Closed xkobal closed 2 years ago
I have my answer, it just coming from the isRegistryGCR
function. The library is working like a charm when I skip this check.
I will try to make a Pull Request to develop this feature.
Hi @xkobal Thanks for reporting this issue and send over the fix! I'll get to the PR.
The merge of the PR fix the issue. Thanks for quick merging.
Expected Behavior
Allow to check & sign an image hosted on a docker repository made with GCP Artifact Registry.
Actual Behavior
As mentioned on this blog post, https://cloud.google.com/blog/products/application-development/understanding-artifact-registry-vs-container-registry Artifact Registry is the recommanded kind of registry now, as Container Registry won't have new features.
I have a complete GCB working workfow with Kritis-Signer, K8s Binary Authorization. It works like a charm on
*.gcr.io
repositories. I was doing some tests to begin to migrate my docker images to Artifact Registry:*-docker.pkg.dev
.But when I try to check my images, it give me an error:
Found err europe-docker.pkg.dev/[PROJECT]/vulnerability-check/test@sha256:[SHA256] is not a valid image hosted in GCR
The error is coming from this ligne of code: https://github.com/grafeas/kritis/blob/faeba81c520ca742fe378cc87d99e04bdda098c1/pkg/kritis/metadata/containeranalysis/containeranalysis.go#L185
I don't know if it just a problem of the ckeck, or if Kritis Signer doesn't work at all with Artifact Registry.
Steps to Reproduce the Problem
Environment, commands
deploy/kritis-signer/cloudbuild.yaml
to change the target repository.Thank you for your help.