GithubActionsでビルドをしたらエラーが発生
イメージのビルドには成功しているが、最後の署名でエラーとなっている。
client.go:194: root pinning is not supported in Spec 1.0.19
Error: signing [ghcr.io/xxxxx/docker-images/yyyyy@sha256:a9e5759627ab935912cc005d38fe77e09e886235e91f1b5dbe1a65a03d54598d]: getting signer: getting key from Fulcio: verifying SCT: unmarshal: unexpected end of JSON input
main.go:46: error during command execution: signing [ghcr.io/xxxxx/docker-images/yyyyy@sha256:a9e5759627ab935912cc005d38fe77e09e886235e91f1b5dbe1a65a03d54598d]: getting signer: getting key from Fulcio: verifying SCT: unmarshal: unexpected end of JSON input
Error: Process completed with exit code 1.
原因:cosignのバージョンが低かったため
workflow.yml
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
with:
- cosign-release: 'v1.4.0'
+ cosign-release: 'v1.9.0'
解決
イメージのビルドおよび署名に成功
Generating ephemeral keys...
Retrieving signed certificate...
Note that there may be personally identifiable information associated with this signed artifact.
This may include the email address associated with the account with which you authenticate.
This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.
Successfully verified SCT...
tlog entry created with index: 3524110
Pushing signature to: ghcr.io/xxxxx/docker-images/yyyyy