Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error uploading artifact to container registry #55

Closed
davidmytton opened this issue May 5, 2024 · 4 comments
Closed

Error uploading artifact to container registry #55

davidmytton opened this issue May 5, 2024 · 4 comments

Comments

@davidmytton
Copy link

After successfully generating an SBOM and then attesting it, this action fails to upload the artifact with a generic error: Error uploading artifact to container registry

Here's the action log (IDs redacted):

Run actions/attest-sbom@v[1](https://github.com/x/x/actions/runs/X/job/X#step:19:1)
  with:
    subject-name: ghcr.io/x/x
    subject-digest: sha[2](https://github.com/x/x/actions/runs/x/job/x#step:19:2)56:x[3](https://github.com/x/x/actions/runs/x/job/x#step:19:3)x
    sbom-path: x.spdx.json
    push-to-registry: true
    github-token: ***
  env:
    ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT: x_latest.spdx.json
Run actions/attest-sbom/predicate@53[4](https://github.com/x/x/actions/runs/x/job/x#step:19:4)x
  with:
    sbom-path: x.spdx.json
  env:
    ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT: x_latest.spdx.json
Run actions/attest@49[5](https://github.com/x/x/actions/runs/x/job/x#step:19:5)x[6](https://github.com/x/x/actions/runs/x/job/x#step:19:6)7d
  with:
    subject-digest: sha256:x[7](https://github.com/x/x/actions/runs/x/job/x#step:19:7)x[8](https://github.com/x/x/actions/runs/x/job/x#step:19:8)x[9](https://github.com/x/x/actions/runs/x/job/x#step:19:9)x
    subject-name: ghcr.io/x/x
    predicate-type: https://spdx.dev/Document/v2.3
    predicate-path: /home/runner/work/_temp/lrJC03/predicate.json
    push-to-registry: true
    github-token: ***
  env:
    ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT: x_latest.spdx.json
  
Attestation created for ghcr.io/x/x@sha256:b[10](https://github.com/x/x/actions/runs/x/job/x#step:19:11)x
Attestation signed using certificate from GitHub Sigstore instance
Attestation uploaded to repository
https://github.com/x/x/attestations/793731
Error: Error uploading artifact to container registry

I can view the attestation from the web UI and the image has been published to the registry. The attestation is not linked, but I can download it from the workflow summary.
@bdehamer
Copy link
Collaborator

bdehamer commented May 6, 2024

Do you have the packages: write permission set for your workflow? This is necessary to push the attestation to the registry.

@davidmytton
Copy link
Author

Yeah I have packages: write

@bdehamer
Copy link
Collaborator

bdehamer commented May 7, 2024

Enabling step debug logging may give us some additional information about what is failing here.

My guess is that the attest action is not able to locate the image with the specified name/digest and is failing when trying to make the association in the registry.

@bdehamer
Copy link
Collaborator

@davidmytton any luck with this? We've released a new version of the action with some improvements which may solve the issue you were having pushing the attestation to the GHCR registry. Going to close this issue, but feel free to re-open if you continue to experience problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidmytton @bdehamer