Failed to verify certificate issues when pulling LWA image during container builds #606
Description
Issue Description
When trying to build a container image with Lambda Web Adapter (LWA) (in a Github Action), we're encountering x509: certificate signed by unknown authority issue while pulling the base image from public ECR.
Current Behavior
When building a container with the following Dockerfile instruction:
COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.9.1 /lambda-adapter /opt/extensions/lambda-adapter
We get the following error:
Error: Dockerfile:35
--------------------
33 |
34 | FROM public.ecr.aws/docker/library/node:20.9.0-slim AS web-ui
35 | >>> COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.9.1 /lambda-adapter /opt/extensions/lambda-adapter
36 | ENV PORT=3000
37 | ENV NODE_ENV=production
--------------------
ERROR: failed to solve: public.ecr.aws/awsguru/aws-lambda-adapter:0.9.1: failed to resolve source metadata for public.ecr.aws/awsguru/aws-lambda-adapter:0.9.1: failed to copy: httpReadSeeker: failed open: failed to do request: Get "https://d2glxqk2uabbnd.cloudfront.net/v2/c...[shortened for this pos]": tls: failed to verify certificate: x509: certificate signed by unknown authority
Questions
We've tried adding the ecr.aws cert to the image and the git action environment, but that didn't work? We've tried many of the online resolutions. Are there any recommendations for solving this issue?
Environment
- Building through GitHub Actions
- Using Docker Buildx
- Target platform: AWS Lambda
Impact
This issue affects CI/CD pipelines where containers need to be built; this issue causes build failures and deployment interruptions.