404 when trying to upload artifact to container registry for attestations

[kratsg]

Hi,

I followed the documentation in this repository, but I end up with a failing job:

Run actions/attest-build-provenance@v3
Run actions/attest-build-provenance/predicate@864457a58d4733d7f1574bd8821fa24e02cf7538
Run actions/attest@daf44fb950173508f38bd2406030372c1d1162b1
Error: OCIError: Error uploading artifact to container registry
Error: Error fetching https://ghcr.io/v2/usatlas/actions-runner/manifests/sha256:1308113f945e420fd9a4fba2efe266315ffdb29fcdf0e214893d164cc15c86d0 - expected 200, received 404

I'm not quite sure why this is happening as I have all the permissions as instructed in the readme and the following portion of the workflow:

      - name: Build and push
        id: build-and-push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: images/Dockerfile
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            RUNNER_VERSION=${{ env.RUNNER_VERSION }}
            RUNNER_CONTAINER_HOOKS_VERSION=${{ env.RUNNER_CONTAINER_HOOKS_VERSION }}
          load: true
          push:
            ${{ github.event_name == 'push' && github.ref == 'refs/heads/main'
            && github.repository == 'usatlas/runner' }}

      - name: Generate attestation
        # every PR will trigger a push event on main, so check the push event is actually coming from main
        if:
          github.event_name == 'push' && github.ref == 'refs/heads/main' &&
          github.repository == 'usatlas/runner'
        uses: actions/attest-build-provenance@v3
        with:
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          subject-digest: ${{ steps.build-and-push.outputs.digest }}
          push-to-registry: true

Have I missed something?