Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: disable default provenance attestation #1152

Merged
merged 1 commit into from
Jul 8, 2024
Merged

build: disable default provenance attestation #1152

merged 1 commit into from
Jul 8, 2024

Conversation

MikeMcC399
Copy link
Collaborator

@MikeMcC399 MikeMcC399 commented Jul 7, 2024
edited
Loading

Supports resolution of

Issue

  • Docker Buildx v0.10.0 introduced a breaking change causing multi-architecture manifests to use oci instead of docker imageType formats. The release notes warn about issues with registry and runtime support. This already caused a issue in this repo (see docker-image-not-found not compatible with oci mediatype #1141). It is unknown whether allowing the manifest imageType to change for Cypress Docker images would cause usage issues in users' environments and it would have to be considered as a breaking change for Cypress Docker.

  • This repo is currently using Buildx v0.9.1 so this issue needs to be considered and prepared before any update to Buildx v0.10.x takes place:

    Image tag Node.js Docker Engine buildx Status
    ubuntu-2204:2022.10.2 16.17.1 20.10.18 v0.9.1 Current

Change

In order to keep the current manifest schema as follows:

"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",

instead of moving to

"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",

an environment variable setting BUILDX_NO_DEFAULT_ATTESTATIONS=1, introduced in Buildx 0.10.4, is added to the push job of the circle.yml workflow.

@MikeMcC399 MikeMcC399 self-assigned this Jul 7, 2024
@cypress-app-bot
Copy link

@MikeMcC399 MikeMcC399 marked this pull request as ready for review July 7, 2024 18:12
@MikeMcC399 MikeMcC399 marked this pull request as draft July 8, 2024 04:53
@MikeMcC399 MikeMcC399 marked this pull request as ready for review July 8, 2024 07:36
@MikeMcC399
Copy link
Collaborator Author

Merging this PR should have no impact on the current build workflow. It prepares for the update to Docker Buildx v0.10.0 and later, and it protects against changes to any published manifest's imageType.

@MikeMcC399 MikeMcC399 mentioned this pull request Jul 8, 2024
Merged
@jennifer-shehane jennifer-shehane merged commit a14f4c7 into cypress-io:master Jul 8, 2024
31 checks passed
@MikeMcC399 MikeMcC399 deleted the disable-default-provenance branch July 8, 2024 15:24
@MikeMcC399 MikeMcC399 mentioned this pull request Jul 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

@jennifer-shehane jennifer-shehane Awaiting requested review from jennifer-shehane

Assignees

@MikeMcC399 MikeMcC399

Labels
topic: build process type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MikeMcC399 @cypress-app-bot @AtofStryker @jennifer-shehane