-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[e2e]: generic schedule main multi-subjects slsa3 #876
Comments
Getting a rekor error:
|
Repo: https://github.com/slsa-framework/example-package/tree/main |
Rekor is stuck at v0.10.0, which never included my race condition fix, FYI! They are working on it |
Rekor 0.11.0 has now been rolled out. |
Thanks @haydentherapper! Hopefully the next run of the test will be successful and this issue will close automatically. |
Repo: https://github.com/slsa-framework/example-package/tree/main |
@asraa Is this the client breaking change? |
What do you mean? I don't think it's related to cosign sign-blob fixes The current failure is a little hard to read... |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
I'm using Based on the above information, it is hard for me to tell if this is expected right now or if perhaps I have done something wrong in my implementation. Will keep an eye on this issue to see if/when there is a resolution. |
Hi! I don't think this is the same issue given that the error here is from multi subjects. There was a recent regression just today in Rekor regarding blob verification, see similar issue here (sigstore/cosign#2294). I'll check to see what is the cause and update you here. |
Correct! Your issue will be fixed when this is rolled into production: sigstore/rekor#1082 For reference: we aren't retrieving the Rekor log entry for the builder's attestation so the workflow is failing because it cannot verify the builder. This is because when we sharded, Rekor only retrieves log entries on the CURRENT shard, which is now rotated. You can use the |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
Repo: https://github.com/slsa-framework/example-package/tree/main |
I think this was caused by a buggy tag check in the tests. The if failed and continues down the wrong code branch.
It should be fixed by slsa-framework/example-package@87a5fb1 |
Repo: https://github.com/slsa-framework/example-package/tree/main Tests are passing now. Closing this issue. |
Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3087641521
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Tue Sep 20 05:36:34 UTC 2022
The text was updated successfully, but these errors were encountered: