GitHub Actions Container Retention Policy is Wrongly Configured
xfoxfu opened this issue · 4 comments
xfoxfu commented
Currently the workflow is configured to preserve 5 untagged or COMMIT_SHA1
container images. However, this is not suitable as GZCTF is currently publishing multi-arch + provenance-enabled containers. These containers will have tags applied on a virtual image, which contains metadata of actual images. The actual images is not tagged. Therefore, the images of previous versions is removed.
$ docker pull ghcr.io/gztimewalker/gzctf/gzctf:v0.14.4
v0.14.4: Pulling from gztimewalker/gzctf/gzctf
manifest unknown
Workaround: disable image retention.
Reference:
GZTimeWalker commented
Will disabling provenance solve the issue?
- uses: docker/build-push-action@v4
with:
provenance: false
...
xfoxfu commented
No, because images are multi-arch.
GZTimeWalker commented
No, because images are multi-arch.
May create a PR for this issue? I may not particularly understand how to solve this.
xfoxfu commented
As this is not supported, the only way is to disable retention currently.