401 Unauthorized /api/v1/signingCert #1022
Comments
|
When you say "enterprise GitHub action," are you using a self-hosted runner? If so, this is expected. The Cosign integration in Goreleaser uses ephemeral keys, which use your GitHub credentials to get a signing certificate from Fulcio to sign your release. The public Fulcio instance doesn't (and probably won't) support credentials from self-hosted runners. If not, we still probably won't be able to do anything here. I found some details: https://docs.github.com/en/enterprise-cloud@latest/rest/actions/oidc?apiVersion=2022-11-28 It looks like you GitHub Actions Enterprise lets you customize the way OIDC issuance works pretty heavily, which means that we won't be able to verify conformance with these requirements: #397 That said, you can always spin up your own Fulcio instance and configure it to accept GHES OIDC tokens. It's a fair bit of work, but hopefully that will change in the longer run. |
|
Closing as working as intended, there isn’t support for enterprise instances of GitHub. |
Description
when i use enterprise github action, i got failed.
when i use github action, it works righly.
Version
v2
The text was updated successfully, but these errors were encountered: