sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701
Metadata
  {
    "buildx.build.ref": "builder-afa27ee7-14d9-4d6e-8068-ee70142f1128/builder-afa27ee7-14d9-4d6e-8068-ee70142f11280/pnoimr60lu9xd7eoy7tp0jezq",
    "buildx.build.warnings": [
      {
        "vertex": "sha256:e1aff[54](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:56)02f8d9b4a8077f295b7f2b78d6dc9adc0c92054c0f3cf1[56](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:58)5031f7abf",
        "level": 1,
        "short": "RnJvbUFzQ2FzaW5nOiAnYXMnIGFuZCAnRlJPTScga2V5d29yZHMnIGNhc2luZyBkbyBub3QgbWF0Y2ggKGxpbmUgMyk=",
        "detail": [
          "VGhlICdhcycga2V5d29yZCBzaG91bGQgbWF0Y2ggdGhlIGNhc2Ugb2YgdGhlICdmcm9tJyBrZXl3b3Jk"
        ],
        "url": "https://docs.docker.com/go/dockerfile/rule/from-as-casing/",
        "sourceInfo": {
          "filename": "Dockerfile",
          "data": "QVJHIE5HSU5YX1RBRwpGUk9NIGdoY3IuaW8vaGFpcnloZW5kZXJzb24vZ29tcGxhdGU6c3RhYmxlIGFzIGdvbXBsYXRlCkZST00gbmdpbnhpbmMvbmdpbngtdW5wcml2aWxlZ2VkOiR7TkdJTlhfVEFHfSBhcyBzaW5nbGUtcGFnZS1hcHAtc2VydmVyCkNPUFkgLS1mcm9tPWdvbXBsYXRlIC9nb21wbGF0ZSAvdXNyL2xvY2FsL2Jpbi9nb21wbGF0ZQoKRU5WIEFQUF9ST09UPSIvYXBwIgpFTlYgQ09ORklHX0RJUj0iL2NvbmZpZyIKRU5WIENPTkZJR19GSUxFUz0iIgoKV09SS0RJUiAke0FQUF9ST09UfQoKQ09QWSAuL2RvY2tlci1lbnRyeXBvaW50LnNoIC9kb2NrZXItZW50cnlwb2ludC5zaApDT1BZIC4vY29uZmlnLyAiJHtDT05GSUdfRElSfS8iCgpVU0VSIHJvb3QKUlVOIGNob3duIC1SIDEwMToxMDEgL2RvY2tlci1lbnRyeXBvaW50LnNoICIke0NPTkZJR19ESVJ9IiAiJHtBUFBfUk9PVH0iClJVTiBybSAtciAvZXRjL25naW54L2NvbmYuZC8gJiYgbG4gLXMgIiR7Q09ORklHX0RJUn0vLm91dC9jb25mLmQiIC9ldGMvbmdpbngvY29uZi5kCiMgRW5hYmxlIGJpbmRpbmcgcHJpdmlsZWdlZCBwb3J0cyB3aXRoIG5vbiByb290IHVzZXIKUlVOIGFwayAtLW5vLWNhY2hlIGFkZCBsaWJjYXAgJiYgXAogICAgc2V0Y2FwIGNhcF9uZXRfYmluZF9zZXJ2aWNlPStlcCAvdXNyL3NiaW4vbmdpbnggJiYgXAogICAgYXBrIC0tbm8tY2FjaGUgZGVsIGxpYmNhcApVU0VSIG5naW54CgpFTlRSWVBPSU5UIFsiL2RvY2tlci1lbnRyeXBvaW50LnNoIl0K",
          "language": "Dockerfile"
        },
        "range": [
          {
            "start": {
              "line": 3
            },
            "end": {
              "line": 3
            }
          }
        ]
      },
      {
        "vertex": "sha256:e1aff5402f8d9b4a8077f295b7f2b78d6dc9adc0c92054c0f3cf1565031f7abf",
        "level": 1,
        "short": "SW52YWxpZERlZmF1bHRBcmdJbkZyb206IERlZmF1bHQgdmFsdWUgZm9yIEFSRyBuZ2lueGluYy9uZ2lueC11bnByaXZpbGVnZWQ6JHtOR0lOWF9UQUd9IHJlc3VsdHMgaW4gZW1wdHkgb3IgaW52YWxpZCBiYXNlIGltYWdlIG5hbWUgKGxpbmUgMyk=",
        "detail": [
          "RGVmYXVsdCB2YWx1ZSBmb3IgZ2xvYmFsIEFSRyByZXN1bHRzIGluIGFuIGVtcHR5IG9yIGludmFsaWQgYmFzZSBpbWFnZSBuYW1l"
        ],
        "url": "https://docs.docker.com/go/dockerfile/rule/invalid-default-arg-in-from/",
        "sourceInfo": {
          "filename": "Dockerfile",
          "data": "QVJHIE5HSU5YX1RBRwpGUk9NIGdoY3IuaW8vaGFpcnloZW5kZXJzb24vZ29tcGxhdGU6c3RhYmxlIGFzIGdvbXBsYXRlCkZST00gbmdpbnhpbmMvbmdpbngtdW5wcml2aWxlZ2VkOiR7TkdJTlhfVEFHfSBhcyBzaW5nbGUtcGFnZS1hcHAtc2VydmVyCkNPUFkgLS1mcm9tPWdvbXBsYXRlIC9nb21wbGF0ZSAvdXNyL2xvY2FsL2Jpbi9nb21wbGF0ZQoKRU5WIEFQUF9ST09UPSIvYXBwIgpFTlYgQ09ORklHX0RJUj0iL2NvbmZpZyIKRU5WIENPTkZJR19GSUxFUz0iIgoKV09SS0RJUiAke0FQUF9ST09UfQoKQ09QWSAuL2RvY2tlci1lbnRyeXBvaW50LnNoIC9kb2NrZXItZW50cnlwb2ludC5zaApDT1BZIC4vY29uZmlnLyAiJHtDT05GSUdfRElSfS8iCgpVU0VSIHJvb3QKUlVOIGNob3duIC1SIDEwMToxMDEgL2RvY2tlci1lbnRyeXBvaW50LnNoICIke0NPTkZJR19ESVJ9IiAiJHtBUFBfUk9PVH0iClJVTiBybSAtciAvZXRjL25naW54L2NvbmYuZC8gJiYgbG4gLXMgIiR7Q09ORklHX0RJUn0vLm91dC9jb25mLmQiIC9ldGMvbmdpbngvY29uZi5kCiMgRW5hYmxlIGJpbmRpbmcgcHJpdmlsZWdlZCBwb3J0cyB3aXRoIG5vbiByb290IHVzZXIKUlVOIGFwayAtLW5vLWNhY2hlIGFkZCBsaWJjYXAgJiYgXAogICAgc2V0Y2FwIGNhcF9uZXRfYmluZF9zZXJ2aWNlPStlcCAvdXNyL3NiaW4vbmdpbnggJiYgXAogICAgYXBrIC0tbm8tY2FjaGUgZGVsIGxpYmNhcApVU0VSIG5naW54CgpFTlRSWVBPSU5UIFsiL2RvY2tlci1lbnRyeXBvaW50LnNoIl0K",
          "language": "Dockerfile"
        },
        "range": [
          {
            "start": {
              "line": 3
            },
            "end": {
              "line": 3
            }
          }
        ]
      },
      {
        "vertex": "sha256:e1aff5402f8d9b4a8077f295b7f2b78d6dc9adc0c92054c0f3cf1565031f7abf",
        "level": 1,
        "short": "RnJvbUFzQ2FzaW5nOiAnYXMnIGFuZCAnRlJPTScga2V5d29yZHMnIGNhc2luZyBkbyBub3QgbWF0Y2ggKGxpbmUgMik=",
        "detail": [
          "VGhlICdhcycga2V5d29yZCBzaG91bGQgbWF0Y2ggdGhlIGNhc2Ugb2YgdGhlICdmcm9tJyBrZXl3b3Jk"
        ],
        "url": "https://docs.docker.com/go/dockerfile/rule/from-as-casing/",
        "sourceInfo": {
          "filename": "Dockerfile",
          "data": "QVJHIE5HSU5YX1RBRwpGUk9NIGdoY3IuaW8vaGFpcnloZW5kZXJzb24vZ29tcGxhdGU6c3RhYmxlIGFzIGdvbXBsYXRlCkZST00gbmdpbnhpbmMvbmdpbngtdW5wcml2aWxlZ2VkOiR7TkdJTlhfVEFHfSBhcyBzaW5nbGUtcGFnZS1hcHAtc2VydmVyCkNPUFkgLS1mcm9tPWdvbXBsYXRlIC9nb21wbGF0ZSAvdXNyL2xvY2FsL2Jpbi9nb21wbGF0ZQoKRU5WIEFQUF9ST09UPSIvYXBwIgpFTlYgQ09ORklHX0RJUj0iL2NvbmZpZyIKRU5WIENPTkZJR19GSUxFUz0iIgoKV09SS0RJUiAke0FQUF9ST09UfQoKQ09QWSAuL2RvY2tlci1lbnRyeXBvaW50LnNoIC9kb2NrZXItZW50cnlwb2ludC5zaApDT1BZIC4vY29uZmlnLyAiJHtDT05GSUdfRElSfS8iCgpVU0VSIHJvb3QKUlVOIGNob3duIC1SIDEwMToxMDEgL2RvY2tlci1lbnRyeXBvaW50LnNoICIke0NPTkZJR19ESVJ9IiAiJHtBUFBfUk9PVH0iClJVTiBybSAtciAvZXRjL25naW54L2NvbmYuZC8gJiYgbG4gLXMgIiR7Q09ORklHX0RJUn0vLm91dC9jb25mLmQiIC9ldGMvbmdpbngvY29uZi5kCiMgRW5hYmxlIGJpbmRpbmcgcHJpdmlsZWdlZCBwb3J0cyB3aXRoIG5vbiByb290IHVzZXIKUlVOIGFwayAtLW5vLWNhY2hlIGFkZCBsaWJjYXAgJiYgXAogICAgc2V0Y2FwIGNhcF9uZXRfYmluZF9zZXJ2aWNlPStlcCAvdXNyL3NiaW4vbmdpbnggJiYgXAogICAgYXBrIC0tbm8tY2FjaGUgZGVsIGxpYmNhcApVU0VSIG5naW54CgpFTlRSWVBPSU5UIFsiL2RvY2tlci1lbnRyeXBvaW50LnNoIl0K",
          "language": "Dockerfile"
        },
        "range": [
          {
            "start": {
              "line": 2
            },
            "end": {
              "line": 2
            }
          }
        ]
      }
    ],
    "containerimage.descriptor": {
      "mediaType": "application/vnd.oci.image.index.v1+json",
      "digest": "sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701",
      "size": 2385
    },
    "containerimage.digest": "sha256:147efe4875cd1290c2002941ea1ea731cc326f1b8b2895fc97dfb0de52acc701",
    "image.name": "registry-1.docker.io/codecentric/single-page-application-server:1-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:latest-nginx-stable-alpine,registry-1.docker.io/codecentric/single-page-application-server:1.7.0,registry-1.docker.io/codecentric/single-page-application-server:1,registry-1.docker.io/codecentric/single-page-application-server:latest"
  }
Reference
  builder-afa27ee7-14d9-4d6e-8068-ee70142f1128/builder-afa27ee7-14d9-4d6e-8068-ee70142f11280/pnoimr[60](https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:62)lu9xd7eoy7tp0jezq
Generating GitHub annotations (3 build checks found)
  Warning: FromAsCasing: 'as' and 'FROM' keywords' casing do not match
  More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/
  Warning: InvalidDefaultArgInFrom: Default value for ARG nginxinc/nginx-unprivileged:${NGINX_TAG} results in empty or invalid base image name
  More info: https://docs.docker.com/go/dockerfile/rule/invalid-default-arg-in-from/
  Warning: FromAsCasing: 'as' and 'FROM' keywords' casing do not match
  More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/
Check build summary support
  Build summary supported!

BuildKit logs

No response

Additional info

No response

crazy-max commented 3 months ago

The provenance and sbom information does not seem to be pushed:

I see the provenance pushed for each platform: https://explore.ggcr.dev/?image=registry-1.docker.io%2Fcodecentric%2Fsingle-page-application-server%3Alatest

For example: https://explore.ggcr.dev/?blob=registry-1.docker.io/codecentric/single-page-application-server@sha256:d99c1f4bad10eb109ce72a46f0036457426f9c9c378295f6e368db333f4751c6&mt=application%2Fvnd.in-toto%2Bjson&size=1456582

I see SBOM generated in your pipeline: https://github.com/codecentric/single-page-application-server/actions/runs/10316606904/job/28559186553#step:12:478

#40 [linux/amd64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#40 0.097 time="2024-08-09T09:07:42Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#40 DONE 1.0s
...

#42 [linux/arm64] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#42 0.069 time="2024-08-09T09:07:44Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#42 DONE 0.8s

#43 [linux/arm/v7] generating sbom using docker.io/docker/buildkit-syft-scanner:stable-1
#43 0.076 time="2024-08-09T09:07:45Z" level=info msg="starting syft scanner for buildkit v1.4.0"
#43 DONE 0.8s

And I see the attestation manifest as well: https://explore.ggcr.dev/?image=registry-1.docker.io/codecentric/single-page-application-server@sha256:10ac6562eb256bb6724fc3ea719778d6ccdcd3502cfa319b8bffa401a3e0c04f&mt=application%2Fvnd.oci.image.manifest.v1%2Bjson&size=841

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "size": 241,
    "digest": "sha256:b2cae79b4ef3a33113e001a4cf2d65b47ce823d00a05febd4359c334e3fa6cc3"
  },
  "layers": [
    {
      "mediaType": "application/vnd.in-toto+json",
      "size": 1456582,
      "digest": "sha256:d99c1f4bad10eb109ce72a46f0036457426f9c9c378295f6e368db333f4751c6",
      "annotations": {
        "in-toto.io/predicate-type": "https://spdx.dev/Document"
      }
    },
    {
      "mediaType": "application/vnd.in-toto+json",
      "size": 25918,
      "digest": "sha256:cb2f94c255c270e68f37053aa326e4730e1dab984469f0e6a54e7fe2942705f3",
      "annotations": {
        "in-toto.io/predicate-type": "https://slsa.dev/provenance/v0.2"
      }
    }
  ]
}

See https://explore.ggcr.dev/?blob=registry-1.docker.io/codecentric/single-page-application-server@sha256:d99c1f4bad10eb109ce72a46f0036457426f9c9c378295f6e368db333f4751c6&mt=application%2Fvnd.in-toto%2Bjson&size=1456582

docker pull registry-1.docker.io/codecentric/single-page-application-server:latest
docker buildx imagetools inspect registry-1.docker.io/codecentric/single-page-application-server:latest --format "{{ json .Provenance.SLSA }}"
null

Syntax is not correct to check provenance with imagetools: https://docs.docker.com/reference/cli/docker/buildx/imagetools/inspect/#json-output

$ docker buildx imagetools inspect registry-1.docker.io/codecentric/single-page-application-server:latest --format "{{ json .Provenance }}"

Also no need to pull the image.