Closed jku closed 5 months ago
Make repository-test action survive this in tuf-on-ci: Maybe don't allow base repo (GCS bucket) to fail in every possible way, but allow it to fail with expired metadata...
Oh FFS, I've already implemented this in https://github.com/theupdateframework/tuf-on-ci/blob/main/repo/tuf_on_ci/client.py#L80
The upgrade test that is now part of publish process (https://github.com/sigstore/root-signing-staging/blob/main/.github/workflows/test.yml#L15) is useful as it prevents updates that would be seen as incompatible by clients...
However what if the situation is like this:
There's at least two possible alternatives:
update_base_url
argument from the test workflow for the moment and to rerunonline-sign