Skip to content

Container Registry: Support SLSA Provenance

Patrick Beisler requested to merge digest into main

Issue

Docker Desktop as of v4.16 and docker buildx as of v0.10.0 default to using SLSA Provenance for multi architecture builds. Pushing an image built with buildx to Gitlab results in a tag with empty manifest data.

Similar Gitlab issue with Google Cloud Run. Although in this case Cloud Run does not support multi-arch builds. https://github.com/docker/buildx/issues/1533

Related: https://gitlab.com/gitlab-org/gitlab/-/issues/369852

Workaround

Passing --provenance=false to buildx seems to revert to the old functionality.

e.g. docker buildx build --provenance=false --platform linux/amd64,linux/arm64 --push -t my_tag .

Link

https://gitlab.com/gitlab-org/gitlab/-/issues/388865

Edited by Patrick Beisler

Merge request reports