From 1c1c8706ff0d73c5c7c356af8d0d6f52f65467dd Mon Sep 17 00:00:00 2001
From: Aldo Lacuku <aldo@lacuku.eu>
Date: Tue, 1 Aug 2023 14:30:45 +0200
Subject: [PATCH] fix(cmd/push): correctly push artifacts to ECR registry

It seems that ECR does not support annotations on the descriptor of the
OCI image configuration. This fix consists in clearing the annotations
map of the config descriptor when created. By default the filestore.Add
method adds the "org.opencontainers.image.title" annotation.

Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
---
 pkg/oci/pusher/pusher.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/oci/pusher/pusher.go b/pkg/oci/pusher/pusher.go
index a89682ac..35a359e9 100644
--- a/pkg/oci/pusher/pusher.go
+++ b/pkg/oci/pusher/pusher.go
@@ -237,7 +237,17 @@ func (p *Pusher) storeConfigLayer(ctx context.Context, fileStore *file.Store,
 		artifactConfig = &oci.ArtifactConfig{}
 	}
 
-	return p.toFileStore(ctx, fileStore, layerMediaType, ConfigLayerName, artifactConfig)
+	cfgDesc, err := p.toFileStore(ctx, fileStore, layerMediaType, ConfigLayerName, artifactConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	// Remove annotations added to descriptor by the filestore.Add operation.
+	// AWS ECR errors when annotations are set in the config descriptor.
+	// See: https://github.com/falcosecurity/falcoctl/issues/302
+	cfgDesc.Annotations = nil
+
+	return cfgDesc, nil
 }
 
 func (p *Pusher) storeArtifactsIndex(ctx context.Context, fileStore *file.Store,