search

actions / starter-workflows

Accelerating new GitHub Actions workflows
https://github.com/features/actions
Other
8.59k stars 5.08k forks source link

docker-publish.yml requires version updates #2357

Open zstewar1 opened 3 months ago

zstewar1 commented 3 months ago

The version of cosign in the docker-publish.yml workflow no longer works.

It causes a similar error to the one noted in https://github.com/sigstore/cosign/issues/3614. For example, for one of my workflows, I get 

main.go:74: error during command execution: signing [ghcr.io/zstewar1/zstewart.com:master@sha256:3c6911026f3c9ace2dbd52f78b0a51f917edb367c5e90eba74f515c2079c78a9]: getting signer: getting key from Fulcio: getting CTFE public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key

The version of cosign must be bumped to at least v2.2.0.

Additionally, docker-publish.yml still uses actions/checkout@v3 which produces warnings about the use of Node 16. This should be updated to use actions/checkout@v4.

toffee-makes-things commented 3 months ago

This, i ran a build and ran into this exact issue https://github.com/ren-makes-things/ProjectLighthouse/actions/runs/8474550225/job/23221133503

kj800x commented 2 months ago

I can confirm that https://github.com/actions/starter-workflows/pull/2358 fixes this issue