When trying to sign docker image in github action via cosign, the following error breaks the build:
main.go:74: error during command execution: signing [ghcr.io/hvl71/simple-python-app-codespaces-v3:main@sha256:0aa03745efdc0772902a06f1b340881c315b975c4f0d91075f684a782ffd510a]: getting signer: getting key from Fulcio: getting CTFE public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
I suspect it is caused by either an issue in latest cosign or the GHA does not use latest version, which might contain a fix.
For now the relevant GHA steps are commented out thus leaving built images unsigned.
hvl71
commented
4 months ago
When trying to sign docker image in github action via cosign, the following error breaks the build:
main.go:74: error during command execution: signing [ghcr.io/hvl71/simple-python-app-codespaces-v3:main@sha256:0aa03745efdc0772902a06f1b340881c315b975c4f0d91075f684a782ffd510a]: getting signer: getting key from Fulcio: getting CTFE public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
I suspect it is caused by either an issue in latest cosign or the GHA does not use latest version, which might contain a fix.
For now the relevant GHA steps are commented out thus leaving built images unsigned.
Try bumping to latest version of cosign. See more here: https://github.com/sigstore/cosign-installer