Skip to content
Release latest

Merge pull request #421 from ComplianceAsCode/renovate/github.com-ope… #126

Sign in to view logs

Merge pull request #421 from ComplianceAsCode/renovate/github.com-ope…

Merge pull request #421 from ComplianceAsCode/renovate/github.com-ope… #126

Triggered via push October 2, 2023 19:29
@openshift-ciopenshift-ci[bot]
pushed 89f9da6
master
Status Failure
Total duration 7m 16s
Artifacts

release-latest.yml

on: push
bundle-container-push-latest  /  container
36s
bundle-container-push-latest / container
openscap-container-push-latest  /  container
49s
openscap-container-push-latest / container
operator-container-push-latest  /  container
6m 37s
operator-container-push-latest / container
bundle-container-push-latest  /  sign
9s
bundle-container-push-latest / sign
bundle-container-push-latest  /  sbom
15s
bundle-container-push-latest / sbom
openscap-container-push-latest  /  sign
8s
openscap-container-push-latest / sign
openscap-container-push-latest  /  sbom
17s
openscap-container-push-latest / sbom
operator-container-push-latest  /  sign
8s
operator-container-push-latest / sign
operator-container-push-latest  /  sbom
20s
operator-container-push-latest / sbom
catalog-container-push-latest
43s
catalog-container-push-latest
Fit to window
Zoom out
Zoom in

Annotations

1 error and 12 notices
catalog-container-push-latest
buildx failed with: ERROR: failed to solve: quay.io/operator-framework/opm:latest: failed to copy: httpReadSeeker: failed open: unexpected status code https://quay.io/v2/operator-framework/opm/manifests/sha256:fcb86c656f591f362db3b313f5e1a2754981e3f511ce72ca44ca5d11c5cdd673: 504 Gateway Time-out
Verify signature
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator-bundle@sha256:6ba5a9c15427ed23f0d8efafce019e7eac9cb1992e22b126052fcaf56748146f | jq '.[0]'
Inspect signature bundle
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator-bundle@sha256:6ba5a9c15427ed23f0d8efafce019e7eac9cb1992e22b126052fcaf56748146f | jq '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson'
Inspect certificate
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator-bundle@sha256:6ba5a9c15427ed23f0d8efafce019e7eac9cb1992e22b126052fcaf56748146f | jq -r '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson | .spec.signature.publicKey.content |= @base64d | .spec.signature.publicKey.content' | openssl x509 -text
Verify SBOM attestation
COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/complianceascode/compliance-operator-bundle@sha256:6ba5a9c15427ed23f0d8efafce019e7eac9cb1992e22b126052fcaf56748146f | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType == "https://spdx.dev/Document") | .predicate.Data | fromjson'
Verify signature
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/openscap-ocp@sha256:cfc6db5d7a006c6dc1ba38ae7985f9f0a0a099f38d5a479a4ced3671af14603e | jq '.[0]'
Inspect signature bundle
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/openscap-ocp@sha256:cfc6db5d7a006c6dc1ba38ae7985f9f0a0a099f38d5a479a4ced3671af14603e | jq '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson'
Inspect certificate
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/openscap-ocp@sha256:cfc6db5d7a006c6dc1ba38ae7985f9f0a0a099f38d5a479a4ced3671af14603e | jq -r '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson | .spec.signature.publicKey.content |= @base64d | .spec.signature.publicKey.content' | openssl x509 -text
Verify SBOM attestation
COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/complianceascode/openscap-ocp@sha256:cfc6db5d7a006c6dc1ba38ae7985f9f0a0a099f38d5a479a4ced3671af14603e | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType == "https://spdx.dev/Document") | .predicate.Data | fromjson'
Verify signature
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator@sha256:b91c17360ea59d585bdf15af68fcc366519bf64f4cc35442a76d714cef6959ec | jq '.[0]'
Inspect signature bundle
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator@sha256:b91c17360ea59d585bdf15af68fcc366519bf64f4cc35442a76d714cef6959ec | jq '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson'
Inspect certificate
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator@sha256:b91c17360ea59d585bdf15af68fcc366519bf64f4cc35442a76d714cef6959ec | jq -r '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson | .spec.signature.publicKey.content |= @base64d | .spec.signature.publicKey.content' | openssl x509 -text
Verify SBOM attestation
COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/complianceascode/compliance-operator@sha256:b91c17360ea59d585bdf15af68fcc366519bf64f4cc35442a76d714cef6959ec | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType == "https://spdx.dev/Document") | .predicate.Data | fromjson'