Docker-in-Docker gpg issue?

[j2udev]

I'm trying to publish multi-arch images for my devcontainers and I'm running into this error:

  [2024-12-29T22:06:55.629Z] url: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to packages.microsoft.com:443 
  #23 155.0 gpg: no valid OpenPGP data found.
  #23 155.0 ERROR: Feature "Docker (Docker-in-Docker)" (ghcr.io/devcontainers/features/docker-in-docker) failed to install! Look at the documentation at https://github.com/devcontainers/features/tree/main/src/docker-in-docker for help troubleshooting this error.
  #23 ERROR: process "/bin/sh -c cp -ar /tmp/build-features-src/docker-in-docker_0 /tmp/dev-container-features  && chmod -R 0755 /tmp/dev-container-features/docker-in-docker_0  && cd /tmp/dev-container-features/docker-in-docker_0  && chmod +x ./devcontainer-features-install.sh  && ./devcontainer-features-install.sh  && rm -rf /tmp/dev-container-features/docker-in-docker_0" did not complete successfully: exit code: 2

Below is my workflow:

name: "Publish Dev Containers"
on:
  workflow_dispatch:
  push:
    branches:
      - main
jobs:
  deploy:
    if: ${{ github.ref == 'refs/heads/main' }}
    runs-on: ubuntu-latest
    permissions:
      packages: write
    steps:
      - name: Checkout (GitHub)
        uses: actions/checkout@v3
      - name: Set up QEMU for multi-architecture builds
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ github.token }}
      - name: Build and Push
        uses: devcontainers/ci@v0.3
        env:
          BUILDX_NO_DEFAULT_ATTESTATIONS: true
        with:
          imageName: ghcr.io/${{ github.repository }}/base
          imageTag: 0.1.0,latest
          subFolder: base
          platform: linux/arm64,linux/amd64
          push: always

[chrmarti]

It fails to download the GPG key likely due to a missing SSL certificate: https://github.com/devcontainers/features/blob/c31723d2df7c7d2406e796b78d57e86d6738e693/src/docker-in-docker/install.sh#L234. The GPG error is a follow-up error but not the root cause.

What is the container image you are using? Maybe that has outdated SSL certificates?

[j2udev]

My apologies, I meant to update this issue. I believe I was seeing this when using the devcontainers/ci action to publish one of my pre-built images. When I swapped from ubuntu noble to jammy the build went through so it seems maybe the issues is noble. I'll change it back to noble and see if I can recreate the issue.

Edit: I was able to recreate the issue using mcr.microsoft.com/devcontainers/base:noble vs mcr.microsoft.com/devcontainers/base:jammy. Seems it's not necessarily an issue with the action... I can close or potentially test the buildpacks-curl image which the mircrosoft images seem to be based on.

[chrmarti]

That works for me. Could you check that you are on the latest version of the noble image? Are you behind a network proxy that intercepts SSL traffic?

[j2udev]

Seems that the noble image may be fine now 🤷. Will close, appreciate the response.