Closed acuarica closed 5 months ago
This CI job https://github.com/hashgraph/hedera-sourcify/actions/runs/7453471502/job/20874730534 is failing because the download URL https://storage.googleapis.com/cosign-releases/v2.0.0/cosign-linux-amd64 is not valid anymore.
This is because Sigstore (cosign) have migrated their releases to GitHub releases https://blog.sigstore.dev/cosign-releases-bucket-deprecation/.
Edit
~Fix the correspoding CI job using the new URL~
Instead, you can download Cosign releases from Cosign’s GitHub repository. Please use https://github.com/sigstore/cosign/releases/download/{version}/{artifact} (For example: https://github.com/sigstore/cosign/releases/download/v2.1.1/cosign-linux-amd64).
Instead, you can download Cosign releases from Cosign’s GitHub repository. Please use
https://github.com/sigstore/cosign/releases/download/{version}/{artifact}
(For example: https://github.com/sigstore/cosign/releases/download/v2.1.1/cosign-linux-amd64).
We are using it through helm/chart-testing-action@v2.4.0, so instead of just updating the URL, new need to update the action. Here's the relevant issue https://github.com/helm/chart-testing-action/issues/132#issuecomment-1787114588
helm/chart-testing-action@v2.4.0
@rustyShacklefurd @svienot should I go ahead and open a PR for this? or is there something else to take into account?
It looks like the issue is fixed in helm/chart-testing-action, so I guess we should just try to use the latest one (2.6.1).
This CI job https://github.com/hashgraph/hedera-sourcify/actions/runs/7453471502/job/20874730534 is failing because the download URL https://storage.googleapis.com/cosign-releases/v2.0.0/cosign-linux-amd64 is not valid anymore.
This is because Sigstore (cosign) have migrated their releases to GitHub releases https://blog.sigstore.dev/cosign-releases-bucket-deprecation/.
Edit
~Fix the correspoding CI job using the new URL~
We are using it through
helm/chart-testing-action@v2.4.0
, so instead of just updating the URL, new need to update the action. Here's the relevant issue https://github.com/helm/chart-testing-action/issues/132#issuecomment-1787114588@rustyShacklefurd @svienot should I go ahead and open a PR for this? or is there something else to take into account?