From 56b90ffff92cde9f3be3050090cc1adff2849d34 Mon Sep 17 00:00:00 2001 From: Jesper Terkelsen Date: Thu, 19 Feb 2026 10:08:42 +0100 Subject: [PATCH] fix(build): disable BuildKit attestations to fix multi-arch manifest creation BuildKit v0.26.3+ generates attestation manifests by default, which turns single-platform image pushes into manifest lists. This causes `docker manifest create` to fail with "is a manifest list" error since you can't nest manifest lists. Setting `provenance: false` alone is insufficient with newer BuildKit. Adding `BUILDX_NO_DEFAULT_ATTESTATIONS=1` and `sbom: false` ensures each per-arch image is pushed as a plain single-platform image. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/component-build.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/component-build.yml b/.github/workflows/component-build.yml index 2e5bc00..2e96b5e 100644 --- a/.github/workflows/component-build.yml +++ b/.github/workflows/component-build.yml @@ -160,13 +160,19 @@ jobs: - name: Build and push id: build uses: docker/build-push-action@v6 + env: + BUILDX_NO_DEFAULT_ATTESTATIONS: 1 with: context: . file: ./${{ inputs.docker-file-name }} push: true - # Disable provenance to keep single-platform images simple (not manifest lists). + # Disable provenance and SBOM to keep single-platform images simple (not manifest lists). # Required for manual multi-arch manifest creation in create-manifest job. + # Note: provenance: false alone is insufficient with newer BuildKit versions; + # BUILDX_NO_DEFAULT_ATTESTATIONS=1 is also needed to prevent attestation + # manifests from being generated, which turn images into manifest lists. provenance: false + sbom: false no-cache: true build-args: | ${{ inputs.additional-build-args }}