Images built during a dispatched release workflow are not signed by signify

[kwiatekus]

Description

Our release workflow is dispatched manually. It is composed of a sequence of jobs. One of the job is building images (using a release version as a tag). The images built is succesful BUT they are not signed, and blocked by warden.

Log from build:

2024-07-26T11:50:01.0157944Z sign images using services signify-prod
2024-07-26T11:50:01.0158643Z signer signify-prod ignored, because is not enabled for a CI job of type: workflow_dispatch
2024-07-26T11:50:01.0160461Z Start signing images europe-docker.pkg.dev/kyma-project/prod/dockerregistry-operator:12e130526a68de47044236abaabbbda88e823a78,europe-docker.pkg.dev/kyma-project/prod/dockerregistry-operator:0.1.0,europe-docker.pkg.dev/kyma-project/prod/dockerregistry-operator:v20240726-12e13052

Warden complains with

  - lastTransitionTime: "2024-07-30T08:58:56Z"
    lastUpdateTime: "2024-07-30T08:58:56Z"
    message: 'admission webhook "validation.webhook.warden.kyma-project.io" denied
      the request: Pod images europe-docker.pkg.dev/kyma-project/prod/dockerregistry-operator:0.1.0
      validation failed'
    reason: FailedCreate
    status: "True"
    type: ReplicaFailure

Expected result

Images built during a dispatched release workflow are signed by signify prod.

Actual result

Images built during a dispatched release workflow are not signed by signify prod See the log

[akiioto]

That should help: https://github.com/kyma-project/test-infra/pull/11504

[kwiatekus]

it did, thx. Now its signed

dss -s https://signing.repositories.cloud.sap lookup europe-docker.pkg.dev/kyma-project/prod/dockerregistry-operator 0.1.0
0.1.0 sha256:e6dbb426b7aa9e7c34d37b086f1a151978cc4b9d689b08839ecdba05817bc56d 1941