With cache enabled during build, codenotary fails to validate base image

[lmagyar]

I'm trying to sign a new version of my add-on (previous versions weren't signed), but build fails to verify the base image.

Action, without --no-cache:

    - name: Test build
      uses: home-assistant/[email protected]
      with:
        args: |
          --test \
          --${{ matrix.arch }} \
          --target samba

Fails:

CAS saved locally the trusted public key
CAS automatically trusted the signature found on current connection
Warning: dbb1a3343503e0fe8fd059580dcb871a110aaa134e6893b6d238e6616217c8ff was not notarized
Warning: dbb1a3343503e0fe8fd059580dcb871a110aaa134e6893b6d238e6616217c8ff was not notarized
Warning: dbb1a3343503e0fe8fd059580dcb871a110aaa134e6893b6d238e6616217c8ff was not notarized
...

Adding --no-cache succeeds:

CAS saved locally the trusted public key
CAS automatically trusted the signature found on current connection
UID:		1655138081188031764
Kind:		docker
Name:		docker://homeassistant/armv7-base:3.15
Hash:		35dd67a5fe6b405b37ebc6b9fd30a68c7d6c724a24f69b9f6e5af8a857ace05b
Size:		87 MB
Timestamp:	2022-06-13 16:34:41.188031764 +0000 UTC
Metadata:	CI="true"
		GITHUB_RUN_ID="2489695079"
		GITHUB_SERVER_URL="https://github.com"
		GITHUB_WORKSPACE="/home/runner/work/docker-base/docker-base"
		GITHUB_RUN_NUMBER="114"
		GITHUB_SHA="b369f87158051f3bb085f0bb7896b96ec02390f5"
		docker={
		    "Architecture": "arm",
		    "Author": "",
		    "Comment": "",
		    "Created": "2022-06-13T16:34:38.[173](https://github.com/lmagyar/homeassistant-addon-samba-interface/runs/6873437119?check_suite_focus=true#step:3:182)594705Z",
		    "DockerVersion": "20.10.16+azure-2",
		    "Id": "sha256:35dd67a5fe6b405b37ebc6b9fd30a68c7d6c724a24f69b9f6e5af8a857ace05b",
		    "Metadata": {
		        "LastTagTime": "[202](https://github.com/lmagyar/homeassistant-addon-samba-interface/runs/6873437119?check_suite_focus=true#step:3:211)2-06-13T16:34:39.04953948Z"
		    },
		    "Os": "linux",
		    "RepoDigests": [],
		    "RepoTags": [
		        "homeassistant/armv7-base:3.15",
		        "ghcr.io/home-assistant/armv7-base:3.15"
		    ],
		    "Size": 86703970,
		    "VirtualSize": 86703970
		}
		GITHUB_ACTION="__home-assistant_builder"
		GITHUB_ACTIONS="true"
		GITHUB_GRAPHQL_URL="https://api.github.com/graphql"
		architecture="arm"
		platform="linux"
		version="3.15"
		CAS_CI_ENV="github"
		GITHUB_ACTOR="pvizeli"
		GITHUB_API_URL="https://api.github.com/"
		GITHUB_EVENT_NAME="release"
		GITHUB_JOB="build_alpine"
		GITHUB_REF="refs/tags/2022.06.0"
		GITHUB_REPOSITORY="home-assistant/docker-base"
		GITHUB_WORKFLOW="Build base images"
SignerID:	bm90YXJ5QGhvbWUtYXNzaXN0YW50Lmlv
Apikey revoked:	no
Status:		TRUSTED
[03:43:48] INFO: Image ghcr.io/home-assistant/armv7-base:3.15 is trusted

[lmagyar]

Tested again with the latest v2022.06.1 builder, still fails.

[lmagyar]

Workaround:

• disable cache with adding --no-cache
• build and publish (!) the image successfully
• enable cache with deleting --no-cache

My assumption is that after a successful publication a new latest version exists and this forces github to refresh the cache.

So if this is a github cache issue, this issue can be closed.