The CLI used here is not a real application but a testing tool so we need to build it from source: try to checkout the latest release tag to do that
For context, I'm not 100% convinced root-signing* should test all possible clients in the future... but for the production tuf-on-ci migration a test matrix as large as possible seems like good idea.
Add sigstore-java to the custom client tests:
--staging-with-tuf-url-override
flagFor context, I'm not 100% convinced root-signing* should test all possible clients in the future... but for the production tuf-on-ci migration a test matrix as large as possible seems like good idea.