From 1344c73045c35ef3f945b3771408fbb627a597ea Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 13 Mar 2026 13:56:52 +0100 Subject: [PATCH] update actions-toolkit to 0.83.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/bake.yml | 17 +++-------------- .github/workflows/build.yml | 17 +++-------------- 2 files changed, 6 insertions(+), 28 deletions(-) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index e97f2744..1bd630b1 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -153,7 +153,7 @@ env: BUILDKIT_IMAGE: "moby/buildkit:v0.28.0" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" - DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0" + DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.83.0" HANDLEBARS_MODULE: "handlebars@4.7.8" COSIGN_VERSION: "v3.0.2" LOCAL_EXPORT_DIR: "/tmp/buildx-output" @@ -820,22 +820,11 @@ jobs: const inpImageNames = core.getMultilineInput('image-names'); const inpImageDigest = core.getInput('image-digest'); - // ECR registry regexes: https://github.com/docker/login-action/blob/28fdb31ff34708d19615a74d67103ddc2ea9725c/src/aws.ts#L8-L9 - const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/; - const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/; - for (const imageName of inpImageNames) { - if (ecrRegistryRegex.test(imageName) || ecrPublicRegistryRegex.test(imageName)) { - core.info(`Detected ECR image name: ${imageName}, adding delay to mitigate eventual consistency issue`); - // FIXME: remove once https://github.com/docker/github-builder/issues/30 is resolved - await new Promise(resolve => setTimeout(resolve, 5000)); - break; - } - } - const sigstore = new Sigstore(); const signResults = await sigstore.signAttestationManifests({ imageNames: inpImageNames, - imageDigest: inpImageDigest + imageDigest: inpImageDigest, + retryOnManifestUnknown: true }); const verifyResults = await sigstore.verifySignedManifests(signResults, { diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fd9581a3..12a1d544 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -156,7 +156,7 @@ env: BUILDKIT_IMAGE: "moby/buildkit:v0.28.0" SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0" BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65" - DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0" + DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.83.0" HANDLEBARS_MODULE: "handlebars@4.7.8" COSIGN_VERSION: "v3.0.2" LOCAL_EXPORT_DIR: "/tmp/buildx-output" @@ -684,22 +684,11 @@ jobs: const inpImageNames = core.getMultilineInput('image-names'); const inpImageDigest = core.getInput('image-digest'); - // ECR registry regexes: https://github.com/docker/login-action/blob/28fdb31ff34708d19615a74d67103ddc2ea9725c/src/aws.ts#L8-L9 - const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/; - const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/; - for (const imageName of inpImageNames) { - if (ecrRegistryRegex.test(imageName) || ecrPublicRegistryRegex.test(imageName)) { - core.info(`Detected ECR image name: ${imageName}, adding delay to mitigate eventual consistency issue`); - // FIXME: remove once https://github.com/docker/github-builder/issues/30 is resolved - await new Promise(resolve => setTimeout(resolve, 5000)); - break; - } - } - const sigstore = new Sigstore(); const signResults = await sigstore.signAttestationManifests({ imageNames: inpImageNames, - imageDigest: inpImageDigest + imageDigest: inpImageDigest, + retryOnManifestUnknown: true }); const verifyResults = await sigstore.verifySignedManifests(signResults, {