Cant use ghcr pushed images in following jobs

[phyzical]

Contributing guidelines

• I've read the contributing guidelines and wholeheartedly agree

I've found a bug, and:

• The documentation does not mention anything about my problem
• There are no open or closed issues that are related to my problem

Description

Hey i'm trying to use docker-login to connect to ghcr.io

For builds push and cache-from works as expected.

But if i try to use these same images in simple "docker run" context i seem to get manifest not found?

i have provided a stripped down yaml.

hopefully its just something silly?

Edit:
If i run docker inspect locally i get

[]
Error: No such object: org/repo:latest

but if i run docker buildx imagetools inspect it starts returning manifests?

Expected behaviour

should work successfully pull down the iamge

Actual behaviour

returns "manifest unknown"

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: Build Docker Image
on:
  
jobs:
  init:
    outputs:
      GITHUB_REGISTRY_REF: ${{ steps.env.outputs.GITHUB_REGISTRY_REF }}
      GITHUB_CACHE_IMAGE_ID_TAG: ${{ steps.env.outputs.GITHUB_CACHE_IMAGE_ID_TAG }}
      GITHUB_LATEST_IMAGE_ID_TAG: ${{ steps.env.outputs.GITHUB_LATEST_IMAGE_ID_TAG }}
    name: init
    runs-on: ubuntu-latest
    steps:
      - name: set more envs
        id: env
        run: |
          GITHUB_REGISTRY_REF="ghcr.io/org/${{ inputs.ecr_repository }}"
          echo "GITHUB_REGISTRY_REF=$GITHUB_REGISTRY_REF" >> $GITHUB_OUTPUT
          echo "GITHUB_CACHE_IMAGE_ID_TAG=$GITHUB_REGISTRY_REF:cache" >> $GITHUB_OUTPUT

          GITHUB_LATEST_IMAGE_ID_TAG="$GITHUB_REGISTRY_REF:latest"
          echo "GITHUB_LATEST_IMAGE_ID_TAG=$GITHUB_LATEST_IMAGE_ID_TAG" >> $GITHUB_OUTPUT

  build-test:
    needs: [init]
    strategy:
      matrix:
        arch: ${{ fromJSON(inputs.platforms) }}
    # TODO: need to make runner more configurable atm asssumes we only want amd
    runs-on: ${{ (matrix.arch == 'linux/amd64' && inputs.runner) || (matrix.arch == 'linux/arm64' && 'arm64-4core') }}
    name: Build Test Image
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          aws-region: ap-southeast-2
          role-to-assume: ${{ secrets.ROLE }}
          role-session-name: GithubActions-${{ inputs.ecr_repository }}-ci

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1

      - name: Login to GitHub Container Registry
        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ needs.init.outputs.BRANCH_NAME }}


      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0

      - name: Build Test OCI Image
        id: build-test
        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
        with:
          context: .
          push: true
          tags: ${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }}
          cache-from: type=registry,ref=${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }}
          cache-to: type=registry,ref=${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }},mode=max
          target: development
          platforms: ${{ matrix.arch }}

  build-production:
    needs: [init, build-test]
    strategy:
      matrix:
        arch: ${{ fromJSON(inputs.platforms) }}
    runs-on: ${{ (matrix.arch == 'linux/amd64' && inputs.runner) || (matrix.arch == 'linux/arm64' && 'arm64-4core') }}
    name: Build Production Image
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ needs.init.outputs.BRANCH_NAME }}

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          aws-region: ap-southeast-2
          role-to-assume: ${{ secrets.ROLE }}
          role-session-name: GithubActions-${{ inputs.ecr_repository }}-ci

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1

      - name: Login to GitHub Container Registry
        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0

      - name: Build Production OCI Image
        id: build-production
        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
        with:
          context: .
          push: true
          tags: ${{ needs.init.outputs.GITHUB_LATEST_IMAGE_ID_TAG }}
          cache-from: |
            type=registry,ref=${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }}
            type=registry,ref=${{ needs.init.outputs.GITHUB_LATEST_IMAGE_ID_TAG }}
          cache-to: type=registry,ref=${{ needs.init.outputs.GITHUB_LATEST_IMAGE_ID_TAG }},mode=max
          target: production
          platforms: ${{ matrix.arch }}

  commands:
    needs: [init, build-test]
    strategy:
      fail-fast: false
      matrix:
        arch: ${{ fromJSON(inputs.platforms) }}
        command: ${{ fromJSON(inputs.commands) }}
    runs-on: ${{ (matrix.arch == 'linux/amd64' && inputs.runner) || (matrix.arch == 'linux/arm64' && 'arm64-4core') }}
    name: Running "${{ format(matrix.command, '') }}" (${{ matrix.arch }})
    services:
      mysql:
        image: ${{ ( inputs.mysql_image_tag_version != '' ) && format('mysql:{0}', inputs.mysql_image_tag_version) || '' }}
        env:
          MYSQL_ROOT_PASSWORD: password
        ports:
          - '3306:3306'
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ needs.init.outputs.BRANCH_NAME }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Run
        run: docker run ${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }} bundle exec rake brakeman

Workflow logs

Run docker run ghcr.io/org/repo:cache bundle exec rake brakeman
Unable to find image 'ghcr.io/org/repo:cache' locally
cache: Pulling from org/repo
docker: manifest unknown.
See 'docker run --help'.
Error: Process completed with exit code 125.

BuildKit logs

No response

Additional info

No response

[phyzical]

somewhat related to #490

Except this is about using in following steps.

If i adjust it to do what the last comment suggests and just rebuild the image and reuse the cache, it works.

But any idea why i cant just docker pull? and im forced to rebuild with buildx.

i.e changing the commands step to this will allow for it to run

commands:
    needs: [init, build-test]
    strategy:
      fail-fast: false
      matrix:
        arch: ${{ fromJSON(inputs.platforms) }}
        command: ${{ fromJSON(inputs.commands) }}
    runs-on: ${{ (matrix.arch == 'linux/amd64' && inputs.runner) || (matrix.arch == 'linux/arm64' && 'arm64-4core') }}
    name: Running "${{ format(matrix.command, '') }}" (${{ matrix.arch }})
    services:
      mysql:
        image: ${{ ( inputs.mysql_image_tag_version != '' ) && format('mysql:{0}', inputs.mysql_image_tag_version) || '' }}
        env:
          MYSQL_ROOT_PASSWORD: password
        ports:
          - '3306:3306'
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ needs.init.outputs.BRANCH_NAME }}

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          aws-region: ap-southeast-2
          role-to-assume: ${{ secrets.ROLE }}
          role-session-name: GithubActions-${{ inputs.ecr_repository }}-ci

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1

      - name: Login to GitHub Container Registry
        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0

      - name: Load image
        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
        with:
          context: .
          load: true
          tags: ${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }}
          cache-from: |
            type=registry,ref=${{ needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG }}
          build-args: |
            RUBY_VERSION=${{ needs.init.outputs.RUBY_VERSION }}
            BASE_IMAGE=${{ needs.init.outputs.BASE_IMAGE }}

      - name: Run
        run: ${{ format(matrix.command, needs.init.outputs.GITHUB_CACHE_IMAGE_ID_TAG) }}