diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index e97f274..1bd630b 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -153,7 +153,7 @@ env: BUILDKIT_IMAGE: "moby/buildkit:v0.28.0" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" - DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0" + DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.83.0" HANDLEBARS_MODULE: "handlebars@4.7.8" COSIGN_VERSION: "v3.0.2" LOCAL_EXPORT_DIR: "/tmp/buildx-output" @@ -820,22 +820,11 @@ jobs: const inpImageNames = core.getMultilineInput('image-names'); const inpImageDigest = core.getInput('image-digest'); - // ECR registry regexes: https://github.com/docker/login-action/blob/28fdb31ff34708d19615a74d67103ddc2ea9725c/src/aws.ts#L8-L9 - const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/; - const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/; - for (const imageName of inpImageNames) { - if (ecrRegistryRegex.test(imageName) || ecrPublicRegistryRegex.test(imageName)) { - core.info(`Detected ECR image name: ${imageName}, adding delay to mitigate eventual consistency issue`); - // FIXME: remove once https://github.com/docker/github-builder/issues/30 is resolved - await new Promise(resolve => setTimeout(resolve, 5000)); - break; - } - } - const sigstore = new Sigstore(); const signResults = await sigstore.signAttestationManifests({ imageNames: inpImageNames, - imageDigest: inpImageDigest + imageDigest: inpImageDigest, + retryOnManifestUnknown: true }); const verifyResults = await sigstore.verifySignedManifests(signResults, { diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fd9581a..12a1d54 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -156,7 +156,7 @@ env: BUILDKIT_IMAGE: "moby/buildkit:v0.28.0" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" - DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0" + DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.83.0" HANDLEBARS_MODULE: "handlebars@4.7.8" COSIGN_VERSION: "v3.0.2" LOCAL_EXPORT_DIR: "/tmp/buildx-output" @@ -684,22 +684,11 @@ jobs: const inpImageNames = core.getMultilineInput('image-names'); const inpImageDigest = core.getInput('image-digest'); - // ECR registry regexes: https://github.com/docker/login-action/blob/28fdb31ff34708d19615a74d67103ddc2ea9725c/src/aws.ts#L8-L9 - const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/; - const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/; - for (const imageName of inpImageNames) { - if (ecrRegistryRegex.test(imageName) || ecrPublicRegistryRegex.test(imageName)) { - core.info(`Detected ECR image name: ${imageName}, adding delay to mitigate eventual consistency issue`); - // FIXME: remove once https://github.com/docker/github-builder/issues/30 is resolved - await new Promise(resolve => setTimeout(resolve, 5000)); - break; - } - } - const sigstore = new Sigstore(); const signResults = await sigstore.signAttestationManifests({ imageNames: inpImageNames, - imageDigest: inpImageDigest + imageDigest: inpImageDigest, + retryOnManifestUnknown: true }); const verifyResults = await sigstore.verifySignedManifests(signResults, {