skip to Main Content

I am trying to build projects using Circle CI aws-ecr-orb to push to a private repository in AWS.

I get the error below:

#16 exporting to image
#16 sha256:7dd518c28ca8d9b4a669654c56822c182f0329e5b5897d4cc9241360bd781320
#16 pushing layers 3.4s done
#16 pushing manifest for ************.dkr.ecr.*********.amazonaws.com/***********:latest@sha256:73bcacc452698bb9bc03feb199ffde7d62016bfb46b783c436f9c8e5a8a69e32
#16 pushing manifest for ************.dkr.ecr.*********.amazonaws.com/***********:latest@sha256:73bcacc452698bb9bc03feb199ffde7d62016bfb46b783c436f9c8e5a8a69e32 0.3s done
#16 ERROR: failed to push ************.dkr.ecr.*********.amazonaws.com/***********:latest: failed commit on ref "manifest-sha256:73bcacc872698bb9bc03feb199ffde7d62016bfb46b783c436f9c8e5a8a69e32": unexpected status: 400 Bad Request
------
 > exporting to image:
------
error: failed to solve: rpc error: code = Unknown desc = failed to push ************.dkr.ecr.*********.amazonaws.com/***********:latest: failed commit on ref "manifest-sha256:73bcacc872698bb9bc03feb199ffde7d62016bfb46b783c436f9c8e5a8a69e32": unexpected status: 400 Bad Request

Exited with code exit status 1
CircleCI received exit code 1

I’m trying to understand why the error is coming up.

2

Answers


  1. Chosen as BEST ANSWER

    I finally figured out the issue.

    The issue was caused because I changed the tag mutability setting for the repository to IMMUTABLE.

    All I had to do was to change the tag mutability setting for the repository to MUTABLE.

    In Terraform AWS ECR module, I just had to add the settings below to the resource:

    repository_image_tag_mutability        = "MUTABLE"
    

    Resources: error: failed to solve: failed commit on ref : unexpected status: 400 Bad Request #200


  2. In case people arrive here because they see the same error when using BuildKit / buildx directly, e.g. like this

    docker buildx build -t repo.example.com/my-app:latest --push .
    

    please note that

    Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and Lambda). You can optionally disable the default provenance attestation functionality using –provenance=false

    So,

    docker buildx build -t repo.example.com/my-app:latest --push --provenance=false .
    

    solves the issue.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search