celeste-zeng opened a new issue, #28102: URL: https://github.com/apache/beam/issues/28102
### What would you like to happen? The public docker hub has the multi-arch Beam container images with "unknown" tags  from the extra 2 unknown layers of the container image which shows an sbom/provenance attestation attached to the arm or x86 image:  [reference](https://docs.docker.com/build/attestations/attestation-storage/#examples) Solution: - pass in the BUILDX_NO_DEFAULT_ATTESTATIONS=1 environment variable during build. [ Reference](https://www.google.com/url?q=https://docs.docker.com/build/building/env-vars/%23buildx_no_default_attestations&sa=D&source=buganizer&usg=AOvVaw0N2lqqH_myzgi7yTA-806i) - while calling docker buildx build, pass in --sbom=false and --provenance=false [Reference](https://docs.docker.com/engine/reference/commandline/buildx_build/#options) However, as we are using gradle plugins for [docker buildx build](https://github.com/apache/beam/blob/7a421c4356a4326461f78231630575666598a8ff/sdks/go/container/build.gradle#L33) and those flags are not in the [Docker Configuration Parameters](https://github.com/palantir/gradle-docker#docker-plugin) provided, so it is hard to find where to add those flags for them to take effects during build. Moreover, I tried to add `EVN BUILDX_NO_DEFAULT_ATTESTATIONS=1` to sdks/go/container/Dockerfile and didn't work. We are using github actions to [setup docker buildx](https://github.com/apache/beam/blob/7a421c4356a4326461f78231630575666598a8ff/.github/workflows/beam_PostCommit_Go_Dataflow_ARM.yml#L84). Hence, I also tried the following approaches to change buildx default settings: - pass `sbom: false` and `provenance: false` through `with:` - pass `BUILDX_NO_DEFAULT_ATTESTATIONS: 1` through `evn:` But didn't work either. Experimental PR: https://github.com/apache/beam/pull/28098 ### Issue Priority Priority: 2 (default / most feature requests should be filed as P2) ### Issue Components - [X] Component: Python SDK - [X] Component: Java SDK - [X] Component: Go SDK - [X] Component: Typescript SDK - [ ] Component: IO connector - [ ] Component: Beam examples - [ ] Component: Beam playground - [ ] Component: Beam katas - [ ] Component: Website - [ ] Component: Spark Runner - [ ] Component: Flink Runner - [ ] Component: Samza Runner - [ ] Component: Twister2 Runner - [ ] Component: Hazelcast Jet Runner - [ ] Component: Google Cloud Dataflow Runner -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
