From f94b54bd726b7a52afa5fa38e56f0d2f1247b95a Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Tue, 3 Oct 2023 17:54:38 +0000 Subject: [PATCH 1/4] ci: add retry to cosign keyless test --- test/bats/plugin-test.bats | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/bats/plugin-test.bats b/test/bats/plugin-test.bats index 9a260a89c..0e68a91b6 100644 --- a/test/bats/plugin-test.bats +++ b/test/bats/plugin-test.bats @@ -81,8 +81,7 @@ SLEEP_TIME=1 run kubectl replace -f ./config/samples/config_v1beta1_store_oras.yaml sleep 5 - run kubectl run cosign-demo-keyless --namespace default --image=wabbitnetworks.azurecr.io/test/cosign-image:signed-keyless - assert_success + wait_for_process 30 10 'kubectl run cosign-demo-keyless --namespace default --image=wabbitnetworks.azurecr.io/test/cosign-image:signed-keyless' } @test "licensechecker test" { From 6482d8a531b9fe5d41ec1febb62654fb7ab03331 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Mon, 9 Oct 2023 21:39:54 +0000 Subject: [PATCH 2/4] reduce to only 1 retry --- test/bats/plugin-test.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/bats/plugin-test.bats b/test/bats/plugin-test.bats index 0e68a91b6..02cdc0564 100644 --- a/test/bats/plugin-test.bats +++ b/test/bats/plugin-test.bats @@ -81,7 +81,7 @@ SLEEP_TIME=1 run kubectl replace -f ./config/samples/config_v1beta1_store_oras.yaml sleep 5 - wait_for_process 30 10 'kubectl run cosign-demo-keyless --namespace default --image=wabbitnetworks.azurecr.io/test/cosign-image:signed-keyless' + wait_for_process 20 10 'kubectl run cosign-demo-keyless --namespace default --image=wabbitnetworks.azurecr.io/test/cosign-image:signed-keyless' } @test "licensechecker test" { From f0f521c6cced727b1709762bea848d78c90d7793 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Tue, 10 Oct 2023 16:48:46 +0000 Subject: [PATCH 3/4] add retry message with command --- test/bats/helpers.bash | 1 + 1 file changed, 1 insertion(+) diff --git a/test/bats/helpers.bash b/test/bats/helpers.bash index 92ea9326b..755ea4fc2 100644 --- a/test/bats/helpers.bash +++ b/test/bats/helpers.bash @@ -68,6 +68,7 @@ wait_for_process() { return 0 else sleep "$sleep_time" + echo "# retrying $cmd" >&3 wait_time=$((wait_time - sleep_time)) fi done From 0b5216feda75a4dc55f2c55a9bd73bd119414276 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Tue, 10 Oct 2023 16:54:09 +0000 Subject: [PATCH 4/4] update cosign docs with timeout warning --- plugins/verifier/cosign/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/verifier/cosign/README.md b/plugins/verifier/cosign/README.md index fbd51ce91..0a5cbabe7 100644 --- a/plugins/verifier/cosign/README.md +++ b/plugins/verifier/cosign/README.md @@ -71,6 +71,9 @@ $ ratify verify --config ~/.ratify/config.json --subject myregistry.io/example/h ## Keyless Verification This section outlines how to use `ratify` to verify the signatures signed using keyless signatures. +> [!WARNING] +> Cosign keyless verification may result in verification timeout due to Fulcio and Rekor server latencies + ### Configuration ```json