Fix release Docker workflow: remove SHA tags, fix manifest attestation digest#76
Merged
JaredHatfield merged 2 commits intomainfrom Mar 29, 2026
Merged
Conversation
…rkflow
- Remove type=sha from build-and-push and manifest metadata tags so
GHCR shows semver tags (e.g., v1.3.0) as the default pull command
instead of SHA-based tags (e.g., sha-f873d2e)
- Fix digest extraction in manifest job: replace broken
`jq -r '.Digest'` (returned null) with Go template
`--format '{{.Manifest.Digest}}'` for correct sha256 digest output
required by actions/attest-build-provenance
Agent-Logs-Url: https://github.com/UnitVectorY-Labs/hellorest/sessions/8a30df2f-7014-4c9f-aaa7-3174d2965099
Co-authored-by: JaredHatfield <208119+JaredHatfield@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix docker pull tag for container image
Fix release Docker workflow: remove SHA tags, fix manifest attestation digest
Mar 29, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #76 +/- ##
=====================================
Coverage 0.00% 0.00%
=====================================
Files 1 1
Lines 17 17
=====================================
Misses 17 17 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GHCR UI displays
sha-f873d2eas the default pull command instead ofv1.3.0, and the manifest attestation step fails withsubject-digest must be in the format "sha256:<hex-digest>"because the digest extraction returnsnull.Changes
Remove
type=shafrom metadata tags in bothbuild-and-pushandmanifestjobs — unnecessary for a release workflow that already produces semver tags (v1.3.0,v1.3,v1,latest)Fix digest extraction in the manifest job — the old command piped JSON through
jq -r '.Digest'but there is no top-levelDigestfield; the digest lives at.Manifest.Digestin Go template /.manifest.digestin JSON:This returns
sha256:<hex>directly, matching whatactions/attest-build-provenanceexpects forsubject-digest.💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.