GitHub Actions Container Retention Policy is Wrongly Configured

Question

GitHub Actions Container Retention Policy is Wrongly Configured

xfoxfu opened this issue a year ago · 4 comments

Currently the workflow is configured to preserve 5 untagged or COMMIT_SHA1 container images. However, this is not suitable as GZCTF is currently publishing multi-arch + provenance-enabled containers. These containers will have tags applied on a virtual image, which contains metadata of actual images. The actual images is not tagged. Therefore, the images of previous versions is removed.

$ docker pull ghcr.io/gztimewalker/gzctf/gzctf:v0.14.4
v0.14.4: Pulling from gztimewalker/gzctf/gzctf
manifest unknown

Workaround: disable image retention.

Reference:

Answer 1 · 2023-07-18T11:27:23.000Z

Will disabling provenance solve the issue?

 - uses: docker/build-push-action@v4
   with:
     provenance: false
     ...

Answer 2 · 2023-07-18T11:28:17.000Z

No, because images are multi-arch.

Answer 3 · 2023-07-18T11:32:36.000Z

No, because images are multi-arch.

May create a PR for this issue? I may not particularly understand how to solve this.

Answer 4 · 2023-07-18T11:41:42.000Z

As this is not supported, the only way is to disable retention currently.