When trying to sign docker image in github action via cosign, the following error breaks the build:
main.go:74: error during command execution: signing [ghcr.io/hvl71/simple-python-app-codespaces-v3:main@sha256:0aa03745efdc0772902a06f1b340881c315b975c4f0d91075f684a782ffd510a]: getting signer: getting key from Fulcio: getting CTFE public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
I suspect it is caused by either an issue in latest cosign or the GHA does not use latest version, which might contain a fix.
For now the relevant GHA steps are commented out thus leaving built images unsigned.
When trying to sign docker image in github action via cosign, the following error breaks the build:
main.go:74: error during command execution: signing [ghcr.io/hvl71/simple-python-app-codespaces-v3:main@sha256:0aa03745efdc0772902a06f1b340881c315b975c4f0d91075f684a782ffd510a]: getting signer: getting key from Fulcio: getting CTFE public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
I suspect it is caused by either an issue in latest cosign or the GHA does not use latest version, which might contain a fix.
For now the relevant GHA steps are commented out thus leaving built images unsigned.
Try bumping to latest version of cosign. See more here: https://github.com/sigstore/cosign-installer