New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to verify the artifact: failed to fetch attestations for subject #9049
Labels
Comments
I believe this is due to an older version of $ gh attestation verify pihole-FTL-amd64 --owner pi-hole --bundle ./pi-hole-FTL-attestation-793098.sigstore.json
Loaded digest sha256:67e7d2451a29ff3cd21c4a7c489ac4b1d43993f4a69bf9fbe989dda47f24685e for file://pihole-FTL-amd64
Loaded 1 attestation from pi-hole-FTL-attestation-793098.sigstore.json
✓ Verification succeeded!
sha256:67e7d2451a29ff3cd21c4a7c489ac4b1d43993f4a69bf9fbe989dda47f24685e was attested by:
REPO PREDICATE_TYPE WORKFLOW
pi-hole/FTL https://slsa.dev/provenance/v1 .github/workflows/build.yml@refs/heads/new/artifact_attestations
$ gh version
gh version 2.49.0 (2024-04-30)
https://github.com/cli/cli/releases/tag/v2.49.0 |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Good to know. I've been trying with |
Confirmed working locally with v2.49.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Describe the bug
We just added attestation building to our workflow to join the beta.
Steps to reproduce the behavior
gh attestation verify pihole-FTL-amd64
is expected to work, but we getExpected vs actual behavior
Expect attestation to be validated. The
sha256sum
of the built and downloaded binaries match:Logs
Files for reproduction
The text was updated successfully, but these errors were encountered: