Closed haydentherapper closed 3 months ago
Hm. It looks like it did detect a least one non-snapshot/non-timestamp file correctly to trigger the exit condition: https://github.com/sigstore/root-signing/actions/runs/8347556789/job/22847432435#step:7:197
It just didn't actually exit, despite the next line being exit 0
.
Ah good catch, didn't see that line. Does it have to be exit 1
instead?
Description
This morning, we merged a root signing event.
Here is the check. We diff what's in
repository/repository
(which should contain the updated metadata) and ingcs://sigstore-tuf-root
, and if any file names are nottimestamp.json
,snapshot.json
, or0-9.snapshot.json
,exit 0
.I tested this locally and it seems to work, exiting since a non-ts/snapshot file was updated.
@lkatalin @kommendorkapten @jku if you have any ideas on why this succeeded? If you have any suggestions on how to simplify this too, let's do that.