-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.github: Pin docker buildx version to v0.9.1 (v2) #23220
Conversation
This reverts commit 30b036d. Chance pointed out on Slack that these changes were ineffective because they were placed in the "with" statement for the wrong action. Revert the original commit so we can then cleanly apply the change in the right place. Signed-off-by: Joe Stringer <joe@cilium.io>
GitHub recently rolled out Docker buildx version v0.10.0 on their builders, which transparently changed the MediaType of docker images to OCI v1 and added provenance attestations. Unfortunately, various tools we use in CI like SBOM tooling and docker manifest inspect do not properly support some aspect of the new image formats. This resulted in breaking CI, with some messages like this: level=fatal msg="generating doc: creating SPDX document: generating SPDX package from image ref quay.io/cilium/docker-plugin-ci:XXX: generating image package" This could also lead CI to fail while waiting for image builds to complete, because the command we use to test whether the image is available did not support the image types. This commit attempts to revert buildx back to v0.9.1 to prevent it from generating the images in a format that other tooling doesn't expect. Over time we can work on migrating to buildx v0.10, testing various parts of our CI as we do so. This is a quick-and-dirty hack to stabilize CI for the short term, then we can figure out over time how to properly resolve the conflict between these systems. Signed-off-by: Joe Stringer <joe@cilium.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
v3's the charm ;)
Thanks to @chancez for pointing out why the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep looks like the right spot!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we revert the SBOM revert PR here?
@aanm I was hoping to follow up on that separately once we confirmed that this is switching CI back to generating images in the older / supported format |
@joestringer FYI, you can also work around this by doing Are we ok to backport this to v1.11, CI is broken over there as well. |
GitHub recently rolled out Docker buildx version v0.10.0 on their
builders, which transparently changed the MediaType of docker images to
OCI v1 and added provenance attestations.
Unfortunately, various tools we use in CI like SBOM tooling and docker
manifest inspect do not properly support some aspect of the new image
formats. This resulted in breaking CI, with some messages like this:
This could also lead CI to fail while waiting for image builds to
complete, because the command we use to test whether the image is
available did not support the image types.
This commit attempts to revert buildx back to v0.9.1 to prevent it from
generating the images in a format that other tooling doesn't expect.
Over time we can work on migrating to buildx v0.10, testing various
parts of our CI as we do so.
This is a quick-and-dirty hack to stabilize CI for the short term, then
we can figure out over time how to properly resolve the conflict between
these systems.
Reverts #23206