- id: 'docker-build'
name: 'gcr.io/cloud-builders/docker'
args:
[
'build',
'-f',
'$_STYLI_DOCKERFILE',
'-t',
'gcr.io/$PROJECT_ID/prod:$REVISION_ID',
"--build-arg", "BUILD=$BUILD_ID", "--build-arg", "PROJECT=$PROJECT_ID", "--build-arg", "REV=$REVISION_ID", "--build-arg", "BRANCH=$BRANCH_NAME", "--build-arg", "TAG_NAME=$TAG_NAME", "--build-arg", "COMMIT_SHA=$COMMIT_SHA", "--build-arg", "REPO_NAME=$REPO_NAME", '.'
]
- id: 'attest'
name: 'gcr.io/cloud-builders/gcloud'
entrypoint: 'bash'
args:
- '-c'
- |
gcloud beta container binauthz attestations sign-and-create \
--project="$PROJECT_ID" \
--artifact-url="gcr.io/$PROJECT_ID/prod-nodejs:latest" \
--attestor="$_ATTESTOR_NAME" \
--attestor-project="$PROJECT_ID" \
--keyversion-project="$PROJECT_ID" \
--keyversion-location="$_KMS_KEY_LOCATION" \
--keyversion-keyring="$_KMS_KEYRING_NAME" \
--keyversion-key="$_KMS_KEY_NAME" \
--keyversion="$_KMS_KEY_VERSION"
getting error while build logs,cloud you rectify
Solved! Go to Solution.
Issue is because of --artifact-url="gcr.io/$PROJECT_ID/prod-nodejs:latest"
As binary authorizaton attestaion use fully qualified digest not only tag.
you are giving gcr.io/$PROJECT_ID/prod-nodejs:latest"
Expected is
gcr.io/project/nodejs@sha256:434f94bea1f00cadc5525f1755d5a4ab777021746baf878d090a34cbbbcad8ba
Let me mail you correct yaml.
Issue is because of --artifact-url="gcr.io/$PROJECT_ID/prod-nodejs:latest"
As binary authorizaton attestaion use fully qualified digest not only tag.
you are giving gcr.io/$PROJECT_ID/prod-nodejs:latest"
Expected is
gcr.io/project/nodejs@sha256:434f94bea1f00cadc5525f1755d5a4ab777021746baf878d090a34cbbbcad8ba
Let me mail you correct yaml.
Hi Vishal,
I am also facing the same issue, not able to get the specific digest value of the image through cloud build. Could you please help me in this regard?
Thanks,
Sandipan.
Hi Vishal,
I am also facing the same issue, not able to get the specific digest value of the image through cloud build. Could you please help me in this regard?
Thanks,
Navin
thanks for solution