Unable to validate cosign version: 'v2.0.0' - Githubissues

helm / chart-testing-action

A GitHub Action to lint and test Helm charts

https://github.com/helm/chart-testing

Apache License 2.0

251 stars 71 forks source link

Unable to validate cosign version: 'v2.0.0' #132

Closed PierrickP closed 1 year ago

PierrickP commented 1 year ago

Hello, i got an error today (with a depency ?)

eyenx commented 1 year ago

Same issue for me

eyenx commented 1 year ago

It's due to chart-testing still using a cosing-installer action version that tries to grab the cosign release from googleapis.com and gives back an AccessDenied. Or am I wrong?

eyenx commented 1 year ago

I see in the action this

$SUDO curl -sL [https://storage.googleapis.com/cosign-releases/${bootstrap_version}/${bootstrap_filename}](https://storage.googleapis.com/cosign-releases/$%7Bbootstrap_version%7D/$%7Bbootstrap_filename%7D) -o ${cosign_executable_name}

Instead of this

eyenx commented 1 year ago

Version 2.4.0 of chart-testing still uses cosign-installer version 3.0.1

https://github.com/helm/chart-testing-action/blob/v2.4.0/action.yml#L23C13-L23C82

stevehipwell commented 1 year ago

This was working correctly an hour ago (09:40 GMT).

eyenx commented 1 year ago

This was working correctly an hour ago (09:40 GMT).

I guess googleapis.com closed the access for unauthorized users.

rene-bos commented 1 year ago

I can confirm that the actions works when using the latest commit on main. Looks like we just need a 2.5.0 release. Until then we can pin to cb49023b9227b1097e5eddd8824f48bdea11b1aa to fix the problem for now.

- name: Setup chart-testing
  uses: helm/chart-testing-action@cb49023b9227b1097e5eddd8824f48bdea11b1aa # Unreleased version

@cpanato are you the right person to ping for creating a new release?

cpanato commented 1 year ago

i will take a look and maybe we need to run a new release

bobcallaway commented 1 year ago

this is due to https://blog.sigstore.dev/cosign-releases-bucket-deprecation/

jessebot commented 1 year ago

I can confirm that the actions works when using the latest commit on main. Looks like we just need a 2.5.0 release. Until then we can pin to cb49023b9227b1097e5eddd8824f48bdea11b1aa to fix the problem for now.
- name: Setup chart-testing
  uses: helm/chart-testing-action@cb49023b9227b1097e5eddd8824f48bdea11b1aa # Unreleased version

That's weird because when I try to pin to that commit hash, I get the following:

Run changed=$(ct list-changed --target-branch main)
  changed=$(ct list-changed --target-branch main)
  if [[ -n "$changed" ]]; then
    echo "changed=true" >> "$GITHUB_OUTPUT"
  fi
  shell: /usr/bin/bash -e {0}
  env:
    CT_CONFIG_DIR: /opt/hostedtoolcache/ct/3.9.0/amd64/etc
    VIRTUAL_ENV: /opt/hostedtoolcache/ct/3.9.0/amd64/venv
Error: targetBranch 'main' does not exist
Error: Process completed with exit code 1.

tboerger commented 1 year ago

That's weird because when I try to pin to that commit hash, I get the following:

The same happens for me, looks like we got to wait for a new release of the action :(

marcelbirkner commented 1 year ago

Thank you for the fix. Using cb49023b9227b1097e5eddd8824f48bdea11b1aa has solved the problem for us. Still looking forward to the new release.

cpanato commented 1 year ago

release v2.5.0 should fix that: https://github.com/helm/chart-testing-action/releases/tag/v2.5.0

tboerger commented 1 year ago

With the 2.5.0 release my builds are still failing but with the same error mentioned by @jessebot. Executing ct list-changed --config ct.yaml --target-branch master results in the error targetBranch 'master' does not exist: https://github.com/promhippie/charts/actions/runs/6706484493/job/18223069631

Edit: Currently I am working around the issue by downgrading the action to v2.3.1, but that sucks.

pat-s commented 1 year ago

Can confirm the issues.

With 2.3.1 I get another error though

Run changed=$(ct list-changed --target-branch main)
Error: failed running process: exit status 128
Error: Process completed with exit code 1.

marcelbirkner commented 1 year ago

Builds are working for us on our "main" branch but failing with the same errors as for @pat-s and @tboerger for pull request branches.

Example for main branch

Example for pull request branch

jessebot commented 1 year ago

With the 2.5.0 release my builds are still failing but with the same error mentioned by @jessebot. Executing ct list-changed --config ct.yaml --target-branch master results in the error targetBranch 'master' does not exist: https://github.com/promhippie/charts/actions/runs/6706484493/job/18223069631

Edit: Currently I am working around the issue by downgrading the action to v2.3.1, but that sucks.

I opened #133 to help with triage by the maintainers, as this is technically a separate issue,