Corruption of Build Secret Files

[zevisert]

Contributing guidelines

• I've read the contributing guidelines and wholeheartedly agree

I've found a bug, and:

• The documentation does not mention anything about my problem
• There are no open or closed issues that are related to my problem

Description

I have a use-case that requires mounting a zip-file via --mount=type=secret. The zip file represents a license to use a piece of software that performs my build. When using the secret-files input for the docker/build-push-action the implementation of this action copies the secret to a temporary location (--secret id=sample-license,src=/home/runner/work/_temp/docker-actions-toolkit-OXIeq8/tmp-2625-Cxfgo6gW7pi7) using docker/actions-toolkit, and in doing so it corrupts my zip file.

Expected behaviour

Files mounted via secrets should be byte-for-byte identical inside the build as a secret as they are on the host system. Running a build locally with the secret file specified directly does not cause this issue. I expect docker/build-push-action to succeed with this build in the same way that building locally does:

$ docker version             
Client:
 Version:           27.5.1
 API version:       1.47
 Go version:        go1.24.9
 Git commit:        v27.5.1
 Built:             Thu Jan  1 00:00:00 1970 (Note: This is due to NixOS)
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          27.5.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.24.9
  Git commit:       v27.5.1
  Built:            Tue Jan  1 00:00:00 1980 (Note: Again due to NixOS reproducibility)
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v2.1.4
  GitCommit:        refs/tags/v2.1.4
 runc:
  Version:          1.2.4
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        

$ # in github.com/zevisert/mre-docker-actions-toolkit
$ docker build . --secret id=sample-license,src=sample.zip --progress=plain --no-cache
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 628B done
#1 DONE 0.0s

#2 resolve image config for docker-image://docker.io/docker/dockerfile:1
#2 DONE 0.2s

#3 docker-image://docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6
#3 CACHED

#4 [internal] load metadata for docker.io/library/debian:trixie-slim
#4 DONE 0.0s

#5 [internal] load .dockerignore
#5 transferring context: 74B done
#5 DONE 0.0s

#6 [internal] preparing inline document
#6 CACHED

#7 [stage-0 1/3] FROM docker.io/library/debian:trixie-slim
#7 CACHED

#8 [stage-0 2/3] COPY <<EOF license.sha256sum
#8 DONE 0.0s

#9 [stage-0 3/3] RUN --mount=type=secret,id=sample-license,required=true,target=license.zip   sha256sum --check license.sha256sum
#9 0.119 license.zip: OK
#9 DONE 0.1s

#10 exporting to image
#10 exporting layers 0.0s done
#10 writing image sha256:253eb2ba1a4dc8fd445ce86c8bc522fd4b89fe59c97402aece0080a992284642 done
#10 DONE 0.0s

Actual behaviour

The contents of the license file I am mounting are modified, causing the overall license to be rejected by the software that requires it.

Repository URL

https://github.com/zevisert/mre-docker-actions-toolkit

Workflow run URL

https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19549567609/job/55977185446

YAML workflow

name: Minimum Reproducible Example

on:
  push:
    branches:
      - main

jobs:
  build:
    name: Build Secret Corruption
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-buildx-action@v3
      - name: Demonstrate SHA256 sum outside build
        run: |
          sha256sum sample.zip
          sha256sum --check <<< '7728f8ac3099aa4045039f5c7d74d7ea54e5f68f43dc9312ab69201a88730c97 *sample.zip'
      - uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile
          push: false
          secret-files: |
            sample-license=sample.zip

Workflow logs

logs_50413367508.zip

Alternatively, same thing inlined here

2025-11-20T19:54:58.6370983Z Current runner version: '2.329.0'
2025-11-20T19:54:58.6399040Z ##[group]Runner Image Provisioner
2025-11-20T19:54:58.6399881Z Hosted Compute Agent
2025-11-20T19:54:58.6400426Z Version: 20251016.436
2025-11-20T19:54:58.6400957Z Commit: 8ab8ac8bfd662a3739dab9fe09456aba92132568
2025-11-20T19:54:58.6401625Z Build Date: 2025-10-15T20:44:12Z
2025-11-20T19:54:58.6402151Z ##[endgroup]
2025-11-20T19:54:58.6402663Z ##[group]Operating System
2025-11-20T19:54:58.6403370Z Ubuntu
2025-11-20T19:54:58.6403883Z 24.04.3
2025-11-20T19:54:58.6404317Z LTS
2025-11-20T19:54:58.6404692Z ##[endgroup]
2025-11-20T19:54:58.6405194Z ##[group]Runner Image
2025-11-20T19:54:58.6405674Z Image: ubuntu-24.04
2025-11-20T19:54:58.6406123Z Version: 20251112.124.1
2025-11-20T19:54:58.6407042Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20251112.124/images/ubuntu/Ubuntu2404-Readme.md
2025-11-20T19:54:58.6408454Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20251112.124
2025-11-20T19:54:58.6409374Z ##[endgroup]
2025-11-20T19:54:58.6410374Z ##[group]GITHUB_TOKEN Permissions
2025-11-20T19:54:58.6412307Z Contents: read
2025-11-20T19:54:58.6412757Z Metadata: read
2025-11-20T19:54:58.6413495Z Packages: read
2025-11-20T19:54:58.6413992Z ##[endgroup]
2025-11-20T19:54:58.6416189Z Secret source: Actions
2025-11-20T19:54:58.6416809Z Prepare workflow directory
2025-11-20T19:54:58.6745231Z Prepare all required actions
2025-11-20T19:54:58.6784936Z Getting action download info
2025-11-20T19:54:59.1032716Z Download action repository 'actions/checkout@v4' (SHA:34e114876b0b11c390a56381ad16ebd13914f8d5)
2025-11-20T19:54:59.9094962Z Download action repository 'docker/setup-buildx-action@v3' (SHA:e468171a9de216ec08956ac3ada2f0791b6bd435)
2025-11-20T19:55:00.8915820Z Download action repository 'docker/build-push-action@v5' (SHA:ca052bb54ab0790a636c9b5f226502c73d547a25)
2025-11-20T19:55:01.8390935Z Complete job name: Build Secret Corruption
2025-11-20T19:55:01.9046276Z ##[group]Run actions/checkout@v4
2025-11-20T19:55:01.9046970Z with:
2025-11-20T19:55:01.9047271Z   repository: zevisert/mre-docker-actions-toolkit
2025-11-20T19:55:01.9048024Z   token: ***
2025-11-20T19:55:01.9048271Z   ssh-strict: true
2025-11-20T19:55:01.9048514Z   ssh-user: git
2025-11-20T19:55:01.9048774Z   persist-credentials: true
2025-11-20T19:55:01.9049066Z   clean: true
2025-11-20T19:55:01.9049317Z   sparse-checkout-cone-mode: true
2025-11-20T19:55:01.9049610Z   fetch-depth: 1
2025-11-20T19:55:01.9049847Z   fetch-tags: false
2025-11-20T19:55:01.9050103Z   show-progress: true
2025-11-20T19:55:01.9050334Z   lfs: false
2025-11-20T19:55:01.9050557Z   submodules: false
2025-11-20T19:55:01.9050798Z   set-safe-directory: true
2025-11-20T19:55:01.9051279Z ##[endgroup]
2025-11-20T19:55:02.0176786Z Syncing repository: zevisert/mre-docker-actions-toolkit
2025-11-20T19:55:02.0285639Z ##[group]Getting Git version info
2025-11-20T19:55:02.0287313Z Working directory is '/home/runner/work/mre-docker-actions-toolkit/mre-docker-actions-toolkit'
2025-11-20T19:55:02.0288729Z [command]/usr/bin/git version
2025-11-20T19:55:02.0289014Z git version 2.51.2
2025-11-20T19:55:02.0290062Z ##[endgroup]
2025-11-20T19:55:02.0296857Z Temporarily overriding HOME='/home/runner/work/_temp/cff42a71-3601-48d7-a951-435813b66fbc' before making global git config changes
2025-11-20T19:55:02.0297592Z Adding repository directory to the temporary git global config as a safe directory
2025-11-20T19:55:02.0298309Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/mre-docker-actions-toolkit/mre-docker-actions-toolkit
2025-11-20T19:55:02.0308210Z Deleting the contents of '/home/runner/work/mre-docker-actions-toolkit/mre-docker-actions-toolkit'
2025-11-20T19:55:02.0311622Z ##[group]Initializing the repository
2025-11-20T19:55:02.0316181Z [command]/usr/bin/git init /home/runner/work/mre-docker-actions-toolkit/mre-docker-actions-toolkit
2025-11-20T19:55:02.0416600Z hint: Using 'master' as the name for the initial branch. This default branch name
2025-11-20T19:55:02.0418010Z hint: is subject to change. To configure the initial branch name to use in all
2025-11-20T19:55:02.0418845Z hint: of your new repositories, which will suppress this warning, call:
2025-11-20T19:55:02.0419426Z hint:
2025-11-20T19:55:02.0419992Z hint: 	git config --global init.defaultBranch 
2025-11-20T19:55:02.0420476Z hint:
2025-11-20T19:55:02.0420982Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2025-11-20T19:55:02.0421671Z hint: 'development'. The just-created branch can be renamed via this command:
2025-11-20T19:55:02.0422433Z hint:
2025-11-20T19:55:02.0422810Z hint: 	git branch -m 
2025-11-20T19:55:02.0423374Z hint:
2025-11-20T19:55:02.0423854Z hint: Disable this message with "git config set advice.defaultBranchName false"
2025-11-20T19:55:02.0424528Z Initialized empty Git repository in /home/runner/work/mre-docker-actions-toolkit/mre-docker-actions-toolkit/.git/
2025-11-20T19:55:02.0433258Z [command]/usr/bin/git remote add origin https://github.com/zevisert/mre-docker-actions-toolkit
2025-11-20T19:55:02.0467485Z ##[endgroup]
2025-11-20T19:55:02.0468093Z ##[group]Disabling automatic garbage collection
2025-11-20T19:55:02.0472015Z [command]/usr/bin/git config --local gc.auto 0
2025-11-20T19:55:02.0499347Z ##[endgroup]
2025-11-20T19:55:02.0499814Z ##[group]Setting up auth
2025-11-20T19:55:02.0507084Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2025-11-20T19:55:02.0533931Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2025-11-20T19:55:02.0846909Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2025-11-20T19:55:02.0876126Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2025-11-20T19:55:02.1060736Z [command]/usr/bin/git config --local --name-only --get-regexp ^includeIf\.gitdir:
2025-11-20T19:55:02.1096356Z [command]/usr/bin/git submodule foreach --recursive git config --local --show-origin --name-only --get-regexp remote.origin.url
2025-11-20T19:55:02.1282816Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2025-11-20T19:55:02.1317230Z ##[endgroup]
2025-11-20T19:55:02.1318160Z ##[group]Fetching the repository
2025-11-20T19:55:02.1327107Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +f67f005878dd2e4c95de3c1dab320cd1e38c2e23:refs/remotes/origin/main
2025-11-20T19:55:02.5007346Z From https://github.com/zevisert/mre-docker-actions-toolkit
2025-11-20T19:55:02.5008007Z  * [new ref]         f67f005878dd2e4c95de3c1dab320cd1e38c2e23 -> origin/main
2025-11-20T19:55:02.5036272Z ##[endgroup]
2025-11-20T19:55:02.5036992Z ##[group]Determining the checkout info
2025-11-20T19:55:02.5039367Z ##[endgroup]
2025-11-20T19:55:02.5045560Z [command]/usr/bin/git sparse-checkout disable
2025-11-20T19:55:02.5082113Z [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
2025-11-20T19:55:02.5105164Z ##[group]Checking out the ref
2025-11-20T19:55:02.5109382Z [command]/usr/bin/git checkout --progress --force -B main refs/remotes/origin/main
2025-11-20T19:55:02.5156902Z Switched to a new branch 'main'
2025-11-20T19:55:02.5157504Z branch 'main' set up to track 'origin/main'.
2025-11-20T19:55:02.5162443Z ##[endgroup]
2025-11-20T19:55:02.5194688Z [command]/usr/bin/git log -1 --format=%H
2025-11-20T19:55:02.5214780Z f67f005878dd2e4c95de3c1dab320cd1e38c2e23
2025-11-20T19:55:02.5415886Z ##[group]Run docker/setup-buildx-action@v3
2025-11-20T19:55:02.5416225Z with:
2025-11-20T19:55:02.5416458Z   driver: docker-container
2025-11-20T19:55:02.5416696Z   install: false
2025-11-20T19:55:02.5416910Z   use: true
2025-11-20T19:55:02.5417105Z   keep-state: false
2025-11-20T19:55:02.5417324Z   cache-binary: true
2025-11-20T19:55:02.5417692Z   cleanup: true
2025-11-20T19:55:02.5417904Z ##[endgroup]
2025-11-20T19:55:02.8254054Z ##[group]Docker info
2025-11-20T19:55:02.8275788Z [command]/usr/bin/docker version
2025-11-20T19:55:02.9057359Z Client: Docker Engine - Community
2025-11-20T19:55:02.9058001Z  Version:           28.0.4
2025-11-20T19:55:02.9058398Z  API version:       1.48
2025-11-20T19:55:02.9058769Z  Go version:        go1.23.7
2025-11-20T19:55:02.9059164Z  Git commit:        b8034c0
2025-11-20T19:55:02.9059687Z  Built:             Tue Mar 25 15:07:16 2025
2025-11-20T19:55:02.9060144Z  OS/Arch:           linux/amd64
2025-11-20T19:55:02.9060503Z  Context:           default
2025-11-20T19:55:02.9060717Z 
2025-11-20T19:55:02.9060864Z Server: Docker Engine - Community
2025-11-20T19:55:02.9061266Z  Engine:
2025-11-20T19:55:02.9061550Z   Version:          28.0.4
2025-11-20T19:55:02.9061979Z   API version:      1.48 (minimum version 1.24)
2025-11-20T19:55:02.9062437Z   Go version:       go1.23.7
2025-11-20T19:55:02.9062786Z   Git commit:       6430e49
2025-11-20T19:55:02.9063321Z   Built:            Tue Mar 25 15:07:16 2025
2025-11-20T19:55:02.9063731Z   OS/Arch:          linux/amd64
2025-11-20T19:55:02.9063977Z   Experimental:     false
2025-11-20T19:55:02.9064257Z  containerd:
2025-11-20T19:55:02.9064484Z   Version:          v2.1.5
2025-11-20T19:55:02.9064833Z   GitCommit:        fcd43222d6b07379a4be9786bda52438f0dd16a1
2025-11-20T19:55:02.9065362Z  runc:
2025-11-20T19:55:02.9065571Z   Version:          1.3.3
2025-11-20T19:55:02.9065922Z   GitCommit:        v1.3.3-0-gd842d771
2025-11-20T19:55:02.9066338Z  docker-init:
2025-11-20T19:55:02.9066680Z   Version:          0.19.0
2025-11-20T19:55:02.9067084Z   GitCommit:        de40ad0
2025-11-20T19:55:02.9106448Z [command]/usr/bin/docker info
2025-11-20T19:55:04.6673320Z Client: Docker Engine - Community
2025-11-20T19:55:04.6676347Z  Version:    28.0.4
2025-11-20T19:55:04.6676722Z  Context:    default
2025-11-20T19:55:04.6677017Z  Debug Mode: false
2025-11-20T19:55:04.6677391Z  Plugins:
2025-11-20T19:55:04.6677731Z   buildx: Docker Buildx (Docker Inc.)
2025-11-20T19:55:04.6678152Z     Version:  v0.29.1
2025-11-20T19:55:04.6678638Z     Path:     /usr/libexec/docker/cli-plugins/docker-buildx
2025-11-20T19:55:04.6679149Z   compose: Docker Compose (Docker Inc.)
2025-11-20T19:55:04.6679519Z     Version:  v2.38.2
2025-11-20T19:55:04.6679892Z     Path:     /usr/libexec/docker/cli-plugins/docker-compose
2025-11-20T19:55:04.6680215Z 
2025-11-20T19:55:04.6680328Z Server:
2025-11-20T19:55:04.6680724Z  Containers: 0
2025-11-20T19:55:04.6681000Z   Running: 0
2025-11-20T19:55:04.6681387Z   Paused: 0
2025-11-20T19:55:04.6681644Z   Stopped: 0
2025-11-20T19:55:04.6681902Z  Images: 0
2025-11-20T19:55:04.6682205Z  Server Version: 28.0.4
2025-11-20T19:55:04.6682499Z  Storage Driver: overlay2
2025-11-20T19:55:04.6682864Z   Backing Filesystem: extfs
2025-11-20T19:55:04.6683368Z   Supports d_type: true
2025-11-20T19:55:04.6683715Z   Using metacopy: false
2025-11-20T19:55:04.6684050Z   Native Overlay Diff: false
2025-11-20T19:55:04.6684401Z   userxattr: false
2025-11-20T19:55:04.6684958Z  Logging Driver: json-file
2025-11-20T19:55:04.6685288Z  Cgroup Driver: systemd
2025-11-20T19:55:04.6685577Z  Cgroup Version: 2
2025-11-20T19:55:04.6685953Z  Plugins:
2025-11-20T19:55:04.6686834Z   Volume: local
2025-11-20T19:55:04.6687503Z   Network: bridge host ipvlan macvlan null overlay
2025-11-20T19:55:04.6688203Z   Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
2025-11-20T19:55:04.6688806Z  Swarm: inactive
2025-11-20T19:55:04.6689398Z  Runtimes: io.containerd.runc.v2 runc
2025-11-20T19:55:04.6689821Z  Default Runtime: runc
2025-11-20T19:55:04.6690754Z  Init Binary: docker-init
2025-11-20T19:55:04.6691337Z  containerd version: fcd43222d6b07379a4be9786bda52438f0dd16a1
2025-11-20T19:55:04.6691925Z  runc version: v1.3.3-0-gd842d771
2025-11-20T19:55:04.6692373Z  init version: de40ad0
2025-11-20T19:55:04.6692837Z  Security Options:
2025-11-20T19:55:04.6693437Z   apparmor
2025-11-20T19:55:04.6694012Z   seccomp
2025-11-20T19:55:04.6694426Z    Profile: builtin
2025-11-20T19:55:04.6694759Z   cgroupns
2025-11-20T19:55:04.6695153Z  Kernel Version: 6.11.0-1018-azure
2025-11-20T19:55:04.6695630Z  Operating System: Ubuntu 24.04.3 LTS
2025-11-20T19:55:04.6696093Z  OSType: linux
2025-11-20T19:55:04.6696418Z  Architecture: x86_64
2025-11-20T19:55:04.6696875Z  CPUs: 4
2025-11-20T19:55:04.6697237Z  Total Memory: 15.62GiB
2025-11-20T19:55:04.6697718Z  Name: runnervmg1sw1
2025-11-20T19:55:04.6698180Z  ID: 25309008-d3b6-4795-9b53-5704e2dd5a06
2025-11-20T19:55:04.6698707Z  Docker Root Dir: /var/lib/docker
2025-11-20T19:55:04.6699204Z  Debug Mode: false
2025-11-20T19:55:04.6699633Z  Username: githubactions
2025-11-20T19:55:04.6700192Z  Experimental: false
2025-11-20T19:55:04.6700615Z  Insecure Registries:
2025-11-20T19:55:04.6707480Z   ::1/128
2025-11-20T19:55:04.6708010Z   127.0.0.0/8
2025-11-20T19:55:04.6708414Z  Live Restore Enabled: false
2025-11-20T19:55:04.6708684Z 
2025-11-20T19:55:04.6709634Z ##[endgroup]
2025-11-20T19:55:04.7704495Z ##[group]Buildx version
2025-11-20T19:55:04.7727603Z [command]/usr/bin/docker buildx version
2025-11-20T19:55:04.8399775Z github.com/docker/buildx v0.29.1 a32761aeb3debd39be1eca514af3693af0db334b
2025-11-20T19:55:04.8425857Z ##[endgroup]
2025-11-20T19:55:04.8594796Z ##[group]Inspecting default docker context
2025-11-20T19:55:04.8754352Z [
2025-11-20T19:55:04.8754791Z   {
2025-11-20T19:55:04.8755380Z     "Name": "default",
2025-11-20T19:55:04.8755782Z     "Metadata": {},
2025-11-20T19:55:04.8756190Z     "Endpoints": {
2025-11-20T19:55:04.8756585Z       "docker": {
2025-11-20T19:55:04.8756926Z         "Host": "unix:///var/run/docker.sock",
2025-11-20T19:55:04.8757481Z         "SkipTLSVerify": false
2025-11-20T19:55:04.8757877Z       }
2025-11-20T19:55:04.8758196Z     },
2025-11-20T19:55:04.8758514Z     "TLSMaterial": {},
2025-11-20T19:55:04.8758922Z     "Storage": {
2025-11-20T19:55:04.8759302Z       "MetadataPath": "",
2025-11-20T19:55:04.8759784Z       "TLSPath": ""
2025-11-20T19:55:04.8760171Z     }
2025-11-20T19:55:04.8760609Z   }
2025-11-20T19:55:04.8760997Z ]
2025-11-20T19:55:04.8762074Z ##[endgroup]
2025-11-20T19:55:04.8763100Z ##[group]Creating a new builder instance
2025-11-20T19:55:05.0045668Z [command]/usr/bin/docker buildx create --name builder-82e612d8-53e0-4e92-9751-feab5039ef2f --driver docker-container --buildkitd-flags --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host --use
2025-11-20T19:55:05.0787499Z builder-82e612d8-53e0-4e92-9751-feab5039ef2f
2025-11-20T19:55:05.0813783Z ##[endgroup]
2025-11-20T19:55:05.0814480Z ##[group]Booting builder
2025-11-20T19:55:05.0846061Z [command]/usr/bin/docker buildx inspect --bootstrap --builder builder-82e612d8-53e0-4e92-9751-feab5039ef2f
2025-11-20T19:55:05.1431919Z #1 [internal] booting buildkit
2025-11-20T19:55:05.2938664Z #1 pulling image moby/buildkit:buildx-stable-1
2025-11-20T19:55:09.3174892Z #1 pulling image moby/buildkit:buildx-stable-1 4.2s done
2025-11-20T19:55:09.4685263Z #1 creating container buildx_buildkit_builder-82e612d8-53e0-4e92-9751-feab5039ef2f0
2025-11-20T19:55:09.7424278Z #1 creating container buildx_buildkit_builder-82e612d8-53e0-4e92-9751-feab5039ef2f0 0.4s done
2025-11-20T19:55:09.7443293Z #1 DONE 4.6s
2025-11-20T19:55:09.7725554Z Name:          builder-82e612d8-53e0-4e92-9751-feab5039ef2f
2025-11-20T19:55:09.7726107Z Driver:        docker-container
2025-11-20T19:55:09.7726398Z Last Activity: 2025-11-20 19:55:05 +0000 UTC
2025-11-20T19:55:09.7726560Z 
2025-11-20T19:55:09.7726634Z Nodes:
2025-11-20T19:55:09.7726850Z Name:                  builder-82e612d8-53e0-4e92-9751-feab5039ef2f0
2025-11-20T19:55:09.7727887Z Endpoint:              unix:///var/run/docker.sock
2025-11-20T19:55:09.7728508Z Status:                running
2025-11-20T19:55:09.7729161Z BuildKit daemon flags: --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
2025-11-20T19:55:09.7729735Z BuildKit version:      v0.26.2
2025-11-20T19:55:09.7730292Z Platforms:             linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/amd64/v4, linux/386
2025-11-20T19:55:09.7730694Z Labels:
2025-11-20T19:55:09.7730982Z  org.mobyproject.buildkit.worker.executor:         oci
2025-11-20T19:55:09.7731390Z  org.mobyproject.buildkit.worker.hostname:         d3c7d8053417
2025-11-20T19:55:09.7732282Z  org.mobyproject.buildkit.worker.network:          host
2025-11-20T19:55:09.7732641Z  org.mobyproject.buildkit.worker.oci.process-mode: sandbox
2025-11-20T19:55:09.7733223Z  org.mobyproject.buildkit.worker.selinux.enabled:  false
2025-11-20T19:55:09.7733856Z  org.mobyproject.buildkit.worker.snapshotter:      overlayfs
2025-11-20T19:55:09.7734176Z GC Policy rule#0:
2025-11-20T19:55:09.7734361Z  All:            false
2025-11-20T19:55:09.7734656Z  Filters:        type==source.local,type==exec.cachemount,type==source.git.checkout
2025-11-20T19:55:09.7735002Z  Keep Duration:  48h0m0s
2025-11-20T19:55:09.7735195Z  Max Used Space: 488.3MiB
2025-11-20T19:55:09.7735397Z GC Policy rule#1:
2025-11-20T19:55:09.7735573Z  All:            false
2025-11-20T19:55:09.7735763Z  Keep Duration:  1440h0m0s
2025-11-20T19:55:09.7735959Z  Reserved Space: 7.451GiB
2025-11-20T19:55:09.7736158Z  Max Used Space: 54.02GiB
2025-11-20T19:55:09.7736358Z  Min Free Space: 13.97GiB
2025-11-20T19:55:09.7736539Z GC Policy rule#2:
2025-11-20T19:55:09.7736715Z  All:            false
2025-11-20T19:55:09.7736892Z  Reserved Space: 7.451GiB
2025-11-20T19:55:09.7737086Z  Max Used Space: 54.02GiB
2025-11-20T19:55:09.7737271Z  Min Free Space: 13.97GiB
2025-11-20T19:55:09.7737464Z GC Policy rule#3:
2025-11-20T19:55:09.7738118Z  All:            true
2025-11-20T19:55:09.7738465Z  Reserved Space: 7.451GiB
2025-11-20T19:55:09.7738740Z  Max Used Space: 54.02GiB
2025-11-20T19:55:09.7739019Z  Min Free Space: 13.97GiB
2025-11-20T19:55:09.7774355Z ##[endgroup]
2025-11-20T19:55:09.8703622Z ##[group]Inspect builder
2025-11-20T19:55:09.8703929Z {
2025-11-20T19:55:09.8704096Z   "nodes": [
2025-11-20T19:55:09.8704252Z     {
2025-11-20T19:55:09.8704524Z       "name": "builder-82e612d8-53e0-4e92-9751-feab5039ef2f0",
2025-11-20T19:55:09.8704840Z       "endpoint": "unix:///var/run/docker.sock",
2025-11-20T19:55:09.8705095Z       "status": "running",
2025-11-20T19:55:09.8705641Z       "buildkitd-flags": "--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host",
2025-11-20T19:55:09.8706397Z       "buildkit": "v0.26.2",
2025-11-20T19:55:09.8706729Z       "platforms": "linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4,linux/386",
2025-11-20T19:55:09.8707055Z       "features": {
2025-11-20T19:55:09.8707323Z         "Automatically load images to the Docker Engine image store": true,
2025-11-20T19:55:09.8707659Z         "Cache export": true,
2025-11-20T19:55:09.8707866Z         "Direct push": true,
2025-11-20T19:55:09.8708061Z         "Docker exporter": true,
2025-11-20T19:55:09.8708288Z         "Multi-platform build": true,
2025-11-20T19:55:09.8708517Z         "OCI exporter": true
2025-11-20T19:55:09.8708703Z       },
2025-11-20T19:55:09.8708870Z       "labels": {
2025-11-20T19:55:09.8709095Z         "org.mobyproject.buildkit.worker.executor": "oci",
2025-11-20T19:55:09.8709443Z         "org.mobyproject.buildkit.worker.hostname": "d3c7d8053417",
2025-11-20T19:55:09.8709781Z         "org.mobyproject.buildkit.worker.network": "host",
2025-11-20T19:55:09.8710142Z         "org.mobyproject.buildkit.worker.oci.process-mode": "sandbox",
2025-11-20T19:55:09.8710528Z         "org.mobyproject.buildkit.worker.selinux.enabled": "false",
2025-11-20T19:55:09.8710962Z         "org.mobyproject.buildkit.worker.snapshotter": "overlayfs"
2025-11-20T19:55:09.8711369Z       },
2025-11-20T19:55:09.8711790Z       "gcPolicy": [
2025-11-20T19:55:09.8711971Z         {
2025-11-20T19:55:09.8712124Z           "all": false,
2025-11-20T19:55:09.8712314Z           "filter": [
2025-11-20T19:55:09.8712513Z             "type==source.local",
2025-11-20T19:55:09.8712735Z             "type==exec.cachemount",
2025-11-20T19:55:09.8713143Z             "type==source.git.checkout"
2025-11-20T19:55:09.8713613Z           ],
2025-11-20T19:55:09.8713875Z           "keepDuration": "48h0m0s",
2025-11-20T19:55:09.8714087Z           "maxUsedSpace": "488.3MiB"
2025-11-20T19:55:09.8714293Z         },
2025-11-20T19:55:09.8714438Z         {
2025-11-20T19:55:09.8714599Z           "all": false,
2025-11-20T19:55:09.8714805Z           "keepDuration": "1440h0m0s",
2025-11-20T19:55:09.8715040Z           "reservedSpace": "7.451GiB",
2025-11-20T19:55:09.8715266Z           "maxUsedSpace": "54.02GiB",
2025-11-20T19:55:09.8715480Z           "minFreeSpace": "13.97GiB"
2025-11-20T19:55:09.8715687Z         },
2025-11-20T19:55:09.8715828Z         {
2025-11-20T19:55:09.8715995Z           "all": false,
2025-11-20T19:55:09.8716179Z           "reservedSpace": "7.451GiB",
2025-11-20T19:55:09.8716408Z           "maxUsedSpace": "54.02GiB",
2025-11-20T19:55:09.8716634Z           "minFreeSpace": "13.97GiB"
2025-11-20T19:55:09.8716856Z         },
2025-11-20T19:55:09.8717002Z         {
2025-11-20T19:55:09.8717159Z           "all": true,
2025-11-20T19:55:09.8717339Z           "reservedSpace": "7.451GiB",
2025-11-20T19:55:09.8717564Z           "maxUsedSpace": "54.02GiB",
2025-11-20T19:55:09.8717782Z           "minFreeSpace": "13.97GiB"
2025-11-20T19:55:09.8717971Z         }
2025-11-20T19:55:09.8718119Z       ]
2025-11-20T19:55:09.8718253Z     }
2025-11-20T19:55:09.8718397Z   ],
2025-11-20T19:55:09.8718594Z   "name": "builder-82e612d8-53e0-4e92-9751-feab5039ef2f",
2025-11-20T19:55:09.8718877Z   "driver": "docker-container",
2025-11-20T19:55:09.8719092Z   "lastActivity": "2025-11-20T19:55:05.000Z"
2025-11-20T19:55:09.8719312Z }
2025-11-20T19:55:09.8719829Z ##[endgroup]
2025-11-20T19:55:09.8720133Z ##[group]BuildKit version
2025-11-20T19:55:09.8720402Z builder-82e612d8-53e0-4e92-9751-feab5039ef2f0: v0.26.2
2025-11-20T19:55:09.8720781Z ##[endgroup]
2025-11-20T19:55:09.8849436Z ##[group]Run sha256sum sample.zip
2025-11-20T19:55:09.8849830Z �[36;1msha256sum sample.zip�[0m
2025-11-20T19:55:09.8850433Z �[36;1msha256sum --check <<< '7728f8ac3099aa4045039f5c7d74d7ea54e5f68f43dc9312ab69201a88730c97 *sample.zip'�[0m
2025-11-20T19:55:09.8876242Z shell: /usr/bin/bash -e {0}
2025-11-20T19:55:09.8876530Z ##[endgroup]
2025-11-20T19:55:09.9000925Z 7728f8ac3099aa4045039f5c7d74d7ea54e5f68f43dc9312ab69201a88730c97  sample.zip
2025-11-20T19:55:09.9018599Z sample.zip: OK
2025-11-20T19:55:09.9115451Z ##[group]Run docker/build-push-action@v5
2025-11-20T19:55:09.9115703Z with:
2025-11-20T19:55:09.9115874Z   context: .
2025-11-20T19:55:09.9116036Z   file: Dockerfile
2025-11-20T19:55:09.9116211Z   push: false
2025-11-20T19:55:09.9116405Z   secret-files: sample-license=sample.zip
2025-11-20T19:55:09.9116647Z   load: false

2025-11-20T19:55:09.9116804Z   no-cache: false

2025-11-20T19:55:09.9116990Z   pull: false

2025-11-20T19:55:09.9117344Z   github-token: ***

2025-11-20T19:55:09.9117513Z ##[endgroup]

2025-11-20T19:55:10.1319594Z ##[group]GitHub Actions runtime token ACs

2025-11-20T19:55:10.1330746Z refs/heads/main: read/write

2025-11-20T19:55:10.1331644Z ##[endgroup]

2025-11-20T19:55:10.1332226Z ##[group]Docker info

2025-11-20T19:55:10.1373966Z [command]/usr/bin/docker version

2025-11-20T19:55:10.1594352Z Client: Docker Engine - Community

2025-11-20T19:55:10.1594788Z  Version:           28.0.4

2025-11-20T19:55:10.1594998Z  API version:       1.48

2025-11-20T19:55:10.1595346Z  Go version:        go1.23.7

2025-11-20T19:55:10.1595547Z  Git commit:        b8034c0

2025-11-20T19:55:10.1595768Z  Built:             Tue Mar 25 15:07:16 2025

2025-11-20T19:55:10.1596002Z  OS/Arch:           linux/amd64

2025-11-20T19:55:10.1597576Z  Context:           default

2025-11-20T19:55:10.1597813Z

2025-11-20T19:55:10.1597977Z Server: Docker Engine - Community

2025-11-20T19:55:10.1598299Z  Engine:

2025-11-20T19:55:10.1598468Z   Version:          28.0.4

2025-11-20T19:55:10.1598684Z   API version:      1.48 (minimum version 1.24)

2025-11-20T19:55:10.1598942Z   Go version:       go1.23.7

2025-11-20T19:55:10.1599186Z   Git commit:       6430e49

2025-11-20T19:55:10.1600012Z   Built:            Tue Mar 25 15:07:16 2025

2025-11-20T19:55:10.1600392Z   OS/Arch:          linux/amd64

2025-11-20T19:55:10.1600759Z   Experimental:     false

2025-11-20T19:55:10.1601108Z  containerd:

2025-11-20T19:55:10.1601381Z   Version:          v2.1.5

2025-11-20T19:55:10.1601800Z   GitCommit:        fcd43222d6b07379a4be9786bda52438f0dd16a1

2025-11-20T19:55:10.1602230Z  runc:

2025-11-20T19:55:10.1602514Z   Version:          1.3.3

2025-11-20T19:55:10.1602823Z   GitCommit:        v1.3.3-0-gd842d771

2025-11-20T19:55:10.1603441Z  docker-init:

2025-11-20T19:55:10.1603753Z   Version:          0.19.0

2025-11-20T19:55:10.1604109Z   GitCommit:        de40ad0

2025-11-20T19:55:10.1641039Z [command]/usr/bin/docker info

2025-11-20T19:55:10.2123853Z Client: Docker Engine - Community

2025-11-20T19:55:10.2124402Z  Version:    28.0.4

2025-11-20T19:55:10.2124728Z  Context:    default

2025-11-20T19:55:10.2125059Z  Debug Mode: false

2025-11-20T19:55:10.2125334Z  Plugins:

2025-11-20T19:55:10.2125631Z   buildx: Docker Buildx (Docker Inc.)

2025-11-20T19:55:10.2126027Z     Version:  v0.29.1

2025-11-20T19:55:10.2126360Z     Path:     /usr/libexec/docker/cli-plugins/docker-buildx

2025-11-20T19:55:10.2126833Z   compose: Docker Compose (Docker Inc.)

2025-11-20T19:55:10.2127219Z     Version:  v2.38.2

2025-11-20T19:55:10.2127629Z     Path:     /usr/libexec/docker/cli-plugins/docker-compose

2025-11-20T19:55:10.2127959Z

2025-11-20T19:55:10.2128090Z Server:

2025-11-20T19:55:10.2128329Z  Containers: 1

2025-11-20T19:55:10.2128608Z   Running: 1

2025-11-20T19:55:10.2128869Z   Paused: 0

2025-11-20T19:55:10.2129114Z   Stopped: 0

2025-11-20T19:55:10.2129339Z  Images: 1

2025-11-20T19:55:10.2129592Z  Server Version: 28.0.4

2025-11-20T19:55:10.2130383Z  Storage Driver: overlay2

2025-11-20T19:55:10.2130783Z   Backing Filesystem: extfs

2025-11-20T19:55:10.2131236Z   Supports d_type: true

2025-11-20T19:55:10.2131688Z   Using metacopy: false

2025-11-20T19:55:10.2132192Z   Native Overlay Diff: false

2025-11-20T19:55:10.2132609Z   userxattr: false

2025-11-20T19:55:10.2133162Z  Logging Driver: json-file

2025-11-20T19:55:10.2133522Z  Cgroup Driver: systemd

2025-11-20T19:55:10.2134205Z  Cgroup Version: 2

2025-11-20T19:55:10.2134531Z  Plugins:

2025-11-20T19:55:10.2134881Z   Volume: local

2025-11-20T19:55:10.2135184Z   Network: bridge host ipvlan macvlan null overlay

2025-11-20T19:55:10.2136070Z   Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog

2025-11-20T19:55:10.2136495Z  Swarm: inactive

2025-11-20T19:55:10.2136771Z  Runtimes: io.containerd.runc.v2 runc

2025-11-20T19:55:10.2137112Z  Default Runtime: runc

2025-11-20T19:55:10.2137375Z  Init Binary: docker-init

2025-11-20T19:55:10.2137724Z  containerd version: fcd43222d6b07379a4be9786bda52438f0dd16a1

2025-11-20T19:55:10.2138188Z  runc version: v1.3.3-0-gd842d771

2025-11-20T19:55:10.2138629Z  init version: de40ad0

2025-11-20T19:55:10.2138993Z  Security Options:

2025-11-20T19:55:10.2139195Z   apparmor

2025-11-20T19:55:10.2139475Z   seccomp

2025-11-20T19:55:10.2139679Z    Profile: builtin

2025-11-20T19:55:10.2139928Z   cgroupns

2025-11-20T19:55:10.2140188Z  Kernel Version: 6.11.0-1018-azure

2025-11-20T19:55:10.2140515Z  Operating System: Ubuntu 24.04.3 LTS

2025-11-20T19:55:10.2140783Z  OSType: linux

2025-11-20T19:55:10.2141064Z  Architecture: x86_64

2025-11-20T19:55:10.2141328Z  CPUs: 4

2025-11-20T19:55:10.2141537Z  Total Memory: 15.62GiB

2025-11-20T19:55:10.2141828Z  Name: runnervmg1sw1

2025-11-20T19:55:10.2142094Z  ID: 25309008-d3b6-4795-9b53-5704e2dd5a06

2025-11-20T19:55:10.2142406Z  Docker Root Dir: /var/lib/docker

2025-11-20T19:55:10.2142790Z  Debug Mode: false

2025-11-20T19:55:10.2143385Z  Username: githubactions

2025-11-20T19:55:10.2143638Z  Experimental: false

2025-11-20T19:55:10.2143936Z  Insecure Registries:

2025-11-20T19:55:10.2144241Z   ::1/128

2025-11-20T19:55:10.2144477Z   127.0.0.0/8

2025-11-20T19:55:10.2144744Z  Live Restore Enabled: false

2025-11-20T19:55:10.2144917Z

2025-11-20T19:55:10.2145343Z ##[endgroup]

2025-11-20T19:55:10.2145761Z ##[group]Proxy configuration

2025-11-20T19:55:10.2146360Z No proxy configuration found

2025-11-20T19:55:10.2146886Z ##[endgroup]

2025-11-20T19:55:10.2745399Z ##[group]Buildx version

2025-11-20T19:55:10.2789172Z [command]/usr/bin/docker buildx version

2025-11-20T19:55:10.3372066Z github.com/docker/buildx v0.29.1 a32761aeb3debd39be1eca514af3693af0db334b

2025-11-20T19:55:10.3400724Z ##[endgroup]

2025-11-20T19:55:10.3401387Z ##[group]Builder info

2025-11-20T19:55:10.4529368Z {

2025-11-20T19:55:10.4529861Z   "nodes": [

2025-11-20T19:55:10.4530447Z     {

2025-11-20T19:55:10.4530964Z       "name": "builder-82e612d8-53e0-4e92-9751-feab5039ef2f0",

2025-11-20T19:55:10.4531576Z       "endpoint": "unix:///var/run/docker.sock",

2025-11-20T19:55:10.4532336Z       "status": "running",

2025-11-20T19:55:10.4533434Z       "buildkitd-flags": "--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host",

2025-11-20T19:55:10.4534319Z       "buildkit": "v0.26.2",

2025-11-20T19:55:10.4535097Z       "platforms": "linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/amd64/v4,linux/386",

2025-11-20T19:55:10.4535975Z       "features": {

2025-11-20T19:55:10.4536720Z         "Automatically load images to the Docker Engine image store": true,

2025-11-20T19:55:10.4537352Z         "Cache export": true,

2025-11-20T19:55:10.4537823Z         "Direct push": true,

2025-11-20T19:55:10.4538309Z         "Docker exporter": true,

2025-11-20T19:55:10.4538803Z         "Multi-platform build": true,

2025-11-20T19:55:10.4539313Z         "OCI exporter": true

2025-11-20T19:55:10.4539729Z       },

2025-11-20T19:55:10.4540193Z       "labels": {

2025-11-20T19:55:10.4540646Z         "org.mobyproject.buildkit.worker.executor": "oci",

2025-11-20T19:55:10.4541364Z         "org.mobyproject.buildkit.worker.hostname": "d3c7d8053417",

2025-11-20T19:55:10.4542032Z         "org.mobyproject.buildkit.worker.network": "host",

2025-11-20T19:55:10.4542912Z         "org.mobyproject.buildkit.worker.oci.process-mode": "sandbox",

2025-11-20T19:55:10.4543940Z         "org.mobyproject.buildkit.worker.selinux.enabled": "false",

2025-11-20T19:55:10.4544649Z         "org.mobyproject.buildkit.worker.snapshotter": "overlayfs"

2025-11-20T19:55:10.4545396Z       },

2025-11-20T19:55:10.4545736Z       "gcPolicy": [

2025-11-20T19:55:10.4546136Z         {

2025-11-20T19:55:10.4546558Z           "all": false,

2025-11-20T19:55:10.4547519Z           "filter": [

2025-11-20T19:55:10.4547950Z             "type==source.local",

2025-11-20T19:55:10.4548533Z             "type==exec.cachemount",

2025-11-20T19:55:10.4549041Z             "type==source.git.checkout"

2025-11-20T19:55:10.4549475Z           ],

2025-11-20T19:55:10.4549935Z           "keepDuration": "48h0m0s"

2025-11-20T19:55:10.4550444Z         },

2025-11-20T19:55:10.4550816Z         {

2025-11-20T19:55:10.4551186Z           "all": false,

2025-11-20T19:55:10.4551680Z           "keepDuration": "1440h0m0s"

2025-11-20T19:55:10.4552113Z         },

2025-11-20T19:55:10.4552538Z         {

2025-11-20T19:55:10.4553113Z           "all": false

2025-11-20T19:55:10.4553498Z         },

2025-11-20T19:55:10.4553949Z         {

2025-11-20T19:55:10.4554295Z           "all": true

2025-11-20T19:55:10.4554708Z         }

2025-11-20T19:55:10.4555011Z       ]

2025-11-20T19:55:10.4555459Z     }

2025-11-20T19:55:10.4555776Z   ],

2025-11-20T19:55:10.4556231Z   "name": "builder-82e612d8-53e0-4e92-9751-feab5039ef2f",

2025-11-20T19:55:10.4556920Z   "driver": "docker-container",

2025-11-20T19:55:10.4557451Z   "lastActivity": "2025-11-20T19:55:05.000Z"

2025-11-20T19:55:10.4557947Z }

2025-11-20T19:55:10.4558872Z ##[endgroup]

2025-11-20T19:55:10.6196757Z [command]/usr/bin/docker buildx build --file Dockerfile --iidfile /home/runner/work/_temp/docker-actions-toolkit-OXIeq8/build-iidfile-cf917680b4.txt --attest type=provenance,mode=max,builder-id=https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19549567609 --secret id=sample-license,src=/home/runner/work/_temp/docker-actions-toolkit-OXIeq8/tmp-2625-Cxfgo6gW7pi7 --metadata-file /home/runner/work/_temp/docker-actions-toolkit-OXIeq8/build-metadata-028058f8c4.json .

2025-11-20T19:55:10.9029515Z #0 building with "builder-82e612d8-53e0-4e92-9751-feab5039ef2f" instance using docker-container driver

2025-11-20T19:55:10.9030041Z

2025-11-20T19:55:10.9030220Z #1 [internal] load build definition from Dockerfile

2025-11-20T19:55:10.9030646Z #1 transferring dockerfile: 628B done

2025-11-20T19:55:10.9031359Z #1 DONE 0.0s

2025-11-20T19:55:10.9031594Z

2025-11-20T19:55:10.9031872Z #2 resolve image config for docker-image://docker.io/docker/dockerfile:1

2025-11-20T19:55:11.0847510Z #2 ...

2025-11-20T19:55:11.0847799Z

2025-11-20T19:55:11.0848349Z #3 [auth] docker/dockerfile:pull token for registry-1.docker.io

2025-11-20T19:55:11.0848843Z #3 DONE 0.0s

2025-11-20T19:55:11.2341727Z

2025-11-20T19:55:11.2342632Z #2 resolve image config for docker-image://docker.io/docker/dockerfile:1

2025-11-20T19:55:11.6541293Z #2 DONE 0.9s

2025-11-20T19:55:11.8160096Z

2025-11-20T19:55:11.8161244Z #4 docker-image://docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6

2025-11-20T19:55:11.8162655Z #4 resolve docker.io/docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6 done

2025-11-20T19:55:11.8193361Z #4 sha256:77246a01651da592b7bae79e0e20ed3b4f2e4c00a1b54b7c921c91ae3fa9ef07 0B / 13.57MB 0.2s

2025-11-20T19:55:11.9693541Z #4 sha256:77246a01651da592b7bae79e0e20ed3b4f2e4c00a1b54b7c921c91ae3fa9ef07 13.57MB / 13.57MB 0.3s

2025-11-20T19:55:12.0787273Z #4 sha256:77246a01651da592b7bae79e0e20ed3b4f2e4c00a1b54b7c921c91ae3fa9ef07 13.57MB / 13.57MB 0.3s done

2025-11-20T19:55:12.0788562Z #4 extracting sha256:77246a01651da592b7bae79e0e20ed3b4f2e4c00a1b54b7c921c91ae3fa9ef07 0.1s done

2025-11-20T19:55:12.0789331Z #4 DONE 0.4s

2025-11-20T19:55:12.1917767Z

2025-11-20T19:55:12.1918532Z #5 [auth] library/debian:pull token for registry-1.docker.io

2025-11-20T19:55:12.3423591Z #5 DONE 0.0s

2025-11-20T19:55:12.3423852Z

2025-11-20T19:55:12.3424106Z #6 [internal] load metadata for docker.io/library/debian:trixie-slim

2025-11-20T19:55:12.5693937Z #6 DONE 0.4s

2025-11-20T19:55:12.7709945Z

2025-11-20T19:55:12.7710822Z #7 [internal] load .dockerignore

2025-11-20T19:55:12.7711863Z #7 transferring context: 74B done

2025-11-20T19:55:12.7712219Z #7 DONE 0.0s

2025-11-20T19:55:12.7712416Z

2025-11-20T19:55:12.7712552Z #8 [internal] preparing inline document

2025-11-20T19:55:12.7713651Z #8 DONE 0.0s

2025-11-20T19:55:12.7713866Z

2025-11-20T19:55:12.7714353Z #9 [stage-0 1/3] FROM docker.io/library/debian:trixie-slim@sha256:18764e98673c3baf1a6f8d960b5b5a1ec69092049522abac4e24a7726425b016

2025-11-20T19:55:12.7717263Z #9 resolve docker.io/library/debian:trixie-slim@sha256:18764e98673c3baf1a6f8d960b5b5a1ec69092049522abac4e24a7726425b016 done

2025-11-20T19:55:12.7754979Z #9 sha256:0e4bc2bd6656e6e004e3c749af70e5650bac2258243eb0949dea51cb8b7863db 10.49MB / 29.78MB 0.2s

2025-11-20T19:55:12.9232553Z #9 sha256:0e4bc2bd6656e6e004e3c749af70e5650bac2258243eb0949dea51cb8b7863db 23.07MB / 29.78MB 0.3s

2025-11-20T19:55:13.0370847Z #9 sha256:0e4bc2bd6656e6e004e3c749af70e5650bac2258243eb0949dea51cb8b7863db 29.78MB / 29.78MB 0.4s done

2025-11-20T19:55:13.1892748Z #9 extracting sha256:0e4bc2bd6656e6e004e3c749af70e5650bac2258243eb0949dea51cb8b7863db

2025-11-20T19:55:13.5589940Z #9 extracting sha256:0e4bc2bd6656e6e004e3c749af70e5650bac2258243eb0949dea51cb8b7863db 0.5s done

2025-11-20T19:55:13.5590677Z #9 DONE 0.9s

2025-11-20T19:55:13.6817368Z

2025-11-20T19:55:13.6818105Z #10 [stage-0 2/3] COPY <<EOF license.sha256sum

2025-11-20T19:55:13.6818868Z #10 DONE 0.1s

2025-11-20T19:55:13.6819078Z

2025-11-20T19:55:13.6819771Z #11 [stage-0 3/3] RUN --mount=type=secret,id=sample-license,required=true,target=license.zip   sha256sum --check license.sha256sum

2025-11-20T19:55:13.6820759Z #11 0.050 sha256sum: WARNING: 1 computed checksum did NOT match

2025-11-20T19:55:13.6821536Z #11 0.050 license.zip: FAILED

2025-11-20T19:55:13.7162721Z #11 ERROR: process "/bin/sh -c sha256sum --check license.sha256sum" did not complete successfully: exit code: 1

2025-11-20T19:55:13.7164550Z ------

2025-11-20T19:55:13.7165325Z  > [stage-0 3/3] RUN --mount=type=secret,id=sample-license,required=true,target=license.zip   sha256sum --check license.sha256sum:

2025-11-20T19:55:13.7166049Z 0.050 sha256sum: WARNING: 1 computed checksum did NOT match

2025-11-20T19:55:13.7166532Z 0.050 license.zip: FAILED

2025-11-20T19:55:13.7166879Z ------

2025-11-20T19:55:13.7167513Z WARNING: No output specified with docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load

2025-11-20T19:55:13.7175355Z Dockerfile:14

2025-11-20T19:55:13.7175840Z --------------------

2025-11-20T19:55:13.7176464Z   13 |

2025-11-20T19:55:13.7177256Z   14 | >>> RUN --mount=type=secret,id=sample-license,required=true,target=license.zip 

2025-11-20T19:55:13.7178028Z   15 | >>>   sha256sum --check license.sha256sum

2025-11-20T19:55:13.7178622Z   16 |

2025-11-20T19:55:13.7178863Z --------------------

2025-11-20T19:55:13.7179823Z ERROR: failed to build: failed to solve: process "/bin/sh -c sha256sum --check license.sha256sum" did not complete successfully: exit code: 1

2025-11-20T19:55:13.7246924Z ##[error]buildx failed with: ERROR: failed to build: failed to solve: process "/bin/sh -c sha256sum --check license.sha256sum" did not complete successfully: exit code: 1

2025-11-20T19:55:13.7361674Z Post job cleanup.

2025-11-20T19:55:13.9520118Z ##[group]Removing temp folder /home/runner/work/_temp/docker-actions-toolkit-OXIeq8

2025-11-20T19:55:13.9533071Z ##[endgroup]

2025-11-20T19:55:13.9533561Z ##[group]Post cache

2025-11-20T19:55:13.9534601Z State not set

2025-11-20T19:55:13.9535193Z ##[endgroup]

2025-11-20T19:55:13.9731789Z Post job cleanup.

2025-11-20T19:55:14.2469498Z ##[group]Removing builder

2025-11-20T19:55:14.3459295Z [command]/usr/bin/docker buildx rm builder-82e612d8-53e0-4e92-9751-feab5039ef2f

2025-11-20T19:55:14.5567196Z builder-82e612d8-53e0-4e92-9751-feab5039ef2f removed

2025-11-20T19:55:14.5595194Z ##[endgroup]

2025-11-20T19:55:14.5596289Z ##[group]Cleaning up certificates

2025-11-20T19:55:14.5604278Z ##[endgroup]

2025-11-20T19:55:14.5604801Z ##[group]Post cache

2025-11-20T19:55:14.5606883Z State not set

2025-11-20T19:55:14.5607426Z ##[endgroup]

2025-11-20T19:55:14.5747507Z Post job cleanup.

2025-11-20T19:55:14.6695632Z [command]/usr/bin/git version

2025-11-20T19:55:14.6734424Z git version 2.51.2

2025-11-20T19:55:14.6776562Z Temporarily overriding HOME='/home/runner/work/_temp/9ed8089c-5538-4b9b-8a6b-991cc7c0f206' before making global git config changes

2025-11-20T19:55:14.6777720Z Adding repository directory to the temporary git global config as a safe directory

2025-11-20T19:55:14.6783276Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/mre-docker-actions-toolkit/mre-docker-actions-toolkit

2025-11-20T19:55:14.6820410Z [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand

2025-11-20T19:55:14.6851158Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"

2025-11-20T19:55:14.7046862Z [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader

2025-11-20T19:55:14.7068560Z http.https://github.com/.extraheader

2025-11-20T19:55:14.7080962Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader

2025-11-20T19:55:14.7110644Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"

2025-11-20T19:55:14.7297121Z [command]/usr/bin/git config --local --name-only --get-regexp ^includeIf.gitdir:

2025-11-20T19:55:14.7327467Z [command]/usr/bin/git submodule foreach --recursive git config --local --show-origin --name-only --get-regexp remote.origin.url

2025-11-20T19:55:14.7628216Z Cleaning up orphan processes

BuildKit logs

Additional info

In the private repo where this happened, I compared hexdumps of the modified license with the original and it seems like there's extra padding bytes being injected among other things, perhaps this is an encoding issue from the use of node's fs.copyFileSync in actions-toolkit? The linux unzip utility reports that the zip file is corrupted in a way that relates to binary offsets relating to the location of the central directory within the zip file.

[zevisert]

I just added a new commit to my minimum reproducible example repo to show that the zip file is already modified by the time it ends up in the temporary directory created by actions toolkit:

https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19550414902/job/55980161846

Now, you can see:

1. The file's digest is indeed 7728f8ac3099aa4045039f5c7d74d7ea54e5f68f43dc9312ab69201a88730c97 before the build
   • https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19550414902/job/55980161846#step:4:6
2. The docker build was invoked with the secret file moved to a temporary location --secret id=sample-license,src=/home/runner/work/_temp/docker-actions-toolkit-6xsztG/tmp-2597-f1fohbFGAtKf
   • https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19550414902/job/55980161846#step:5:169
3. During the build, the file's digest is NOT 7728f8ac3099aa4045039f5c7d74d7ea54e5f68f43dc9312ab69201a88730c97 anymore:
   • https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19550414902/job/55980161846#step:5:223
4. After the build, the file in the temporary build has a different digest: f45cd8f4c5db770d34a077637eda7fa7d68906ee9209d6e578de3fc9e693dbd0
   • https://github.com/zevisert/mre-docker-actions-toolkit/actions/runs/19550414902/job/55980161846#step:6:5

[crazy-max]

Thanks for your report, I will take a look asap