Skip to content

Commit d44e8a2

Browse files
authored
Merge pull request #1046 from Wikid82/main
Propagate changes from main into development
2 parents 13ae9a5 + 03a60dd commit d44e8a2

4 files changed

Lines changed: 427 additions & 350 deletions

File tree

.github/workflows/docker-build.yml

Lines changed: 26 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -731,20 +731,42 @@ jobs:
731731
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
732732

733733
# Sign GHCR image with keyless signing (Sigstore/Fulcio)
734+
# Retry up to 3 times to handle transient Fulcio/Rekor INTERNAL_ERROR (HTTP/2 stream errors)
734735
- name: Sign GHCR Image
735736
if: env.TRIGGER_EVENT != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true'
736737
run: |
737738
echo "Signing GHCR image with keyless signing..."
738-
cosign sign --yes ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
739-
echo "✅ GHCR image signed successfully"
739+
for attempt in 1 2 3; do
740+
if cosign sign --yes ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}; then
741+
echo "✅ GHCR image signed successfully"
742+
break
743+
fi
744+
if [ "$attempt" -eq 3 ]; then
745+
echo "❌ GHCR signing failed after 3 attempts"
746+
exit 1
747+
fi
748+
echo "⚠️ Attempt $attempt failed — retrying in 15s..."
749+
sleep 15
750+
done
740751
741752
# Sign Docker Hub image with keyless signing (Sigstore/Fulcio)
753+
# Retry up to 3 times to handle transient Fulcio/Rekor INTERNAL_ERROR (HTTP/2 stream errors)
742754
- name: Sign Docker Hub Image
743755
if: env.TRIGGER_EVENT != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true' && env.HAS_DOCKERHUB_TOKEN == 'true'
744756
run: |
745757
echo "Signing Docker Hub image with keyless signing..."
746-
cosign sign --yes ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
747-
echo "✅ Docker Hub image signed successfully"
758+
for attempt in 1 2 3; do
759+
if cosign sign --yes ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}; then
760+
echo "✅ Docker Hub image signed successfully"
761+
break
762+
fi
763+
if [ "$attempt" -eq 3 ]; then
764+
echo "❌ Docker Hub signing failed after 3 attempts"
765+
exit 1
766+
fi
767+
echo "⚠️ Attempt $attempt failed — retrying in 15s..."
768+
sleep 15
769+
done
748770
749771
# Attach SBOM to Docker Hub image
750772
- name: Attach SBOM to Docker Hub

.github/workflows/nightly-build.yml

Lines changed: 48 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -154,6 +154,17 @@ jobs:
154154
digest: ${{ steps.resolve_digest.outputs.digest }}
155155

156156
steps:
157+
- name: Free disk space
158+
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
159+
with:
160+
android: true
161+
dotnet: true
162+
haskell: true
163+
large-packages: true
164+
docker-images: false
165+
swap-storage: true
166+
tool-cache: false
167+
157168
- name: Checkout nightly branch
158169
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
159170
with:
@@ -341,19 +352,41 @@ jobs:
341352
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
342353

343354
# Sign GHCR image with keyless signing (Sigstore/Fulcio)
355+
# Retry up to 3 times to handle transient Fulcio/Rekor INTERNAL_ERROR (HTTP/2 stream errors)
344356
- name: Sign GHCR Image
345357
run: |
346358
echo "Signing GHCR nightly image with keyless signing..."
347-
cosign sign --yes "${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"
348-
echo "✅ GHCR nightly image signed successfully"
359+
for attempt in 1 2 3; do
360+
if cosign sign --yes "${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"; then
361+
echo "✅ GHCR nightly image signed successfully"
362+
break
363+
fi
364+
if [ "$attempt" -eq 3 ]; then
365+
echo "❌ GHCR signing failed after 3 attempts"
366+
exit 1
367+
fi
368+
echo "⚠️ Attempt $attempt failed — retrying in 15s..."
369+
sleep 15
370+
done
349371
350372
# Sign Docker Hub image with keyless signing (Sigstore/Fulcio)
373+
# Retry up to 3 times to handle transient Fulcio/Rekor INTERNAL_ERROR (HTTP/2 stream errors)
351374
- name: Sign Docker Hub Image
352375
if: env.HAS_DOCKERHUB_TOKEN == 'true'
353376
run: |
354377
echo "Signing Docker Hub nightly image with keyless signing..."
355-
cosign sign --yes "${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"
356-
echo "✅ Docker Hub nightly image signed successfully"
378+
for attempt in 1 2 3; do
379+
if cosign sign --yes "${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.resolve_digest.outputs.digest }}"; then
380+
echo "✅ Docker Hub nightly image signed successfully"
381+
break
382+
fi
383+
if [ "$attempt" -eq 3 ]; then
384+
echo "❌ Docker Hub signing failed after 3 attempts"
385+
exit 1
386+
fi
387+
echo "⚠️ Attempt $attempt failed — retrying in 15s..."
388+
sleep 15
389+
done
357390
358391
# Attach SBOM to Docker Hub image
359392
- name: Attach SBOM to Docker Hub
@@ -375,6 +408,17 @@ jobs:
375408
packages: write
376409

377410
steps:
411+
- name: Free disk space
412+
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
413+
with:
414+
android: true
415+
dotnet: true
416+
haskell: true
417+
large-packages: true
418+
docker-images: false
419+
swap-storage: true
420+
tool-cache: false
421+
378422
- name: Checkout nightly branch
379423
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
380424
with:

0 commit comments

Comments
 (0)