Skip to content

chore: update cosign args to not use new config functionality#4287

Merged
spiffcs merged 1 commit intomainfrom
cosign-updates
Oct 15, 2025
Merged

chore: update cosign args to not use new config functionality#4287
spiffcs merged 1 commit intomainfrom
cosign-updates

Conversation

@spiffcs
Copy link
Copy Markdown
Contributor

@spiffcs spiffcs commented Oct 15, 2025

Description

fixes: .tool/cosign failed: exit status 1: Error: cannot specify service URLs and use signing config

I can't get this to simulate on my local detecting the github config that provides the service URL automatically, but see that v3 now fetches service URLs from the Sigstore signing-config by default. This change should unblock us 🤞

Type of change

  • Chore (improve the developer experience, fix a test flake, etc, without changing the visible behavior of Syft)

kzantow
kzantow approved these changes Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- some of these release things are difficult to test without trying them

@spiffcs
chore: update to use old configuration on new cosign
4fba08b 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
kzantow
kzantow approved these changes Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@spiffcs spiffcs enabled auto-merge (squash) October 15, 2025 15:06
@spiffcs spiffcs changed the title chore: remove oidc-issues argument chore: update cosign args to not use new config functionality Oct 15, 2025
@spiffcs spiffcs merged commit e9a8bc5 into main Oct 15, 2025
12 checks passed
@spiffcs spiffcs deleted the cosign-updates branch October 15, 2025 15:12
@spiffcs spiffcs mentioned this pull request Oct 15, 2025
Merged
spiffcs added a commit that referenced this pull request Oct 22, 2025
@spiffcs
Merge branch 'main' into 4184-gguf-parser
3326ae4 
* main:
  chore(deps): update tools to latest versions (#4302)
  chore(deps): bump github.com/github/go-spdx/v2 from 2.3.3 to 2.3.4 (#4301)
  chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4299)
  support universal (fat) mach-o binary files (#4278)
  chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4296)
  chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 (#4297)
  convert posix path back to windows (#4285)
  Remove duplicate image source providers (#4289)
  chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 (#4293)
  feat: add option to fetch remote licenses for pnpm-lock.yaml files (#4286)
  Add PDM parser (#4234)
  chore(deps): update tools to latest versions (#4291)
  fix: panic during java archive maven resolution (#4290)
  Extract zip archive with multiple entries (#4283)
  chore: update to use old configuration on new cosign (#4287)
  chore(deps): update anchore dependencies (#4282)
  chore(deps): bump github.com/mholt/archives from 0.1.3 to 0.1.5 (#4280)
  add docs to configs (#4281)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spiffcs @kzantow