tomkennedy513
commented
1 year ago I think a new state called "Signing Failed" or similar might be a good representation of the state
Open samj1912 opened 1 year ago
tomkennedy513
commented
1 year ago I think a new state called "Signing Failed" or similar might be a good representation of the state
matthewmcnew
commented
1 year ago I think indicating a signing failure independently in the conditions makes sense.
But, the severity of a failed signature seems like it would vary from user to user. I am not sure it makes sense to mark the build as a success for all users if signing failed. Do you see failed signing steps regularly?
samj1912
commented
1 year ago Mostly happens if people push to a registry that doesn't accept non docker oci artifacts.
samj1912
commented
1 year ago I think indicating a signing failure independently in the conditions makes sense.
Happy with this.
tomkennedy513
commented
1 year ago Thinking more about this, completion can also fail if it cannot read the report.toml or it is unable to fetch the build metadata. We should probably create an exit code for a specific signing failure to be able to tell the difference
Currently, if the completion step fails, kpack marks the build as failed. The completion step is mostly optional (signing) and does not affect image publishing. We should instead introduce a new state to indicate this instead of marking the build as a failure