vikingowl/marktvogt.de
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): use docker-container driver so buildx emits attestations

Browse Source 
The default buildx driver inside docker:29-dind is 'docker' (host daemon),
which cannot produce attestations. Even with default provenance enabled,
the docker driver silently drops attestation-related flags and emits a
bare single-image manifest. registry.itsh.dev (Zot with strict attestation
policy) rejects these with 'manifest invalid'.

Creating a 'docker-container' driver builder before each build gives
buildkit full export capabilities, matching both the Woodpecker plugin's
behavior and what works from local development machines.
This commit is contained in:
vikingowl
2026-04-18 03:48:37 +02:00
parent 83b369e339
commit faa63de3c7
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab-ci.yml
View File

@@ -16,6 +16,7 @@ backend:docker:
DOCKER_TLS_CERTDIR: "/certs"
before_script:
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
- docker buildx create --name ci-builder --driver docker-container --use
script:
- docker buildx build --output "type=image,push=true,rewrite-timestamp=true" -f backend/deploy/Dockerfile -t "$BACKEND_IMAGE:${CI_COMMIT_SHORT_SHA}" backend/
rules:
@@ -57,6 +58,7 @@ web:docker:
DOCKER_TLS_CERTDIR: "/certs"
before_script:
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD" $REGISTRY
- docker buildx create --name ci-builder --driver docker-container --use
script:
- |
docker buildx build --output "type=image,push=true,rewrite-timestamp=true" \