search

hashgraph / hedera-sourcify

Tools for verifying Hedera smart contracts using standard open source libraries.
Apache License 2.0
6 stars 7 forks source link

Update CI job release download URL #128

Closed acuarica closed 5 months ago

acuarica commented 5 months ago

This CI job https://github.com/hashgraph/hedera-sourcify/actions/runs/7453471502/job/20874730534 is failing because the download URL https://storage.googleapis.com/cosign-releases/v2.0.0/cosign-linux-amd64 is not valid anymore.

This is because Sigstore (cosign) have migrated their releases to GitHub releases https://blog.sigstore.dev/cosign-releases-bucket-deprecation/.

Edit

~Fix the correspoding CI job using the new URL~

Instead, you can download Cosign releases from Cosign’s GitHub repository. Please use

https://github.com/sigstore/cosign/releases/download/{version}/{artifact}

(For example: https://github.com/sigstore/cosign/releases/download/v2.1.1/cosign-linux-amd64).

We are using it through helm/chart-testing-action@v2.4.0, so instead of just updating the URL, new need to update the action. Here's the relevant issue https://github.com/helm/chart-testing-action/issues/132#issuecomment-1787114588

@rustyShacklefurd @svienot should I go ahead and open a PR for this? or is there something else to take into account?

svienot commented 5 months ago

It looks like the issue is fixed in helm/chart-testing-action, so I guess we should just try to use the latest one (2.6.1).