fluent-bit
fluent-bit copied to clipboard
fluent
CI: container signing failed for 3.0.0
Bug Report
Describe the bug
See https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795, looks like cosign updates are required to resolve. Signing with the key worked fine, this is the public transparency log signing failure.
Run cosign sign --yes --recursive \
cosign sign --yes --recursive \
-a "repo=***" \
-a "workflow=Release from staging" \
-a "release=3.0.0" \
"$GHCR_RELEASE_IMAGE_NAME:3.0.0" \
"$GHCR_RELEASE_IMAGE_NAME:3.0.0-debug" \
"$DH_RELEASE_IMAGE_NAME:3.0.0" \
"$DH_RELEASE_IMAGE_NAME:3.0.0-debug"
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
STAGING_IMAGE_NAME: ghcr.io/***/staging
DH_RELEASE_IMAGE_NAME: docker.io/***
GHCR_RELEASE_IMAGE_NAME: ghcr.io/***
COSIGN_EXPERIMENTAL: true
Generating ephemeral keys...
Retrieving signed certificate...
Note that there may be personally identifiable information associated with this signed artifact.
This may include the email address associated with the account with which you authenticate.
This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.
Error: signing [ghcr.io/***:3.0.0 ghcr.io/***:3.0.0-debug docker.io/***:3.0.0 docker.io/***:3.0.0-debug]: getting signer: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
"mirror": "https://sigstore-tuf-root.storage.googleapis.com",
"metadata": {
"root.json": {
"version": 9,
"len": 6766,
"expiration": "1[2](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:2) Sep 24 06:5[3](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:3) UTC",
"error": ""
},
"snapshot.json": {
"version": 132,
"len": 2302,
"expiration": "09 Apr 2[4](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:4) 16:16 UTC",
"error": ""
},
"targets.json": {
"version": 9,
"len": [5](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:5)478,
"expiration": "12 Sep 24 0[6](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:6):13 UTC",
"error": ""
},
"timestamp.json": {
"version": 169,
"len": [7](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:7)23,
"expiration": "26 Mar 24 16:16 UTC",
"error": ""
}
}
}
main.go:62: error during command execution: signing [ghcr.io/***:3.0.0 ghcr.io/***:3.0.0-debug docker.io/***:3.0.0 docker.io/***:3.0.0-debug]: getting signer: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
"mirror": "https://sigstore-tuf-root.storage.googleapis.com",
"metadata": {
"root.json": {
"version": 9,
"len": 6766,
"expiration": "12 Sep 24 06:53 UTC",
"error": ""
},
"snapshot.json": {
"version": 132,
"len": 2302,
"expiration": "09 Apr 24 16:16 UTC",
"error": ""
},
"targets.json": {
"version": 9,
"len": 547[8](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:8),
"expiration": "12 Sep 24 06:13 UTC",
"error": ""
},
"timestamp.json": {
"version": 16[9](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:9),
"len": 723,
"expiration": "26 Mar 24 [16](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:17):16 UTC",
"error": ""
}
}
}
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 5 days with no activity.