Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error 405 when pushing image to ECR using oci-artifact=true #5747

Open
4 tasks done
rastut opened this issue Feb 15, 2025 · 0 comments
Open
4 tasks done

Error 405 when pushing image to ECR using oci-artifact=true #5747

rastut opened this issue Feb 15, 2025 · 0 comments
Labels
status/triage

Comments

@rastut
Copy link

rastut commented Feb 15, 2025

Contributing guidelines and issue reporting guide

Well-formed report checklist

  • I have found a bug that the documentation does not mention anything about my problem
  • I have found a bug that there are no open or closed issues that are related to my problem
  • I have provided version/information about my environment and done my best to provide a reproducer

Description of bug

Bug description

When trying to push an image with a provenance attestation to an ECR registry using the oci-artifact=true output, you receive a 405 Method not allowed. The build fails, but the image layer gets pushed without the index manifest and the attestation manifest. Same image pushed to a different registry ( tested on GCP Artifact registry) export works as expected.

> docker buildx build --builder container --platform linux/amd64 --provenance true --output type=image,oci-mediatypes=true,oci-artifact=true --tag 042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test:test  --push .
[+] Building 3.7s (19/19) FINISHED                                                                                                                                                          docker-container:container
 => [internal] load build definition from Dockerfile                                                                                                                                                              0.0s
 => => transferring dockerfile: 838B                                                                                                                                                                              0.0s
 => [internal] load metadata for docker.io/google/cloud-sdk:508.0.0-alpine                                                                                                                                        1.1s
 => [internal] load metadata for docker.io/library/golang:1.23.3-alpine3.20                                                                                                                                       1.1s
 => [auth] google/cloud-sdk:pull token for registry-1.docker.io                                                                                                                                                   0.0s
 => [auth] library/golang:pull token for registry-1.docker.io                                                                                                                                                     0.0s
 => [internal] load .dockerignore                                                                                                                                                                                 0.0s
 => => transferring context: 2B                                                                                                                                                                                   0.0s
 => [builder 1/4] FROM docker.io/library/golang:1.23.3-alpine3.20@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574                                                                         0.0s
 => => resolve docker.io/library/golang:1.23.3-alpine3.20@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574                                                                                 0.0s
 => [stage-1 1/6] FROM docker.io/google/cloud-sdk:508.0.0-alpine@sha256:605c78b1a76b22b8ec1e351342451b4bb8f86f0098204ed37a6f91070ba5f8a6                                                                          0.0s
 => => resolve docker.io/google/cloud-sdk:508.0.0-alpine@sha256:605c78b1a76b22b8ec1e351342451b4bb8f86f0098204ed37a6f91070ba5f8a6                                                                                  0.0s
 => [internal] load build context                                                                                                                                                                                 0.0s
 => => transferring context: 38B                                                                                                                                                                                  0.0s
 => CACHED [stage-1 2/6] RUN apk --no-cache add ca-certificates fuse3 tzdata aws-cli jq &&   echo "user_allow_other" >> /etc/fuse.conf                                                                            0.0s
 => CACHED [builder 2/4] RUN apk add --no-cache make bash gawk git     && git clone https://github.com/rclone/rclone.git     && mkdir -p /go/src/github.com/rclone     && mv rclone /go/src/github.com/rclone     0.0s
 => CACHED [builder 3/4] WORKDIR /go/src/github.com/rclone/rclone/                                                                                                                                                0.0s
 => CACHED [builder 4/4] RUN   CGO_ENABLED=0   make   && ./rclone version                                                                                                                                         0.0s
 => CACHED [stage-1 3/6] COPY --from=builder /go/src/github.com/rclone/rclone/rclone /usr/local/bin/                                                                                                              0.0s
 => CACHED [stage-1 4/6] COPY rclone-s3-gcp.sh /rclone-s3-gcp.sh                                                                                                                                                  0.0s
 => CACHED [stage-1 5/6] RUN addgroup -g 1009 rclone && adduser -u 1009 -Ds /bin/sh -G rclone rclone                                                                                                              0.0s
 => CACHED [stage-1 6/6] WORKDIR /data                                                                                                                                                                            0.0s
 => ERROR exporting to image                                                                                                                                                                                      2.6s
 => => exporting layers                                                                                                                                                                                           0.0s
 => => exporting manifest sha256:258e59d5dee0d7d2006415f62af8dd40990e4846ba35e969a2a41041eed62bc0                                                                                                                 0.0s
 => => exporting config sha256:82258633fb972b89e8fadfa0a53d030534a3d6775781101908d7ec57e45ff9bf                                                                                                                   0.0s
 => => exporting attestation manifest sha256:ba491dbe892185c3849b2792fe33966fba45654c9d5d549713627d9cd91b192d                                                                                                     0.0s
 => => exporting manifest list sha256:ee4a7d316cf9e3f7c943a910287bc5545ad7115aba5088482f14243f8e64278c                                                                                                            0.0s
 => => pushing layers                                                                                                                                                                                             1.6s
 => => pushing manifest for 042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test:test@sha256:ee4a7d316cf9e3f7c943a910287bc5545ad7115aba5088482f14243f8e64278c                                                 0.9s
 => [auth] sharing credentials for 042252809363.dkr.ecr.us-east-2.amazonaws.com                                                                                                                                   0.0s
------
 > exporting to image:
------
ERROR: failed to solve: failed to push 042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test:test: failed commit on ref "manifest-sha256:ba491dbe892185c3849b2792fe33966fba45654c9d5d549713627d9cd91b192d": unexpected status from PUT request to https://042252809363.dkr.ecr.us-east-2.amazonaws.com/v2/rclone-test/manifests/sha256:ba491dbe892185c3849b2792fe33966fba45654c9d5d549713627d9cd91b192d: 405 Method Not Allowed

View build details: docker-desktop://dashboard/build/container/container0/g62z2vqed0pv2dx3gsp2y3gd8
> skopeo inspect --creds "${docker_creds_skopeo}"  --raw docker://042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test@sha256:55567dc652f820dc4e953dbad27a03fcc2aca858f10c5a27068689698276fa2a | jq .           ─╯

FATA[0001] Error parsing image name "docker://042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test@sha256:55567dc652f820dc4e953dbad27a03fcc2aca858f10c5a27068689698276fa2a": reading manifest sha256:55567dc652f820dc4e953dbad27a03fcc2aca858f10c5a27068689698276fa2a in 042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test: manifest unknown: Requested image not found
> skopeo inspect --creds "${docker_creds_skopeo}"  --raw docker://042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test@sha256:258e59d5dee0d7d2006415f62af8dd40990e4846ba35e969a2a41041eed62bc0 | jq .           ─╯

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.oci.image.config.v1+json",
    "digest": "sha256:82258633fb972b89e8fadfa0a53d030534a3d6775781101908d7ec57e45ff9bf",
    "size": 4994
  },
  "layers": [
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:66a3d608f3fa52124f8463e9467f170c784abd549e8216aa45c6960b00b4b79b",
      "size": 3626260
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:b7aaa4b3ededd2dbdf558218ca53a68ba349d2c2d38b8821630e9980a3a50cf3",
      "size": 18848908
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:a54324f03dc4ff2e0c69aae753bd0cefd36e3160320e8c8437c8cb0767b20471",
      "size": 20234610
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:e6b3b83a36465e470aec3116617ab4ad3edc470b9fe44216d44b3c0b3d185eef",
      "size": 986
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:0222e0ad2a22435b98e7eb8e9c08aa1b99183ed9440aab9c83a92cbed02ad59e",
      "size": 134
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:8a2f8bb85bf7ae338ddfc362a2b4eea747ed45a2ec5c5c47eabbdef69d359117",
      "size": 168500145
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:0e9b382e1ec06d3d9952a501871cfb5da763485fe52a5a4741f71fb600259491",
      "size": 197
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:a09f28fd3f4c45037cc5310042c4d69bb3a79cd5e027b45a3484fda70374d593",
      "size": 21131177
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:ed37b48f6ecb8d2d793a97baefbdcc73ac81c1872d737b5a39f47f41203e20e2",
      "size": 22723738
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:2ba16dfbac1cdd63203da52c342233871ff18ded4830f829dbafc0c9a2e42454",
      "size": 574
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:2ee909b5d1b935ddab5d6f0d7afba72f9b123d035f6f4a72ee0118656b28d447",
      "size": 987
    },
    {
      "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
      "digest": "sha256:2dbe287b68dc1b199e563f4ec732800f41f5556c20698d71af826d8b5b3d57d1",
      "size": 93
    }
  ]
}

Reproduction

docker buildx build --builder container --platform linux/amd64 --provenance true --output type=image,oci-mediatypes=true,oci-artifact=true --tag 042252809363.dkr.ecr.us-east-2.amazonaws.com/rclone-test:test  --push .

Version information

❯ docker buildx version && docker buildx inspect                                                                                                                                                                    
github.com/docker/buildx v0.20.1-desktop.2 aaf7c2bc7f9ec3afee1cec77d671845a4b57a0c8
Name:          buildkit-latest
Driver:        docker-container
Last Activity: 2025-02-15 11:46:17 +0000 UTC

Nodes:
Name:                  buildkit-latest0
Endpoint:              desktop-linux
Status:                running
BuildKit daemon flags: --allow-insecure-entitlement=network.host
BuildKit version:      v0.19.0
Platforms:             linux/arm64, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7, linux/arm/v6
Labels:
 org.mobyproject.buildkit.worker.executor:         oci
 org.mobyproject.buildkit.worker.hostname:         bb3c4fb2b471
 org.mobyproject.buildkit.worker.network:          host
 org.mobyproject.buildkit.worker.oci.process-mode: sandbox
 org.mobyproject.buildkit.worker.selinux.enabled:  false
 org.mobyproject.buildkit.worker.snapshotter:      overlayfs
GC Policy rule#0:
 All:            false
 Filters:        type==source.local,type==exec.cachemount,type==source.git.checkout
 Keep Duration:  48h0m0s
 Max Used Space: 488.3MiB
GC Policy rule#1:
 All:            false
 Keep Duration:  1440h0m0s
 Reserved Space: 9.313GiB
 Max Used Space: 87.54GiB
 Min Free Space: 22.35GiB
GC Policy rule#2:
 All:            false
 Reserved Space: 9.313GiB
 Max Used Space: 87.54GiB
 Min Free Space: 22.35GiB
GC Policy rule#3:
 All:            true
 Reserved Space: 9.313GiB
 Max Used Space: 87.54GiB
 Min Free Space: 22.35GiB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rastut