ci(e2e): fix ko >=v0.19 SBOM push failure on plain-HTTP registry#3621
Conversation
ko v0.19 unconditionally attempts HTTPS when writing SBOMs, causing the E2E job to fail with "http: server gave HTTP response to HTTPS client" against the plain-HTTP KinD registry (registry.local:5000). Set KO_FLAGS=--insecure-registry in the e2e-matrix env block so that both image pushes and SBOM writes use plain HTTP for the local registry. The flag is already forwarded to `ko apply` via $(KO_FLAGS) in the Makefile apply target, so no Makefile change is needed. Signed-off-by: Jawed khelil <jkhelil@redhat.com> Assisted-by: Claude Sonnet 4.6 (via Cursor) Co-authored-by: Cursor <cursoragent@cursor.com>
|
/lgtm |
|
/approved |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pramodbindal The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/cherry-pick release-v0.79.x |
|
/cherry-pick release-v0.80.x |
|
✅ Cherry-pick to A new pull request has been created to cherry-pick this change to PR: #3629 Please review and merge the cherry-pick PR. |
|
/cherry-pick release-v0.79.x |
|
✅ Cherry-pick to A new pull request has been created to cherry-pick this change to PR: #3630 Please review and merge the cherry-pick PR. |
|
/cherry-pick release-v0.76.x |
|
/cherry-pick release-v0.75.x |
|
✅ Cherry-pick to A new pull request has been created to cherry-pick this change to PR: #3640 Please review and merge the cherry-pick PR. |
|
✅ Cherry-pick to A new pull request has been created to cherry-pick this change to PR: #3641 Please review and merge the cherry-pick PR. |
|
/cherry-pick release-v0.78.x |
|
✅ Cherry-pick to A new pull request has been created to cherry-pick this change to PR: #3642 Please review and merge the cherry-pick PR. |
Changes
ko v0.19 unconditionally attempts HTTPS when writing SBOMs, which causes
the E2E job to fail with:
against the plain-HTTP KinD registry (
registry.local:5000).Root cause:
ko-build/setup-ko(without a pinnedversion:) picked upko v0.19.1, which introduced mandatory SBOM writes via cosign. cosign uses
HTTPS by default and has no knowledge that
registry.local:5000is a plainHTTP endpoint, so every SBOM push fails.
Fix: set
KO_FLAGS=--insecure-registryin thee2e-matrix.ymljob env.This flag is already forwarded to
ko applyvia$(KO_FLAGS)in theMakefile
applytarget — no Makefile change is required. The flag is scopedto the CI job only; local
make applyagainst production registries (quay.io,ghcr.io) is unaffected.
The fix was verified locally by reproducing the failure against a custom-hostname
plain-HTTP registry and confirming success with the flag set.
Submitter Checklist
make test lintbefore submitting a PRRelease Notes
Made with Cursor