fluent / fluent-bit

Fast and Lightweight Logs and Metrics processor for Linux, BSD, OSX and Windows
https://fluentbit.io
Apache License 2.0
5.89k stars 1.59k forks source link

CI: container signing failed for 3.0.0 #8618

Open patrick-stephens opened 8 months ago

patrick-stephens commented 8 months ago

Bug Report

Describe the bug

See https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795, looks like cosign updates are required to resolve. Signing with the key worked fine, this is the public transparency log signing failure.

Run cosign sign --yes --recursive \
  cosign sign --yes --recursive \
    -a "repo=***" \
    -a "workflow=Release from staging" \
    -a "release=3.0.0" \
    "$GHCR_RELEASE_IMAGE_NAME:3.0.0" \
    "$GHCR_RELEASE_IMAGE_NAME:3.0.0-debug" \
    "$DH_RELEASE_IMAGE_NAME:3.0.0" \
    "$DH_RELEASE_IMAGE_NAME:3.0.0-debug"
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    STAGING_IMAGE_NAME: ghcr.io/***/staging
    DH_RELEASE_IMAGE_NAME: docker.io/***
    GHCR_RELEASE_IMAGE_NAME: ghcr.io/***
    COSIGN_EXPERIMENTAL: true
Generating ephemeral keys...
Retrieving signed certificate...

        Note that there may be personally identifiable information associated with this signed artifact.
        This may include the email address associated with the account with which you authenticate.
        This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.
Error: signing [ghcr.io/***:3.0.0 ghcr.io/***:3.0.0-debug docker.io/***:3.0.0 docker.io/***:3.0.0-debug]: getting signer: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
    "mirror": "https://sigstore-tuf-root.storage.googleapis.com",
    "metadata": {
        "root.json": {
            "version": 9,
            "len": 6766,
            "expiration": "1[2](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:2) Sep 24 06:5[3](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:3) UTC",
            "error": ""
        },
        "snapshot.json": {
            "version": 132,
            "len": 2302,
            "expiration": "09 Apr 2[4](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:4) 16:16 UTC",
            "error": ""
        },
        "targets.json": {
            "version": 9,
            "len": [5](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:5)478,
            "expiration": "12 Sep 24 0[6](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:6):13 UTC",
            "error": ""
        },
        "timestamp.json": {
            "version": 169,
            "len": [7](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:7)23,
            "expiration": "26 Mar 24 16:16 UTC",
            "error": ""
        }
    }
}
main.go:62: error during command execution: signing [ghcr.io/***:3.0.0 ghcr.io/***:3.0.0-debug docker.io/***:3.0.0 docker.io/***:3.0.0-debug]: getting signer: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
    "mirror": "https://sigstore-tuf-root.storage.googleapis.com",
    "metadata": {
        "root.json": {
            "version": 9,
            "len": 6766,
            "expiration": "12 Sep 24 06:53 UTC",
            "error": ""
        },
        "snapshot.json": {
            "version": 132,
            "len": 2302,
            "expiration": "09 Apr 24 16:16 UTC",
            "error": ""
        },
        "targets.json": {
            "version": 9,
            "len": 547[8](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:8),
            "expiration": "12 Sep 24 06:13 UTC",
            "error": ""
        },
        "timestamp.json": {
            "version": 16[9](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:9),
            "len": 723,
            "expiration": "26 Mar 24 [16](https://github.com/fluent/fluent-bit/actions/runs/8380464955/job/22949896795#step:6:17):16 UTC",
            "error": ""
        }
    }
}
github-actions[bot] commented 5 months ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

github-actions[bot] commented 4 months ago

This issue was closed because it has been stalled for 5 days with no activity.