Tags: sigstore/cosign-installer
Tags
fix: add retry to curl downloads for transient network failures (#210) Transient network errors during the cosign download can cause the action to fail. This is particularly problematic when the action runs after images have been pushed to a registry, resulting in unsigned images. Add --retry 3 to all curl calls. By default, curl uses exponential backoff: it waits 1 second before the first retry, then doubles the wait time for each subsequent retry up to a maximum of 10 minutes. It also respects Retry-After headers in the response. Closes: #209 Signed-off-by: Jose Fernandez <me@jrfernandez.com>
bump to use cosign 2.6.1 (#203) * bump to use cosign 2.6.1 Signed-off-by: Carlos Panato <ctadeu@gmail.com> * in the cosign installer v3 branch only test cosign v2 Signed-off-by: Carlos Panato <ctadeu@gmail.com> --------- Signed-off-by: Carlos Panato <ctadeu@gmail.com>
add support for cosign v3 releases (#201) * add support for cosign v3.0.1 release Signed-off-by: Bob Callaway <bcallaway@google.com> * use version num instead Signed-off-by: Bob Callaway <bcallaway@google.com> * add cert flags, move key fetch into v2 clause Signed-off-by: Bob Callaway <bcallaway@google.com> * update for v3.0.2 release Signed-off-by: Bob Callaway <bcallaway@google.com> * use helper function Signed-off-by: Bob Callaway <bcallaway@google.com> * temporarily comment out the exit to test kms sig verification Signed-off-by: Bob Callaway <bcallaway@google.com> * add another comment - temporary Signed-off-by: Bob Callaway <bcallaway@google.com> * remove comments for final mergeable fix Signed-off-by: Bob Callaway <bcallaway@google.com> * recommend v2.6.0 or later Signed-off-by: Bob Callaway <bcallaway@google.com> --------- Signed-off-by: Bob Callaway <bcallaway@google.com>
PreviousNext