You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After successfully generating an SBOM and then attesting it, this action fails to upload the artifact with a generic error: Error uploading artifact to container registry
Here's the action log (IDs redacted):
Run actions/attest-sbom@v[1](https://github.com/x/x/actions/runs/X/job/X#step:19:1)
with:
subject-name: ghcr.io/x/x
subject-digest: sha[2](https://github.com/x/x/actions/runs/x/job/x#step:19:2)56:x[3](https://github.com/x/x/actions/runs/x/job/x#step:19:3)x
sbom-path: x.spdx.json
push-to-registry: true
github-token: ***
env:
ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT: x_latest.spdx.json
Run actions/attest-sbom/predicate@53[4](https://github.com/x/x/actions/runs/x/job/x#step:19:4)x
with:
sbom-path: x.spdx.json
env:
ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT: x_latest.spdx.json
Run actions/attest@49[5](https://github.com/x/x/actions/runs/x/job/x#step:19:5)x[6](https://github.com/x/x/actions/runs/x/job/x#step:19:6)7d
with:
subject-digest: sha256:x[7](https://github.com/x/x/actions/runs/x/job/x#step:19:7)x[8](https://github.com/x/x/actions/runs/x/job/x#step:19:8)x[9](https://github.com/x/x/actions/runs/x/job/x#step:19:9)x
subject-name: ghcr.io/x/x
predicate-type: https://spdx.dev/Document/v2.3
predicate-path: /home/runner/work/_temp/lrJC03/predicate.json
push-to-registry: true
github-token: ***
env:
ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT: x_latest.spdx.json
Attestation created for ghcr.io/x/x@sha256:b[10](https://github.com/x/x/actions/runs/x/job/x#step:19:11)x
Attestation signed using certificate from GitHub Sigstore instance
Attestation uploaded to repository
https://github.com/x/x/attestations/793731
Error: Error uploading artifact to container registry
I can view the attestation from the web UI and the image has been published to the registry. The attestation is not linked, but I can download it from the workflow summary.
The text was updated successfully, but these errors were encountered:
Enabling step debug logging may give us some additional information about what is failing here.
My guess is that the attest action is not able to locate the image with the specified name/digest and is failing when trying to make the association in the registry.
@davidmytton any luck with this? We've released a new version of the action with some improvements which may solve the issue you were having pushing the attestation to the GHCR registry. Going to close this issue, but feel free to re-open if you continue to experience problems.
After successfully generating an SBOM and then attesting it, this action fails to upload the artifact with a generic error:
Error uploading artifact to container registry
Here's the action log (IDs redacted):
I can view the attestation from the web UI and the image has been published to the registry. The attestation is not linked, but I can download it from the workflow summary.
The text was updated successfully, but these errors were encountered: