This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

binary attestation image digest in cloud build

Posted on 05-12-2023 11:02 PM
akbindhani
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

- id: 'docker-build'
name: 'gcr.io/cloud-builders/docker'
args:
[
'build',
'-f',
'$_STYLI_DOCKERFILE',
'-t',
'gcr.io/$PROJECT_ID/prod:$REVISION_ID',
"--build-arg", "BUILD=$BUILD_ID", "--build-arg", "PROJECT=$PROJECT_ID", "--build-arg", "REV=$REVISION_ID", "--build-arg", "BRANCH=$BRANCH_NAME", "--build-arg", "TAG_NAME=$TAG_NAME", "--build-arg", "COMMIT_SHA=$COMMIT_SHA", "--build-arg", "REPO_NAME=$REPO_NAME", '.'
]

- id: 'attest'
name: 'gcr.io/cloud-builders/gcloud'
entrypoint: 'bash'
args:
- '-c'
- |
gcloud beta container binauthz attestations sign-and-create \
--project="$PROJECT_ID" \
--artifact-url="gcr.io/$PROJECT_ID/prod-nodejs:latest" \
--attestor="$_ATTESTOR_NAME" \
--attestor-project="$PROJECT_ID" \
--keyversion-project="$PROJECT_ID" \
--keyversion-location="$_KMS_KEY_LOCATION" \
--keyversion-keyring="$_KMS_KEYRING_NAME" \
--keyversion-key="$_KMS_KEY_NAME" \
--keyversion="$_KMS_KEY_VERSION"

getting error while build logs,cloud you rectify

1.Already have image (with digest): gcr.io/cloud-builders/gcloud
2. ERROR: (gcloud.beta.container.binauthz.attestations.sign-and-create) Docker image name must be     fully qualified (e.g.registry/repository@digest) saw: gcr.io/projectid/prod-nodejs:latest

 

Solved Solved
0 4 746
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
VishalBulbule
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Issue is because of --artifact-url="gcr.io/$PROJECT_ID/prod-nodejs:latest" 
As binary authorizaton attestaion use fully qualified digest not only tag.
you are giving gcr.io/$PROJECT_ID/prod-nodejs:latest" 
Expected is 
gcr.io/project/nodejs@sha256:434f94bea1f00cadc5525f1755d5a4ab777021746baf878d090a34cbbbcad8ba
Let me mail you correct yaml.

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
VishalBulbule
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

Issue is because of --artifact-url="gcr.io/$PROJECT_ID/prod-nodejs:latest" 
As binary authorizaton attestaion use fully qualified digest not only tag.
you are giving gcr.io/$PROJECT_ID/prod-nodejs:latest" 
Expected is 
gcr.io/project/nodejs@sha256:434f94bea1f00cadc5525f1755d5a4ab777021746baf878d090a34cbbbcad8ba
Let me mail you correct yaml.

Jump to Solution

Posted on --/--/---- --:-- AM
SandipanDey
Bronze 1
Bronze 1
In response to VishalBulbule
Reply posted on --/--/---- --:-- AM

Hi Vishal,

I am also facing the same issue, not able to get the specific digest value of the image through cloud build. Could you please help me in this regard?

Thanks,
Sandipan.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
NavinKumar
Bronze 1
Bronze 1
In response to VishalBulbule
Reply posted on --/--/---- --:-- AM

Hi Vishal,
I am also facing the same issue, not able to get the specific digest value of the image through cloud build. Could you please help me in this regard?
Thanks,
Navin

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
akbindhani
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

thanks for solution

Jump to Solution
0 Likes
Top Solution Authors
View all