update actions-toolkit to 0.83.0

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

Author: crazy-max

.github/workflows/bake.yml

@@ -153,7 +153,7 @@ env:
   BUILDKIT_IMAGE: "moby/buildkit:v0.28.0"
   SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0"
   BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65"
-  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0"
+  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.83.0"
   HANDLEBARS_MODULE: "handlebars@4.7.8"
   COSIGN_VERSION: "v3.0.2"
   LOCAL_EXPORT_DIR: "/tmp/buildx-output"
@@ -820,22 +820,11 @@ jobs:
             const inpImageNames = core.getMultilineInput('image-names');
             const inpImageDigest = core.getInput('image-digest');
             
-            // ECR registry regexes: https://github.com/docker/login-action/blob/28fdb31ff34708d19615a74d67103ddc2ea9725c/src/aws.ts#L8-L9
-            const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/;
-            const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/;
-            for (const imageName of inpImageNames) {
-              if (ecrRegistryRegex.test(imageName) || ecrPublicRegistryRegex.test(imageName)) {
-                core.info(`Detected ECR image name: ${imageName}, adding delay to mitigate eventual consistency issue`);
-                // FIXME: remove once https://github.com/docker/github-builder/issues/30 is resolved
-                await new Promise(resolve => setTimeout(resolve, 5000));
-                break;
-              }
-            }
-            
             const sigstore = new Sigstore();
             const signResults = await sigstore.signAttestationManifests({
               imageNames: inpImageNames,
-              imageDigest: inpImageDigest
+              imageDigest: inpImageDigest,
+              retryOnManifestUnknown: true
             });
             
             const verifyResults = await sigstore.verifySignedManifests(signResults, {

.github/workflows/build.yml

@@ -156,7 +156,7 @@ env:
   BUILDKIT_IMAGE: "moby/buildkit:v0.28.0"
   SBOM_IMAGE: "docker/buildkit-syft-scanner:1.10.0"
   BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.2.1-65"
-  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.81.0"
+  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.83.0"
   HANDLEBARS_MODULE: "handlebars@4.7.8"
   COSIGN_VERSION: "v3.0.2"
   LOCAL_EXPORT_DIR: "/tmp/buildx-output"
@@ -684,22 +684,11 @@ jobs:
             const inpImageNames = core.getMultilineInput('image-names');
             const inpImageDigest = core.getInput('image-digest');
             
-            // ECR registry regexes: https://github.com/docker/login-action/blob/28fdb31ff34708d19615a74d67103ddc2ea9725c/src/aws.ts#L8-L9
-            const ecrRegistryRegex = /^(([0-9]{12})\.(dkr\.ecr|dkr-ecr)\.(.+)\.(on\.aws|amazonaws\.com(.cn)?))(\/([^:]+)(:.+)?)?$/;
-            const ecrPublicRegistryRegex = /public\.ecr\.aws|ecr-public\.aws\.com/;
-            for (const imageName of inpImageNames) {
-              if (ecrRegistryRegex.test(imageName) || ecrPublicRegistryRegex.test(imageName)) {
-                core.info(`Detected ECR image name: ${imageName}, adding delay to mitigate eventual consistency issue`);
-                // FIXME: remove once https://github.com/docker/github-builder/issues/30 is resolved
-                await new Promise(resolve => setTimeout(resolve, 5000));
-                break;
-              }
-            }
-            
             const sigstore = new Sigstore();
             const signResults = await sigstore.signAttestationManifests({
               imageNames: inpImageNames,
-              imageDigest: inpImageDigest
+              imageDigest: inpImageDigest,
+              retryOnManifestUnknown: true
             });
             
             const verifyResults = await sigstore.verifySignedManifests(signResults, {