Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-2111

Chains: cannot push attestations to quay.io

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Done
    • Pipelines 1.7
    • Pipelines 1.7
    • None
    • None
    • False
    • None
    • False

    Description

      With tekton-chains and using OCI as storage the in-toto attestion upload fails on quay as the type is rejected.

      {"level":"info","ts":"2022-03-21T15:59:11.190Z","logger":"watcher.event-broadcaster","caller":"record/event.go:282","msg":"Event(v1.ObjectReference{Kind:\"TaskRun\", Namespace:\"chainstest\", Name:\"kaniko-chains-run-d4k65\", UID:\"5620006c-ed1c-41d9-907d-3c79517009ca\", APIVersion:\"tekton.dev/v1beta1\", ResourceVersion:\"135180\", FieldPath:\"\"}): type: 'Warning' reason: 'InternalError' 1 error occurred:\n\t* PUT https://quay.io/v2/ppitonak/chainstest/manifests/sha256-8e5418c40d2e6fa319ee5d66f2e240fe72b1ffc5bc418550595ef97652014ab5.att: MANIFEST_INVALID: manifest invalid; map[message:failed to parse manifest: manifest data does not match schema: 'application/vnd.dsse.envelope.v1+json' is not one of ['application/vnd.oci.image.layer.v1.tar', 'application/vnd.oci.image.layer.v1.tar+gzip', 'application/vnd.oci.image.layer.v1.tar+zstd', 'application/vnd.oci.image.layer.nondistributable.v1.tar', 'application/vnd.oci.image.layer.nondistributable.v1.tar+gzip', 'application/vnd.dev.cosign.simplesigning.v1+json', 'application/tar+gzip', 'application/vnd.cncf.helm.chart.content.v1.tar+gzip', 'application/vnd.oci.image.layer.v1.tar+gzip']\n\nFailed validating 'enum' in schema['properties']['layers']['items']['properties']['mediaType']:\n    {'description': 'The MIME type of the referenced manifest',\n     'enum': ['application/vnd.oci.image.layer.v1.tar',\n              'application/vnd.oci.image.layer.v1.tar+gzip',\n              'application/vnd.oci.image.layer.v1.tar+zstd',\n              'application/vnd.oci.image.layer.nondistributable.v1.tar',\n              'application/vnd.oci.image.layer.nondistributable.v1.tar+gzip',\n              'application/vnd.dev.cosign.simplesigning.v1+json',\n              'application/tar+gzip',\n              'application/vnd.cncf.helm.chart.content.v1.tar+gzip',\n              'application/vnd.oci.image.layer.v1.tar+gzip'],\n     'type': 'string'}\n\nOn instance['layers'][0]['mediaType']:\n    'application/vnd.dsse.envelope.v1+json']\n\n","commit":"e94c32e"}
      {"level":"info","ts":"2022-03-21T15:59:11.351Z","logger":"watcher","caller":"taskrun/taskrun.go:57","msg":"taskrun chainstest/kaniko-chains-run-d4k65 has been reconciled","commit":"e94c32e","knative.dev/controller":"github.com.tektoncd.chains.pkg.reconciler.taskrun.Reconciler","knative.dev/kind":"tekton.dev.TaskRun","knative.dev/traceid":"d25b8432-13c6-41fd-a896-93faca5f274d","knative.dev/key":"chainstest/kaniko-chains-run-d4k65"}
      {"level":"info","ts":"2022-03-21T15:59:11.351Z","logger":"watcher","caller":"controller/controller.go:550","msg":"Reconcile succeeded","commit":"e94c32e","knative.dev/controller":"github.com.tektoncd.chains.pkg.reconciler.taskrun.Reconciler","knative.dev/kind":"tekton.dev.TaskRun","knative.dev/traceid":"d25b8432-13c6-41fd-a896-93faca5f274d","knative.dev/key":"chainstest/kaniko-chains-run-d4k65","duration":0.000253831} 

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              ppitonak Pavol Pitoňák
              Pavol Pitoňák Pavol Pitoňák
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: