[X] The documentation does not mention anything about my problem
[X] There are no open or closed issues that are related to my problem
Description
Uusing the build push action into Google Artefact Registry results in the expected number of digests being there, but no tooling can seem to see the SBOM or Provenance information.
Expected behaviour
Running a pipeline would create and push an image and all provenance data to Artefact Registry, and then inspecting that would show it.
Actual behaviour
The build and push seems to succeed, but no tooling can actually read the SBOM or provenance information:
Contributing guidelines
I've found a bug, and:
Description
Uusing the build push action into Google Artefact Registry results in the expected number of digests being there, but no tooling can seem to see the SBOM or Provenance information.
Expected behaviour
Running a pipeline would create and push an image and all provenance data to Artefact Registry, and then inspecting that would show it.
Actual behaviour
The build and push seems to succeed, but no tooling can actually read the SBOM or provenance information:
That makes sense though as when inspecting the image JSON, the SBOM and Provenance keys are not there:
Repository URL
No response
Workflow run URL
No response
YAML workflow
Workflow logs
No response
BuildKit logs
No response
Additional info
The run succeeds and results in 3 digests being show in GAR which I believe is expected:
This might be relate or similar to https://github.com/docker/build-push-action/issues/972 but i'm not 100%