AVB/bedrock-access-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(docker): add --provenance=false --sbom=false for Lambda compatibility

Browse Source 
Docker BuildKit (especially with docker-container driver) may create
OCI image manifests with attestations that AWS Lambda does not support.
Lambda requires Docker V2 Schema 2 format without multi-manifest index.

This fix ensures the build script generates Lambda-compatible images
regardless of the user's Docker/BuildKit configuration.

Fixes #206
This commit is contained in:
Kane Zhu
2025-11-27 18:53:39 +08:00
parent 37374e79ba
commit 2c518bbd70
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/push-to-ecr.sh
View File

@@ -78,7 +78,19 @@ build_and_push_image() {
echo "Building $IMAGE_NAME:$TAG..." echo "Building $IMAGE_NAME:$TAG..."
# Build Docker image # Build Docker image
docker buildx build --platform linux/$ARCH -t $IMAGE_NAME:$TAG -f $DOCKERFILE_PATH --load ../src/ # Note: --provenance=false and --sbom=false are required for Lambda compatibility
# Without these flags, Docker BuildKit (especially with docker-container driver) may create
# OCI image manifests with attestations that AWS Lambda does not support.
# Lambda requires Docker V2 Schema 2 format without multi-manifest index.
# See: https://github.com/aws-samples/bedrock-access-gateway/issues/206
docker buildx build \
--platform linux/$ARCH \
--provenance=false \
--sbom=false \
-t $IMAGE_NAME:$TAG \
-f $DOCKERFILE_PATH \
--load \
../src/
# Get the account ID # Get the account ID
ACCOUNT_ID=$(aws sts get-caller-identity --region $REGION --query Account --output text) ACCOUNT_ID=$(aws sts get-caller-identity --region $REGION --query Account --output text)