File: content/manuals/scout/policy/ci.md
Issue
The document contains a note warning that loading images with attestations to the image store isn't supported:
Due to a limitation in the Docker Engine, loading multi-platform images or
images with attestations to the image store isn't supported.
For the policy evaluation to work, you must load the image to the local image
store of the runner. Ensure that you're building a single-platform image
without attestations, and that you're loading the build results.
However, the example workflow immediately following this note includes attestation parameters:
- name: Build image
id: build-and-push
uses: docker/build-push-action@{{% param "build_push_action_version" %}}
with:
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
sbom: ${{ github.event_name != 'pull_request' }}
provenance: ${{ github.event_name != 'pull_request' }}
push: ${{ github.event_name != 'pull_request' }}
load: ${{ github.event_name == 'pull_request' }}This configuration loads the image for pull requests (load: ${{ github.event_name == 'pull_request' }}), but the attestations are only disabled for pull requests. This means the example doesn't follow the guidance in the note.
Why this matters
A reader following this example will encounter the exact limitation the note warns about. The workflow will fail when trying to load an image with attestations during a pull request build, causing confusion and wasted debugging time.
Suggested fix
Update the example to be consistent with the limitation note. The attestation parameters should be set to false when load is true:
sbom: false
provenance: false
push: ${{ github.event_name != 'pull_request' }}
load: ${{ github.event_name == 'pull_request' }}Or, if attestations are needed for the policy evaluation to work properly, revise the note to clarify the actual limitation and how the example handles it.
Found by nightly documentation quality scanner
File:
content/manuals/scout/policy/ci.mdIssue
The document contains a note warning that loading images with attestations to the image store isn't supported:
However, the example workflow immediately following this note includes attestation parameters:
This configuration loads the image for pull requests (
load: ${{ github.event_name == 'pull_request' }}), but the attestations are only disabled for pull requests. This means the example doesn't follow the guidance in the note.Why this matters
A reader following this example will encounter the exact limitation the note warns about. The workflow will fail when trying to load an image with attestations during a pull request build, causing confusion and wasted debugging time.
Suggested fix
Update the example to be consistent with the limitation note. The attestation parameters should be set to
falsewhenloadistrue:Or, if attestations are needed for the policy evaluation to work properly, revise the note to clarify the actual limitation and how the example handles it.
Found by nightly documentation quality scanner