-
Type: Bug
-
Status: Resolved
-
Priority: Blocker
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Continuous Integration
-
Tags:
-
Team:PLATFORM
-
Sprint:nxplatform #95
-
Story Points:1
On August the 29th, all quay.io/containers/skopeo images have been deleted due to a potential credentials leak, see:
On August 23rd it was discovered that the credentials for several robot service accounts with write-access to the container-images could have leaked. Upon discovery, the credentials were invalidated. The earliest possible leak opportunity was around March 10th, 2022.
...
We realize this issue has the potential to impact not only direct, but also indirect use, such as base-images. The safety and integrity of these images has and must take priority. At this time, all images have been disabled. We will restore originals and/or rebuild fresh copies based on further safety analysis.
This is causing build failure in the Platform CI, especially all jobs that uses a CentOS 7 based builder, see:
skopeo copy docker://docker.platform.dev.nuxeo.com/nuxeo/nuxeo-base:2021.43.4 docker://docker.platform.dev.nuxeo.com/nuxeo/nuxeo-base:2021.x [2023-08-29T14:47:20.822Z] Unable to find image 'quay.io/containers/skopeo:v1.9.2' locally [2023-08-29T14:47:21.390Z] docker: Error response from daemon: unknown: Tag v1.9.2 was deleted or has expired. To pull, revive via time machine.
A potential mid-term solution would be to use an user image such as https://hub.docker.com/r/bdwyertech/skopeo