We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I just tried out the 1.40 release, but unfortunately I still see the FAILED: SLSA verification failed: could not find a matching valid signature entry
FAILED: SLSA verification failed: could not find a matching valid signature entry
For recreation / debug, it's a public repo:
https://github.com/lukehinds/slsa-test/actions/runs/3601462237/jobs/6067342275#step:2:543
I used the generic github configurator (note this is still provided 1.20)
It could well be that I am using a 1.40 release against the generic template of 1.20, so I have approached this as a greenfield / new user.
The text was updated successfully, but these errors were encountered:
Hi @lukehinds,
It looks like your GHA run is for a commit that is using the v1.2.0 version of the Go builder: https://github.com/lukehinds/slsa-test/blob/73867e91c9ed6bbdefcd2f394e80c9fa3ee839ed/.github/workflows/go-ossf-slsa3-publish.yml#L32
The release notes for v1.2.0 notes that it doesn't work due to issues with the verifier and pre-GA Rekor (See: #942).
If you re-run the workflow using v1.4.0, I think it should work.
That said, we do need to update the starter workflows with the latest versions so that users don't get caught by this issue.
Sorry, something went wrong.
I created #1302 to remind us to do this.
@lukehinds I'm going to go ahead and close this but feel free to re-open if you think something still needs to be addressed.
No branches or pull requests
I just tried out the 1.40 release, but unfortunately I still see the
FAILED: SLSA verification failed: could not find a matching valid signature entry
For recreation / debug, it's a public repo:
https://github.com/lukehinds/slsa-test/actions/runs/3601462237/jobs/6067342275#step:2:543
I used the generic github configurator (note this is still provided 1.20)
It could well be that I am using a 1.40 release against the generic template of 1.20, so I have approached this as a greenfield / new user.
The text was updated successfully, but these errors were encountered: