Skip to content

Commit 403fbad

Browse files
kohtalakohtala
committed
Remove tag from subject-name
Build still fails. I noticed the subject-name is not supposed to have the tag. actions/attest-build-provenance tells to use index.docker.io, but I believe that is a legacy name the docker CLI changes to docker.io.
1 parent b9cb215 commit 403fbad

1 file changed

Lines changed: 9 additions & 8 deletions

File tree

.github/workflows/main.yml

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ jobs:
8888
- name: Create attestation for the image
8989
uses: actions/attest-build-provenance@v3
9090
with:
91-
subject-name: docker.io/${{ vars.DOCKERHUB_USERNAME }}/python-torch:${{ steps.build-tag.outputs.tag }}
91+
subject-name: docker.io/${{ vars.DOCKERHUB_USERNAME }}/python-torch
9292
subject-digest: ${{ steps.build-push.outputs.digest }}
9393
push-to-registry: true
9494

@@ -116,16 +116,17 @@ jobs:
116116
run: |
117117
# This must match the build job tag generation
118118
tag="$(echo -n "${{ matrix.torch }}${{ matrix.index && format('-{0}', matrix.index) || '' }}-${{ matrix.python }}" | tr -c 'a-zA-Z0-9._-' '[-*]')"
119-
echo "tag=${tag}" >> $GITHUB_OUTPUT
119+
echo "tag=$tag" >> $GITHUB_OUTPUT
120120
repository="docker.io/$DOCKERHUB_USERNAME/python-torch"
121+
echo "repository=$repository" >> $GITHUB_OUTPUT
121122
name="$repository:$tag"
122-
echo "name=${name}" >> $GITHUB_OUTPUT
123+
echo "name=$name" >> $GITHUB_OUTPUT
123124
docker buildx imagetools create \
124125
--tag $name \
125-
${name}-amd64 \
126-
${name}-arm64
126+
$name-amd64 \
127+
$name-arm64
127128
# Unfortunately we don't get the digest directly so we need to query it risking it get changed
128-
DIGEST=$(docker buildx imagetools inspect "${name}" --format '{{ print .Manifest.Digest }}')
129+
DIGEST=$(docker buildx imagetools inspect "$name" --format '{{ print .Manifest.Digest }}')
129130
# Ensure the images bundled behind the digest about to be attested still have valid attestations
130131
for digest in $(docker buildx imagetools inspect "$repository@$DIGEST" --format '{{ range .Manifest.Manifests }}{{ .Digest }} {{ end }}')
131132
do
@@ -134,14 +135,14 @@ jobs:
134135
--signer-workflow $GITHUB_WORKFLOW_REF \
135136
--source-digest $GITHUB_SHA
136137
done
137-
echo "digest=${DIGEST}" >> $GITHUB_OUTPUT
138+
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
138139
env:
139140
DOCKERHUB_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
140141

141142
- name: Create attestation for the manifest
142143
uses: actions/attest-build-provenance@v3
143144
with:
144-
subject-name: ${{ steps.manifest.outputs.name }}
145+
subject-name: ${{ steps.manifest.outputs.repository }}
145146
subject-digest: ${{ steps.manifest.outputs.digest }}
146147
push-to-registry: true
147148

0 commit comments

Comments
 (0)