@@ -154,6 +154,17 @@ jobs:
154154 digest : ${{ steps.resolve_digest.outputs.digest }}
155155
156156 steps :
157+ - name : Free disk space
158+ uses : jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
159+ with :
160+ android : true
161+ dotnet : true
162+ haskell : true
163+ large-packages : true
164+ docker-images : false
165+ swap-storage : true
166+ tool-cache : false
167+
157168 - name : Checkout nightly branch
158169 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
159170 with :
@@ -341,19 +352,41 @@ jobs:
341352 uses : sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
342353
343354 # Sign GHCR image with keyless signing (Sigstore/Fulcio)
355+ # Retry up to 3 times to handle transient Fulcio/Rekor INTERNAL_ERROR (HTTP/2 stream errors)
344356 - name : Sign GHCR Image
345357 run : |
346358 echo "Signing GHCR nightly image with keyless signing..."
347- cosign sign --yes "${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"
348- echo "✅ GHCR nightly image signed successfully"
359+ for attempt in 1 2 3; do
360+ if cosign sign --yes "${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"; then
361+ echo "✅ GHCR nightly image signed successfully"
362+ break
363+ fi
364+ if [ "$attempt" -eq 3 ]; then
365+ echo "❌ GHCR signing failed after 3 attempts"
366+ exit 1
367+ fi
368+ echo "⚠️ Attempt $attempt failed — retrying in 15s..."
369+ sleep 15
370+ done
349371
350372 # Sign Docker Hub image with keyless signing (Sigstore/Fulcio)
373+ # Retry up to 3 times to handle transient Fulcio/Rekor INTERNAL_ERROR (HTTP/2 stream errors)
351374 - name : Sign Docker Hub Image
352375 if : env.HAS_DOCKERHUB_TOKEN == 'true'
353376 run : |
354377 echo "Signing Docker Hub nightly image with keyless signing..."
355- cosign sign --yes "${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"
356- echo "✅ Docker Hub nightly image signed successfully"
378+ for attempt in 1 2 3; do
379+ if cosign sign --yes "${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"; then
380+ echo "✅ Docker Hub nightly image signed successfully"
381+ break
382+ fi
383+ if [ "$attempt" -eq 3 ]; then
384+ echo "❌ Docker Hub signing failed after 3 attempts"
385+ exit 1
386+ fi
387+ echo "⚠️ Attempt $attempt failed — retrying in 15s..."
388+ sleep 15
389+ done
357390
358391 # Attach SBOM to Docker Hub image
359392 - name : Attach SBOM to Docker Hub
@@ -375,6 +408,17 @@ jobs:
375408 packages : write
376409
377410 steps :
411+ - name : Free disk space
412+ uses : jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
413+ with :
414+ android : true
415+ dotnet : true
416+ haskell : true
417+ large-packages : true
418+ docker-images : false
419+ swap-storage : true
420+ tool-cache : false
421+
378422 - name : Checkout nightly branch
379423 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
380424 with :
0 commit comments