smartcontractkit · erikburt · May 28, 2026 · May 28, 2026 · May 28, 2026 · May 28, 2026
@@ -0,0 +1,5 @@
+---
+"reusable-docker-build-publish": minor
+---
+
+revert: previous change, removing manifest-debug input
@@ -0,0 +1,5 @@
+---
+"build-push-docker-manifest": minor
+---
+
+feat: poll for manifest existence before attempting to get digest
@@ -0,0 +1,5 @@
+---
+"build-push-docker-manifest": patch
+---
+
+revert: previous change, ignore debug env vars for buildx logging
@@ -346,12 +346,6 @@
         required: false
         type: string
         default: "true"
-      manifest-debug:
-        description: |
-          Enable debug output for Docker manifest generation step. Set to 'true' to enable.
-        required: false
-        type: string
-        default: "false"
 
     outputs:
       docker-image-sha-digest-amd64:
@@ -520,7 +514,7 @@
    environment:
      name: ${{ inputs.environment }}
      # http://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments#using-environments-without-deployments
      deployment: false
    runs-on: ${{ matrix.runner }}
    timeout-minutes: ${{ inputs.timeout }}
    strategy:
@@ -686,7 +680,7 @@
    environment:
      name: ${{ inputs.environment }}
      # http://docs.github.com/en/actions/how-tos/deploy/configure-and-manage-deployments/control-deployments#using-environments-without-deployments
      deployment: false
    runs-on: ubuntu-24.04
    timeout-minutes: 5
    outputs:
@@ -787,8 +781,6 @@
       - name: Docker manifest index
         uses: smartcontractkit/.github/actions/build-push-docker-manifest@build-push-docker-manifest/v1
         id: docker-manifest
-        env:
-          CL_MANIFEST_DEBUG: ${{ inputs.manifest-debug }}
         with:
           # Avoid using `github.workflow_ref` here because the `cosign sign`
           # command will use the reusable workflow path for its identity and

@@ -135,21 +135,20 @@ inputs:
 outputs:
   manifest-digest:
     description: "Docker @sha256:<sha> digest."
-    value: ${{ steps.create-push-docker-manifest.outputs.manifest-digest }}
+    value: ${{ steps.inspect-docker-manifest.outputs.manifest-digest }}
   manifest-tag:
     description: "Docker manifest tag."
     value: ${{ inputs.docker-manifest-tag }}
   manifest-name:
     description: "Docker manifest name."
-    value: ${{ steps.create-push-docker-manifest.outputs.manifest-name }}
+    value: ${{ steps.inspect-docker-manifest.outputs.manifest-name }}
   manifest-name-with-digest:
     description: "Docker manifest name with digest."
     value:
-      ${{ steps.create-push-docker-manifest.outputs.manifest-name-with-digest }}
+      ${{ steps.inspect-docker-manifest.outputs.manifest-name-with-digest }}
   manifest-name-with-tag:
     description: "Docker manifest name with tag."
-    value:
-      ${{ steps.create-push-docker-manifest.outputs.manifest-name-with-tag }}
+    value: ${{ steps.inspect-docker-manifest.outputs.manifest-name-with-tag }}
 
 runs:
   using: composite
@@ -341,14 +340,8 @@ runs:
         echo "Creating Docker manifest with tag: ${DOCKER_MANIFEST_TAG}"
 
         # Build the complete command with all flags
-        CMD_ARGS=()
-
-        if [[ "${RUNNER_DEBUG}" == "1" || "${CL_MANIFEST_DEBUG}" == "1" || "${CL_MANIFEST_DEBUG,,}" == "true" ]]; then
-          echo "Debug logging enabled for docker buildx imagetools create"
-          CMD_ARGS+=("--debug")
-        fi
+        CMD_ARGS=("--tag" "${DOCKER_MANIFEST_NAME_WITH_TAG}")
 
-        CMD_ARGS+=("--tag" "${DOCKER_MANIFEST_NAME_WITH_TAG}")
         # Add additional tag flags if present
         if [[ -n "${TAG_FLAGS}" ]]; then
           echo "Adding additional tags to manifest..."
@@ -370,8 +363,41 @@ runs:
         # Execute the command
         docker buildx imagetools create "${CMD_ARGS[@]}"
 
-        # Get manifest digest (format: sha256:hash)
-        MANIFEST_DIGEST=$(docker buildx imagetools inspect "${DOCKER_MANIFEST_NAME_WITH_TAG}" | grep -m1 'Digest:' | awk '{print $2}')
+    - name: Inspect Docker manifest digest
+      id: inspect-docker-manifest
+      shell: bash
+      env:
+        DOCKER_MANIFEST_NAME: ${{ steps.manifest-name.outputs.name }}
+        DOCKER_MANIFEST_TAG: ${{ inputs.docker-manifest-tag }}
+      run: |
+        DOCKER_MANIFEST_NAME_WITH_TAG="${DOCKER_MANIFEST_NAME}:${DOCKER_MANIFEST_TAG}"
+
+        MAX_RETRIES=5
+        RETRY_DELAY=10
+        MANIFEST_DIGEST=""
+
+        for i in $(seq 1 $MAX_RETRIES); do
+          echo "Attempt ${i}/${MAX_RETRIES}: Inspecting manifest (${DOCKER_MANIFEST_NAME_WITH_TAG}) to retrieve digest..."
+
+          if INSPECT_OUTPUT=$(docker buildx imagetools inspect "${DOCKER_MANIFEST_NAME_WITH_TAG}" 2>/dev/null); then
+            MANIFEST_DIGEST=$(echo "${INSPECT_OUTPUT}" | grep -m1 'Digest:' | awk '{print $2}')
+            if [[ "${MANIFEST_DIGEST}" =~ ^sha256:[a-f0-9]{64}$ ]]; then
+              echo "Successfully retrieved manifest digest on attempt ${i}: ${MANIFEST_DIGEST}"
+              break
+            fi
+          fi
+
+          echo "Attempt ${i}/${MAX_RETRIES}: Manifest not yet available (got: '${MANIFEST_DIGEST}'), retrying in ${RETRY_DELAY}s..."
+
+          sleep $RETRY_DELAY
+          MANIFEST_DIGEST=""
+        done
+
+        if [[ -z "${MANIFEST_DIGEST}" ]]; then
+          echo "::error::Failed to retrieve manifest digest for ${DOCKER_MANIFEST_NAME_WITH_TAG} after ${MAX_RETRIES} attempts"
+          exit 1
+        fi
+
         echo "manifest-digest=${MANIFEST_DIGEST}" | tee -a "${GITHUB_OUTPUT}"
         echo "manifest-name=${DOCKER_MANIFEST_NAME}" | tee -a "${GITHUB_OUTPUT}"
         echo "manifest-name-with-digest=${DOCKER_MANIFEST_NAME}@${MANIFEST_DIGEST}" | tee -a "${GITHUB_OUTPUT}"
@@ -389,8 +415,7 @@ runs:
       shell: sh
       env:
         MANIFEST_NAME_WITH_DIGEST:
-          ${{
-          steps.create-push-docker-manifest.outputs.manifest-name-with-digest }}
+          ${{ steps.inspect-docker-manifest.outputs.manifest-name-with-digest }}
       run: cosign sign "${MANIFEST_NAME_WITH_DIGEST}" --yes
 
     - name: Verify Docker image signature
@@ -401,7 +426,7 @@ runs:
       env:
         MANIFEST_NAME_WITH_DIGEST: >-
           ${{
-            steps.create-push-docker-manifest.outputs.manifest-name-with-digest
+            steps.inspect-docker-manifest.outputs.manifest-name-with-digest
           }}
         GITHUB_WORKFLOW_REPOSITORY: ${{ inputs.github-workflow-repository }}
         OIDC_ISSUER: ${{ inputs.cosign-oidc-issuer }}
@@ -418,19 +443,17 @@ runs:
         DOCKER_MANIFEST_SIGNED: ${{ inputs.docker-manifest-sign }}
         GITHUB_WORKFLOW_REPOSITORY: ${{ inputs.github-workflow-repository }}
         MANIFEST_ADDITIONAL_TAGS:
-          ${{ steps.create-push-docker-manifest.outputs.manifest-additional-tags
-          }}
+          ${{ steps.inspect-docker-manifest.outputs.manifest-additional-tags }}
         MANIFEST_DIGEST:
-          ${{ steps.create-push-docker-manifest.outputs.manifest-digest }}
-        MANIFEST_NAME:
-          ${{ steps.create-push-docker-manifest.outputs.manifest-name}}
+          ${{ steps.inspect-docker-manifest.outputs.manifest-digest }}
+        MANIFEST_NAME: ${{ steps.inspect-docker-manifest.outputs.manifest-name}}
         MANIFEST_NAME_WITH_DIGEST: >-
           ${{
-            steps.create-push-docker-manifest.outputs.manifest-name-with-digest
+            steps.inspect-docker-manifest.outputs.manifest-name-with-digest
           }}
         MANIFEST_NAME_WITH_TAG: >-
           ${{
-            steps.create-push-docker-manifest.outputs.manifest-name-with-tag
+            steps.inspect-docker-manifest.outputs.manifest-name-with-tag
           }}
         MANIFEST_TAG: ${{ inputs.docker-manifest-tag }}
         OIDC_ISSUER: ${{ inputs.cosign-oidc-issuer }}

@@ -342,12 +342,6 @@ on:
         required: false
         type: string
         default: "true"
-      manifest-debug:
-        description: |
-          Enable debug output for Docker manifest generation step. Set to 'true' to enable.
-        required: false
-        type: string
-        default: "false"
 
     outputs:
       docker-image-sha-digest-amd64:
@@ -783,8 +777,6 @@ jobs:
       - name: Docker manifest index
         uses: smartcontractkit/.github/actions/build-push-docker-manifest@build-push-docker-manifest/v1
         id: docker-manifest
-        env:
-          CL_MANIFEST_DEBUG: ${{ inputs.manifest-debug }}
         with:
           # Avoid using `github.workflow_ref` here because the `cosign sign`
           # command will use the reusable workflow path for its identity and