When creating a signed container image with Tanzu Build Service, the following error was reported.

Loading registry credentials from service account secrets
Loading secret for "ghcr.io.example.com" from secret "ghcr-credentials" at location "/var/build-secrets/ghcr-credentials"
Loading cluster credential helpers
Error verifying write access to "ghcr.io.example.com/example-org/application/example-app": Post "https://ghcr.io.example.com/v2/example-org/application/example-app/blobs/uploads/": GET https://ghcr.io.example.com/token?scope=repository%3Aexample-org%2Fapplication%2Fexample-app%3Apull&scope=repository%3Aexample-org%2Fapplication%2Fexample-app%3Apush%2Cpull&service=ghcr.io.example.com: UNAUTHORIZED: authentication required

To enable Cosign signing, we need to create or edit the service account resource that is referenced in the image resource so that it includes the Cosign keypair secret created earlier. To provide credentials for the container registry, it is required to add the secret in both secrets and imagePullSecrets.

In this scenario, the registry secret is missing which causes this error.