You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously the workflow (1) built the Docker image, (2) saved as a tar-blob, (3) scanned (using Trivy), (4) reload the tar-blob as an image and pushed the image to ghcr.io. However it turns out that when a tar-blob is reloaded, crucial metadata about the image is lost. One discussion on the topic is here.. The fix is to build the image just before pushing (with no save/load in between). Building the image twice makes the workflow less efficient but it works.
I'm fine with building twice, but there are also docker save and docker load commands if you want to try them.
Thanks for this suggestion. While docker save / docker load will, indeed, solve the immediate problem of losing image metadata, the commands introduce a new problem: Since the GitHub workflow builds multiple tags, and since save and load are tag-specific, we'd have to create a matrix of parallel jobs to save/load each tag. It's far easier simply to build the image twice.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously the workflow (1) built the Docker image, (2) saved as a tar-blob, (3) scanned (using Trivy), (4) reload the tar-blob as an image and pushed the image to
ghcr.io. However it turns out that when a tar-blob is reloaded, crucial metadata about the image is lost. One discussion on the topic is here.. The fix is to build the image just before pushing (with no save/load in between). Building the image twice makes the workflow less efficient but it works.