Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RE-2044] Bump sigstore/cosign-installer from 2.1.0 to 3.1.2 #11192

Merged
merged 1 commit into from
Nov 6, 2023
Merged

[RE-2044] Bump sigstore/cosign-installer from 2.1.0 to 3.1.2 #11192

merged 1 commit into from
Nov 6, 2023

Conversation

erikburt
Copy link
Collaborator

@erikburt erikburt commented Nov 6, 2023
edited
Loading

Bumping this version of https://github.com/sigstore/cosign-installer/ to due failing workflows.

Example: https://github.com/smartcontractkit/chainlink/actions/runs/6774773891/job/18417268502#step:3:2643

INFO: Downloading bootstrap version 'v1.6.0' of cosign to verify version to be installed...
      https://storage.googleapis.com/cosign-releases/v1.6.0/cosign-linux-amd64
ERROR: Unable to validate cosign version: 'v1.6.0'
Error: Process completed with exit code 1.

Seems like more recent version of sigstore/cosign-installer download directly from https://github.com/sigstore/cosign through Github rather than Google's API.

https://github.com/sigstore/cosign-installer/releases/tag/v3.0.0

changes download URL for cosign binary to github.com instead of GCS

Potential follow-up

See if we can bump the version of cosign we are installing?

RE-2044

@erikburt erikburt self-assigned this Nov 6, 2023
@erikburt erikburt requested a review from snehaagni November 6, 2023 20:47
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 6, 2023

I see that you haven't updated any README files. Would it make sense to do so?

@cl-sonarqube-production
Copy link

SonarQube Quality Gate

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@snehaagni snehaagni added this pull request to the merge queue Nov 6, 2023
Merged via the queue into develop with commit 0ae0b69 Nov 6, 2023
@snehaagni snehaagni deleted the chore/re-2044-bump-cosign-installer branch November 6, 2023 21:32
This was referenced Nov 6, 2023
Merged
Merged
friedemannf pushed a commit that referenced this pull request Nov 7, 2023
@erikburt @friedemannf
chore: bump sigstore/cosign-installer from 2.1.0 to 3.1.2 (#11192)
24b216a
snehaagni added a commit that referenced this pull request Nov 7, 2023
@snehaagni
Merge pull request #11218 from smartcontractkit/cherry_pick-bdb1ba8
af9f416 
Cherry pick #11192
snehaagni pushed a commit that referenced this pull request Nov 17, 2023
@erikburt @snehaagni
chore: bump sigstore/cosign-installer from 2.1.0 to 3.1.2 (#11192)
6bfc02c
@snehaagni snehaagni mentioned this pull request Nov 17, 2023
Merged
snehaagni added a commit that referenced this pull request Nov 17, 2023
@snehaagni
Merge pull request #11328 from smartcontractkit/feature/re-2044-bump-…
df49f64 
…cosign

Cherry pick #11192 :  bump sigstore/cosign-installer from 2.1.0 to 3.1.2 (#11192)
@snehaagni snehaagni mentioned this pull request Jan 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snehaagni snehaagni snehaagni approved these changes

@chainchad chainchad chainchad approved these changes

@javuto javuto Awaiting requested review from javuto

@jkongie jkongie Awaiting requested review from jkongie

@jmank88 jmank88 Awaiting requested review from jmank88

@samsondav samsondav Awaiting requested review from samsondav

Assignees

@erikburt erikburt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@erikburt @snehaagni @chainchad