Default image output from buildx v0.10 cannot run on Google Cloud Run or AWS Lambda · Issue #1533 · docker/buildx (original) (raw)

As of Buildx 0.10, images are built with provenance -- this behavior is opt-out, and can be disabled with --provenance=false if using the buildx build cli, or provenance: false if using docker/build-push-action.

Images built with these default attestations that use the attestation storage from buildkit cannot be run on Google Cloud Run or AWS Lambda. While both Cloud Run and Lambda support the OCI format, they do not support multi-platform images.

From Google Cloud Run docs (emphasis mine):

Cloud Run accepts container images in the Docker Image Manifest V2, Schema 1, Schema 2, and OCI image formats.

Manifest lists used for Multi-Architecture Images are not supported.

Note

Cloud Run has now added support for processing image indexes: #1533 (comment).

From Lambda docs (emphasis mine):

Lambda provides multi-architecture base images. However, the image you build for your function must target only one of the architectures. Lambda does not support functions that use multi-architecture container images.

Ideally, GCR and Lambda should support multi-platform images, and detect the current platform from the Docker manifest list / OCI index.

As a temporary workaround (in order of preference):