Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ghcr.io/ko-build/ko:v0.13.0 is not signed #979

Closed
imjasonh opened this issue Mar 10, 2023 · 8 comments
Closed

ghcr.io/ko-build/ko:v0.13.0 is not signed #979

imjasonh opened this issue Mar 10, 2023 · 8 comments

Comments

@imjasonh
Copy link
Member

https://github.com/ko-build/ko/actions/runs/4386793516/jobs/7681559191

This is due to a change in cosign v2 that requires the --yes flag to confirm, which was not set on the release workflow. Related: #973

We can fix this in a few ways, none of which are super ideal. In descending preference order:

  1. merge fix release workflow #977 and cut v0.13.1 -- v0.13.0 will still not be signed, but at least latest will be
  2. define a new manual workflow that just signs the image -- it will be signed with this workflow's details, not the normal release workflow
  3. merge fix release workflow #977 and move the v0.13.0 tag to point to it-- this will break Go module users since v0.13.0 is already present in the go mod cache 👎
@developer-guy
Copy link
Collaborator

May I do these ? ☝️🆙

@imjasonh
Copy link
Member Author

I think we need to decide which one we want to do first 😅

@vdemeester
Copy link
Contributor

I would rather not do 3. as.. as said, it will break go modules. I think cutting a v0.13.1 is fine, or have a manual workflow to sign. So I think 1. is the easiest/quickest to do, but 2. seems fine as well 👼🏼

@developer-guy
Copy link
Collaborator

my vote is also to continue with the first one since I agree with the @vdemeester, this is the easiest way to go with!

@developer-guy
Copy link
Collaborator

as #977 merged, will you @imjasonh cut a new release 0.13.1?

@imjasonh
Copy link
Member Author

as #977 merged, will you @imjasonh cut a new release 0.13.1?

I think we're going to plan a 0.14 release shortly, in preparation for #1025

@github-actions
Copy link

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Keep fresh with the 'lifecycle/frozen' label.

@cpanato
Copy link
Member

cpanato commented Jul 27, 2023

will close this, resolved in v0.14.x

@cpanato cpanato closed this as completed Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants