Skip to content

🤖 [RHTAS-build-bot] [release-1.3] Update Component images #1411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release-1.3
Choose a base branch
from
Open

🤖 [RHTAS-build-bot] [release-1.3] Update Component images #1411

wants to merge 1 commit into from

Conversation

@JasonPowr
Copy link
Contributor

@JasonPowr JasonPowr commented Oct 30, 2025
edited
Loading

This PR contains the following changes

Image Old SHA New SHA
registry.redhat.io/rhtas/rekor-search-ui-rhel9 05e1a6f 2d5b39c
registry.redhat.io/rhtas/fulcio-rhel9 85f602f 2417087
registry.redhat.io/rhtas/certificate-transparency-rhel9 651a5a4 c7c6f0f
registry.redhat.io/rhtas/createtree-rhel9 bcfc0d0 7132133
registry.redhat.io/rhtas/rekor-monitor-rhel9 da3aa5c b7f9f8b
registry.redhat.io/rhtas/client-server-rhel9 f95046a c81aaa8
registry.redhat.io/rhtas/timestamp-authority-rhel9 be62342 71a3899
registry.redhat.io/rhtas/rekor-server-rhel9 af2a790 405b309
registry.redhat.io/rhtas/trillian-logserver-rhel9 9ecb8cb d5000a4
registry.redhat.io/rhtas/trillian-database-rhel9 1295d96 0c9bb35
registry.redhat.io/rhtas/rekor-backfill-redis-rhel9 1e98cb1 aa83559
registry.redhat.io/rhtas/segment-reporting-rhel9 e1790a0 aaa6ddc
registry.redhat.io/rhtas/trillian-logsigner-rhel9 358d52e c95a757
registry.redhat.io/rhtas/tuffer-rhel9 0659831 0c30481
registry.redhat.io/rhtas/trillian-redis-rhel9 e191b4c 880b92a

@sourcery-ai
Copy link

sourcery-ai bot commented Oct 30, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This pull request updates the SHA digest for the tuffer-rhel9 container image in the default configuration.

File-Level Changes

Change Details Files
Updated container image SHA reference
  • Bumped tuffer-rhel9 image SHA from 0659831 to 67c4e51
 config/default/images.env
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@qodo-merge-pro
Copy link

qodo-merge-pro bot commented Oct 30, 2025
edited
Loading

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No runtime logging: The PR only updates an image digest and does not add or alter any code related to logging
critical actions, so audit trail compliance cannot be verified from this change alone.

Referred Code 
RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206
RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685
Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
No error handling: This change updates a configuration value without introducing or modifying any error
handling, so robustness against failures cannot be assessed from the diff.

Referred Code 
RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206
RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685
Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
No user errors shown: The PR only modifies an image digest in configuration and does not touch user-facing error
paths; secure error handling cannot be evaluated from this change.

Referred Code 
RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206
RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685
Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Config-only change: Updating an image SHA in configuration does not expose input validation or data handling
logic, so security controls cannot be confirmed from this diff.

Referred Code 
RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206
RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685
  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

sourcery-ai[bot]
sourcery-ai bot reviewed Oct 30, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@qodo-merge-pro
Copy link

qodo-merge-pro bot commented Oct 30, 2025
edited
Loading

PR Code Suggestions ✨

No code suggestions found for the PR.

@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-release-1.3 branch 22 times, most recently from 52707ee to c6e6a3a Compare October 31, 2025 14:48
@tommyd450
Copy link
Contributor

tommyd450 commented Oct 31, 2025

/ok-to-test

@tommyd450
Copy link
Contributor

tommyd450 commented Oct 31, 2025

/retest

@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-release-1.3 branch 15 times, most recently from 26cbdbe to 204ecc8 Compare November 4, 2025 15:57
@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-release-1.3 branch from 204ecc8 to debd458 Compare November 7, 2025 09:54
@qodo-merge-pro
Copy link

qodo-merge-pro bot commented Nov 7, 2025

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Execute securesign/sigstore-e2e

Failed stage: Run tests [❌]

Failed test name: TUF manual repo test [It] should verify workdir structure

Failure summary:

The action failed because the E2E test "TUF manual repo test" detected an unexpected file in the TUF
targets directory, causing an assertion to fail.
- Test file:
e2e/test/tuftool/tuftool_manual_tuf_repo_test.go
- Failure location: line 253 (assertion), triggered
from line 68 (test case)
- Error message: "unexpected file in targets:
/tmp/trustroot_example3392978546/tuf-repo/targets/45f89066b2b8a5e2ef7e7e4f38fab24d8c90a3284fbd681cdfdcb51b09b4ab68.signing_config.v0.2.json"

- Summary: The test expected the targets directory to contain only specific files, but a
signing_config.v0.2.json-related file appeared, violating the expected workdir structure.

Relevant error logs: 
1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

454:  configmap/ingress-nginx-controller created
455:  service/ingress-nginx-controller created
456:  service/ingress-nginx-controller-admission created
457:  deployment.apps/ingress-nginx-controller created
458:  job.batch/ingress-nginx-admission-create created
459:  job.batch/ingress-nginx-admission-patch created
460:  ingressclass.networking.k8s.io/nginx created
461:  validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
462:  pod/ingress-nginx-controller-bcdf75cfc-jctr9 condition met
463:  ##[group]Run # Download the bundle.yaml
464:  �[36;1m# Download the bundle.yaml�[0m
465:  �[36;1mcurl -sL https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.84.0/bundle.yaml -o bundle.yaml �[0m
466:  �[36;1m�[0m
467:  �[36;1m# Check if the download was successful and the file is not empty�[0m
468:  �[36;1mif [ ! -s "bundle.yaml" ]; then�[0m
469:  �[36;1m  echo "Error: Downloaded bundle.yaml is empty or failed to download."�[0m
470:  �[36;1m  exit 1�[0m
...

748:  BUNDLE_IMG: ghcr.io/securesign/secure-sign-operator-bundle:dev-e29d362dbb79a3299f3fed558ab31859d9e5d5f5
749:  CATALOG_IMG: ghcr.io/securesign/secure-sign-operator-fbc:dev-e29d362dbb79a3299f3fed558ab31859d9e5d5f5
750:  NEW_OLM_CHANNEL: rhtas-operator.v1.3.1
751:  OCP_VERSION: v4.19
752:  TEST_NAMESPACE: test
753:  REGISTRY_AUTH_FILE: /tmp/config.json
754:  OPENSHIFT: false
755:  ##[endgroup]
756:  /home/runner/work/secure-sign-operator/secure-sign-operator/bin/controller-gen-v0.17.0 rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
757:  Downloading sigs.k8s.io/kustomize/kustomize/[email protected]
758:  go: downloading sigs.k8s.io/kustomize/kustomize/v5 v5.6.0
759:  go: downloading github.com/spf13/cobra v1.8.0
760:  go: downloading sigs.k8s.io/kustomize/api v0.19.0
761:  go: downloading sigs.k8s.io/kustomize/cmd/config v0.19.0
762:  go: downloading sigs.k8s.io/kustomize/kyaml v0.19.0
763:  go: downloading github.com/go-errors/errors v1.4.2
764:  go: downloading github.com/davecgh/go-spew v1.1.1
...

933:  {"status":"Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"}
934:  {"status":"Status: Downloaded newer image for mirror.gcr.io/alpine:latest"}
935:  {"status":"The push refers to repository [ttl.sh/d302f3ba-a064-4991-974a-5f7ab5a3d853]"}
936:  {"status":"Preparing","progressDetail":{},"id":"256f393e029f"}
937:  {"status":"Pushing","progressDetail":{"current":101376,"total":8317404},"progress":"[\u003e                                                  ]  101.4kB/8.317MB","id":"256f393e029f"}
938:  {"status":"Pushing","progressDetail":{"current":199680,"total":8317404},"progress":"[=\u003e                                                 ]  199.7kB/8.317MB","id":"256f393e029f"}
939:  {"status":"Pushing","progressDetail":{"current":1149708,"total":8317404},"progress":"[======\u003e                                            ]   1.15MB/8.317MB","id":"256f393e029f"}
940:  {"status":"Pushing","progressDetail":{"current":2657280,"total":8317404},"progress":"[===============\u003e                                   ]  2.657MB/8.317MB","id":"256f393e029f"}
941:  {"status":"Pushing","progressDetail":{"current":4328448,"total":8317404},"progress":"[==========================\u003e                        ]  4.328MB/8.317MB","id":"256f393e029f"}
942:  {"status":"Pushing","progressDetail":{"current":6589440,"total":8317404},"progress":"[=======================================\u003e           ]  6.589MB/8.317MB","id":"256f393e029f"}
943:  {"status":"Pushing","progressDetail":{"current":8357376,"total":8317404},"progress":"[==================================================\u003e]  8.357MB","id":"256f393e029f"}
944:  {"status":"Pushing","progressDetail":{"current":8607232,"total":8317404},"progress":"[==================================================\u003e]  8.607MB","id":"256f393e029f"}
945:  {"status":"Pushed","progressDetail":{},"id":"256f393e029f"}
946:  {"status":"5m: digest: sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64 size: 527"}
947:  {"progressDetail":{},"aux":{"Tag":"5m","Digest":"sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64","Size":527}}
948:  t=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument.
949:  t=l=info app=cosign m=Root status: 
950:  t=l=info app=cosign m= {
951:  t=l=info app=cosign m=	"local": "/home/runner/.sigstore/root",
952:  t=l=info app=cosign m=	"remote": "http://tuf.local",
953:  t=l=info app=cosign m=	"metadata": {
954:  t=l=info app=cosign m=		"root.json": {
955:  t=l=info app=cosign m=			"version": 1,
956:  t=l=info app=cosign m=			"len": 4128,
957:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
958:  t=l=info app=cosign m=			"error": ""
959:  t=l=info app=cosign m=		},
960:  t=l=info app=cosign m=		"snapshot.json": {
961:  t=l=info app=cosign m=			"version": 1,
962:  t=l=info app=cosign m=			"len": 994,
963:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
964:  t=l=info app=cosign m=			"error": ""
965:  t=l=info app=cosign m=		},
966:  t=l=info app=cosign m=		"targets.json": {
967:  t=l=info app=cosign m=			"version": 1,
968:  t=l=info app=cosign m=			"len": 2601,
969:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
970:  t=l=info app=cosign m=			"error": ""
971:  t=l=info app=cosign m=		},
972:  t=l=info app=cosign m=		"timestamp.json": {
973:  t=l=info app=cosign m=			"version": 1,
974:  t=l=info app=cosign m=			"len": 995,
975:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
976:  t=l=info app=cosign m=			"error": ""
977:  t=l=info app=cosign m=		}
978:  t=l=info app=cosign m=	},
979:  t=l=info app=cosign m=	"targets": [
980:  t=l=info app=cosign m=		"fulcio_v1.crt.pem",
981:  t=l=info app=cosign m=		"trusted_root.json",
982:  t=l=info app=cosign m=		"signing_config.v0.2.json",
983:  t=l=info app=cosign m=		"tsa.certchain.pem",
984:  t=l=info app=cosign m=		"ctfe.pub",
985:  t=l=info app=cosign m=		"rekor.pub"
986:  t=l=info app=cosign m=	]
987:  t=l=info app=cosign m=}
988:  �[38;5;10m•�[0mt=l=error app=cosign m=Generating ephemeral keys...
989:  t=l=error app=cosign m=Retrieving signed certificate...
990:  t=l=error app=cosign m=Successfully verified SCT...
991:  t=l=error app=cosign m=WARNING: Image reference ttl.sh/d302f3ba-a064-4991-974a-5f7ab5a3d853:5m uses a tag, not a digest, to identify the image to sign.
992:  t=l=error app=cosign m=    This can lead you to sign a different image than the intended one. Please use a
993:  t=l=error app=cosign m=    digest (example.com/ubuntu@sha256:abc123...) rather than tag
994:  t=l=error app=cosign m=    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
995:  t=l=error app=cosign m=    images by tag will be removed in a future release.
996:  t=l=error app=cosign
997:  t=l=error app=cosign
998:  t=l=error app=cosign m=	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
999:  t=l=error app=cosign m=	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
1000:  t=l=error app=cosign m=	This may include the email address associated with the account with which you authenticate your contractual Agreement.
1001:  t=l=error app=cosign m=	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.
1002:  t=l=error app=cosign
1003:  t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
1004:  t=l=error app=cosign m=Timestamp fetched with time:  2025-11-07 10:06:15 +0000 UTC
1005:  t=l=error app=cosign m=tlog entry created with index: 2
1006:  t=l=error app=cosign m=Pushing signature to: ttl.sh/d302f3ba-a064-4991-974a-5f7ab5a3d853
1007:  �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign
1008:  t=l=error app=cosign m=Verification for ttl.sh/d302f3ba-a064-4991-974a-5f7ab5a3d853:5m --
1009:  t=l=error app=cosign m=The following checks were performed on each of these signatures:
1010:  t=l=error app=cosign m=  - The cosign claims were validated
1011:  t=l=error app=cosign m=  - Existence of the claims in the transparency log was verified offline
1012:  t=l=error app=cosign m=  - The code-signing certificate was verified using trusted certificate authority certificates
1013:  t=l=info app=cosign
...

1066:  t=l=info app=ec m=OPA                v1.6.0
1067:  t=l=info app=ec m=Conftest           v0.62.0
1068:  t=l=info app=ec m=Cosign             v2.4.1
1069:  t=l=info app=ec m=Sigstore           v1.8.9
1070:  t=l=info app=ec m=Rekor              v1.3.6
1071:  t=l=info app=ec m=Tekton Pipeline    v0.66.0
1072:  t=l=info app=ec m=Kubernetes Client  v0.32.3
1073:  {"status":"Pulling from alpine","id":"latest"}
1074:  {"status":"Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"}
1075:  {"status":"Status: Image is up to date for mirror.gcr.io/alpine:latest"}
1076:  {"status":"The push refers to repository [ttl.sh/aa2427b9-c927-46de-adca-bc0e81d6def0]"}
1077:  {"status":"Preparing","progressDetail":{},"id":"256f393e029f"}
1078:  {"status":"Mounted from d302f3ba-a064-4991-974a-5f7ab5a3d853","progressDetail":{},"id":"256f393e029f"}
1079:  {"status":"5m: digest: sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64 size: 527"}
1080:  {"progressDetail":{},"aux":{"Tag":"5m","Digest":"sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64","Size":527}}
1081:  t=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument.
1082:  t=l=info app=cosign m=Root status: 
1083:  t=l=info app=cosign m= {
1084:  t=l=info app=cosign m=	"local": "/home/runner/.sigstore/root",
1085:  t=l=info app=cosign m=	"remote": "http://tuf.local",
1086:  t=l=info app=cosign m=	"metadata": {
1087:  t=l=info app=cosign m=		"root.json": {
1088:  t=l=info app=cosign m=			"version": 1,
1089:  t=l=info app=cosign m=			"len": 4128,
1090:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1091:  t=l=info app=cosign m=			"error": ""
1092:  t=l=info app=cosign m=		},
1093:  t=l=info app=cosign m=		"snapshot.json": {
1094:  t=l=info app=cosign m=			"version": 1,
1095:  t=l=info app=cosign m=			"len": 994,
1096:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1097:  t=l=info app=cosign m=			"error": ""
1098:  t=l=info app=cosign m=		},
1099:  t=l=info app=cosign m=		"targets.json": {
1100:  t=l=info app=cosign m=			"version": 1,
1101:  t=l=info app=cosign m=			"len": 2601,
1102:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1103:  t=l=info app=cosign m=			"error": ""
1104:  t=l=info app=cosign m=		},
1105:  t=l=info app=cosign m=		"timestamp.json": {
1106:  t=l=info app=cosign m=			"version": 1,
1107:  t=l=info app=cosign m=			"len": 995,
1108:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1109:  t=l=info app=cosign m=			"error": ""
1110:  t=l=info app=cosign m=		}
1111:  t=l=info app=cosign m=	},
1112:  t=l=info app=cosign m=	"targets": [
1113:  t=l=info app=cosign m=		"tsa.certchain.pem",
1114:  t=l=info app=cosign m=		"ctfe.pub",
1115:  t=l=info app=cosign m=		"rekor.pub",
1116:  t=l=info app=cosign m=		"fulcio_v1.crt.pem",
1117:  t=l=info app=cosign m=		"trusted_root.json",
1118:  t=l=info app=cosign m=		"signing_config.v0.2.json"
1119:  t=l=info app=cosign m=	]
1120:  t=l=info app=cosign m=}
1121:  �[38;5;10m•�[0mt=l=error app=cosign m=Generating ephemeral keys...
1122:  t=l=error app=cosign m=Retrieving signed certificate...
1123:  t=l=error app=cosign m=Successfully verified SCT...
1124:  t=l=error app=cosign m=WARNING: Image reference ttl.sh/aa2427b9-c927-46de-adca-bc0e81d6def0:5m uses a tag, not a digest, to identify the image to sign.
1125:  t=l=error app=cosign m=    This can lead you to sign a different image than the intended one. Please use a
1126:  t=l=error app=cosign m=    digest (example.com/ubuntu@sha256:abc123...) rather than tag
1127:  t=l=error app=cosign m=    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
1128:  t=l=error app=cosign m=    images by tag will be removed in a future release.
1129:  t=l=error app=cosign
1130:  t=l=error app=cosign
1131:  t=l=error app=cosign m=	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
1132:  t=l=error app=cosign m=	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
1133:  t=l=error app=cosign m=	This may include the email address associated with the account with which you authenticate your contractual Agreement.
1134:  t=l=error app=cosign m=	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.
1135:  t=l=error app=cosign
1136:  t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
1137:  t=l=error app=cosign m=tlog entry created with index: 3
1138:  t=l=error app=cosign m=Pushing signature to: ttl.sh/aa2427b9-c927-46de-adca-bc0e81d6def0
1139:  �[38;5;10m•�[0mt=l=info app=cosign m=
...

1171:  t=l=info app=rekor-cli m=4
1172:  t=l=info app=rekor-cli m=kRwowEs0IR14g1YMKaEKap/z51p8CKr2pLCZOfRfqkc=
1173:  t=l=info app=rekor-cli
1174:  t=l=info app=rekor-cli m=— rekor-server-66798d78bd-8kf7v zd/3TDBFAiAjsrqSHFbt//2dakwb5q7EtiMDr/5rGlU408ktDogHrwIhAL94W5Am8IHxiJCpyblvT9bksnIpoALoZXJDxV2XD916
1175:  t=l=info app=rekor-cli
1176:  t=l=info app=rekor-cli
1177:  t=l=info app=rekor-cli m=Inclusion Proof:
1178:  t=l=info app=rekor-cli m=SHA256(0x01 | 89ee53af195851c1f6eb92a982853ec03b68965f55d83df7d746187cdcc3eec7 | 9544b252ee120ffbdcd1c7cb1b841def8633f6801fbe0377f634b09c966c2346) =
1179:  t=l=info app=rekor-cli m=	4b2c3cee6a1e99a992f878ec49fdbe94d0334c0a23ec4477ad2eca1680967946
1180:  t=l=info app=rekor-cli
1181:  t=l=info app=rekor-cli m=SHA256(0x01 | 9240e2d875926867187ace7195b7e715f233f4a7ea14dedac72d229c185ca552 | 4b2c3cee6a1e99a992f878ec49fdbe94d0334c0a23ec4477ad2eca1680967946) =
1182:  t=l=info app=rekor-cli m=	911c28c04b34211d7883560c29a10a6a9ff3e75a7c08aaf6a4b09939f45faa47
1183:  t=l=info app=rekor-cli
1184:  t=l=info app=rekor-cli m=Computed Root Hash: 911c28c04b34211d7883560c29a10a6a9ff3e75a7c08aaf6a4b09939f45faa47
1185:  t=l=info app=rekor-cli m=Expected Root Hash: 911c28c04b34211d7883560c29a10a6a9ff3e75a7c08aaf6a4b09939f45faa47
1186:  �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign m=WARNING: Image reference ttl.sh/aa2427b9-c927-46de-adca-bc0e81d6def0:5m uses a tag, not a digest, to identify the image to sign.
1187:  t=l=error app=cosign m=    This can lead you to sign a different image than the intended one. Please use a
1188:  t=l=error app=cosign m=    digest (example.com/ubuntu@sha256:abc123...) rather than tag
1189:  t=l=error app=cosign m=    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
1190:  t=l=error app=cosign m=    images by tag will be removed in a future release.
1191:  t=l=error app=cosign
1192:  t=l=error app=cosign m=Generating ephemeral keys...
1193:  t=l=error app=cosign m=Retrieving signed certificate...
1194:  t=l=error app=cosign m=Successfully verified SCT...
1195:  t=l=error app=cosign m=Using payload from: /tmp/tmp2606296825/predicate.json
1196:  t=l=error app=cosign
1197:  t=l=error app=cosign m=	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
1198:  t=l=error app=cosign m=	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
1199:  t=l=error app=cosign m=	This may include the email address associated with the account with which you authenticate your contractual Agreement.
1200:  t=l=error app=cosign m=	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.
1201:  t=l=error app=cosign
1202:  t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
1203:  t=l=error app=cosign m=tlog entry created with index: 4
1204:  �[38;5;10m•�[0mt=l=info app=cosign m=📦 Supply Chain Security Related artifacts for an image: ttl.sh/aa2427b9-c927-46de-adca-bc0e81d6def0:5m
...

1312:  code: builtin.attestation.signature_check
1313:  msg: Pass
1314:  - metadata:
1315:  code: builtin.attestation.syntax_check
1316:  msg: Pass
1317:  - metadata:
1318:  code: builtin.image.signature_check
1319:  msg: Pass
1320:  ec-version: v0.7.159+redhat
1321:  effective-time: "2025-11-07T10:06:42.804247359Z"
1322:  key: ""
1323:  policy: {}
1324:  success: true
1325:  �[38;5;10m•�[0m
1326:  �[38;5;10m�[1mRan 13 of 13 Specs in 43.294 seconds�[0m
1327:  �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m13 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m
1328:  --- PASS: TestCosignTest (43.29s)
...

1396:  t=l=info app=rekor-cli m= | |_) | |  _|   | ' /  | | | | | |_) |  _____  | |     | |      | |
1397:  t=l=info app=rekor-cli m= |  _ <  | |___  | . \  | |_| | |  _ <  |_____| | |___  | |___   | |
1398:  t=l=info app=rekor-cli m= |_| \_\ |_____| |_|\_\  \___/  |_| \_\          \____| |_____| |___|
1399:  t=l=info app=rekor-cli m=rekor-cli: Rekor CLI
1400:  t=l=info app=rekor-cli
1401:  t=l=info app=rekor-cli m=GitVersion:    v0.0.0-20251031133037-47b7138c6171+dirty
1402:  t=l=info app=rekor-cli m=GitCommit:     47b7138c6171694f0923d5d110dd3488486a3064
1403:  t=l=info app=rekor-cli m=GitTreeState:  clean
1404:  t=l=info app=rekor-cli m=BuildDate:     t=l=info app=rekor-cli m=GoVersion:     go1.24.6 (Red Hat 1.24.6-1.el9_6) X:strictfipsruntime
1405:  t=l=info app=rekor-cli m=Compiler:      gc
1406:  t=l=info app=rekor-cli m=Platform:      linux/amd64
1407:  t=l=info app=rekor-cli
1408:  �[38;5;10m•�[0m�[38;5;10m•�[0m�[38;5;10m•�[0mt=l=info app=git m=[master (root-commit) 15757a7] CI commit 2025-11-07 10:06:06.514351061 +0000 UTC m=+2.460216210
1409:  t=l=info app=git m= 1 file changed, 1 insertion(+)
1410:  t=l=info app=git m= create mode 100644 testFile.txt
1411:  �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument.
1412:  t=l=info app=cosign m=Root status: 
1413:  t=l=info app=cosign m= {
1414:  t=l=info app=cosign m=	"local": "/home/runner/.sigstore/root",
1415:  t=l=info app=cosign m=	"remote": "http://tuf.local",
1416:  t=l=info app=cosign m=	"metadata": {
1417:  t=l=info app=cosign m=		"root.json": {
1418:  t=l=info app=cosign m=			"version": 1,
1419:  t=l=info app=cosign m=			"len": 4128,
1420:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1421:  t=l=info app=cosign m=			"error": ""
1422:  t=l=info app=cosign m=		},
1423:  t=l=info app=cosign m=		"snapshot.json": {
1424:  t=l=info app=cosign m=			"version": 1,
1425:  t=l=info app=cosign m=			"len": 994,
1426:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1427:  t=l=info app=cosign m=			"error": ""
1428:  t=l=info app=cosign m=		},
1429:  t=l=info app=cosign m=		"targets.json": {
1430:  t=l=info app=cosign m=			"version": 1,
1431:  t=l=info app=cosign m=			"len": 2601,
1432:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1433:  t=l=info app=cosign m=			"error": ""
1434:  t=l=info app=cosign m=		},
1435:  t=l=info app=cosign m=		"timestamp.json": {
1436:  t=l=info app=cosign m=			"version": 1,
1437:  t=l=info app=cosign m=			"len": 995,
1438:  t=l=info app=cosign m=			"expiration": "06 Nov 26 10:04 UTC",
1439:  t=l=info app=cosign m=			"error": ""
1440:  t=l=info app=cosign m=		}
...

1481:  t=l=info app=rekor-cli m=rekor-server-66798d78bd-8kf7v - 9120315852340705829
1482:  t=l=info app=rekor-cli m=2
1483:  t=l=info app=rekor-cli m=kkDi2HWSaGcYes5xlbfnFfIz9KfqFN7axy0inBhcpVI=
1484:  t=l=info app=rekor-cli
1485:  t=l=info app=rekor-cli m=— rekor-server-66798d78bd-8kf7v zd/3TDBFAiEAmxWbfrgyec37TZCTQzASijBVkeF9+sHNy7ZpFmfMc5YCIFSXFHZeE7xQgfZEE+few51wcFgTsgOVmR8gquDuY0Vd
1486:  t=l=info app=rekor-cli
1487:  t=l=info app=rekor-cli
1488:  t=l=info app=rekor-cli m=Inclusion Proof:
1489:  t=l=info app=rekor-cli m=SHA256(0x01 | 6af4ae6264e472fe2f8b80bb45e6340ebefae33fc3484e31860e93912671cca8 | 56e4f5e5ea5dffd66fb3fa4caf19283a70de3128d9ebdbcbbc6a54b1445820fe) =
1490:  t=l=info app=rekor-cli m=	9240e2d875926867187ace7195b7e715f233f4a7ea14dedac72d229c185ca552
1491:  t=l=info app=rekor-cli
1492:  t=l=info app=rekor-cli m=Computed Root Hash: 9240e2d875926867187ace7195b7e715f233f4a7ea14dedac72d229c185ca552
1493:  t=l=info app=rekor-cli m=Expected Root Hash: 9240e2d875926867187ace7195b7e715f233f4a7ea14dedac72d229c185ca552
1494:  �[38;5;10m•�[0m
1495:  �[38;5;10m�[1mRan 9 of 9 Specs in 3.411 seconds�[0m
1496:  �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m9 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m
1497:  --- PASS: TestGitsignE2E (3.41s)
...

1626:  Total Tree Size:        1
1627:  Root Hash:              6af4ae6264e472fe2f8b80bb45e6340ebefae33fc3484e31860e93912671cca8
1628:  TreeID:                 9120315852340705829
1629:  [78 111 32 112 114 101 118 105 111 117 115 32 108 111 103 32 115 116 97 116 101 32 115 116 111 114 101 100 44 32 117 110 97 98 108 101 32 116 111 32 112 114 111 118 101 32 99 111 110 115 105 115 116 101 110 99 121 10 86 101 114 105 102 105 99 97 116 105 111 110 32 83 117 99 99 101 115 115 102 117 108 33 10 65 99 116 105 118 101 32 84 114 101 101 32 83 105 122 101 58 32 32 32 32 32 32 32 49 10 84 111 116 97 108 32 84 114 101 101 32 83 105 122 101 58 32 32 32 32 32 32 32 32 49 10 82 111 111 116 32 72 97 115 104 58 32 32 32 32 32 32 32 32 32 32 32 32 32 32 54 97 102 52 97 101 54 50 54 52 101 52 55 50 102 101 50 102 56 98 56 48 98 98 52 53 101 54 51 52 48 101 98 101 102 97 101 51 51 102 99 51 52 56 52 101 51 49 56 54 48 101 57 51 57 49 50 54 55 49 99 99 97 56 10 84 114 101 101 73 68 58 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 57 49 50 48 51 49 53 56 53 50 51 52 48 55 48 53 56 50 57 10]
1630:  �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID):
1631:  7e91def23a21ba256af4ae6264e472fe2f8b80bb45e6340ebefae33fc3484e31860e93912671cca8
1632:  [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 55 101 57 49 100 101 102 50 51 97 50 49 98 97 50 53 54 97 102 52 97 101 54 50 54 52 101 52 55 50 102 101 50 102 56 98 56 48 98 98 52 53 101 54 51 52 48 101 98 101 102 97 101 51 51 102 99 51 52 56 52 101 51 49 56 54 48 101 57 51 57 49 50 54 55 49 99 99 97 56 10]
1633:  �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID):
1634:  7e91def23a21ba256af4ae6264e472fe2f8b80bb45e6340ebefae33fc3484e31860e93912671cca8
1635:  [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 55 101 57 49 100 101 102 50 51 97 50 49 98 97 50 53 54 97 102 52 97 101 54 50 54 52 101 52 55 50 102 101 50 102 56 98 56 48 98 98 52 53 101 54 51 52 48 101 98 101 102 97 101 51 51 102 99 51 52 56 52 101 51 49 56 54 48 101 57 51 57 49 50 54 55 49 99 99 97 56 10]
1636:  �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID):
1637:  7e91def23a21ba256af4ae6264e472fe2f8b80bb45e6340ebefae33fc3484e31860e93912671cca8
1638:  [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 55 101 57 49 100 101 102 50 51 97 50 49 98 97 50 53 54 97 102 52 97 101 54 50 54 52 101 52 55 50 102 101 50 102 56 98 56 48 98 98 52 53 101 54 51 52 48 101 98 101 102 97 101 51 51 102 99 51 52 56 52 101 51 49 56 54 48 101 57 51 57 49 50 54 55 49 99 99 97 56 10]
1639:  �[38;5;10m•�[0m
1640:  �[38;5;10m�[1mRan 9 of 9 Specs in 1.072 seconds�[0m
1641:  �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m9 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m
1642:  --- PASS: TestRekorCliE2E (1.08s)
...

1653:  t=l=info m=SIGSTORE_FULCIO_URL=http://fulcio-server.local
1654:  t=l=info m=SIGSTORE_REKOR_URL=http://rekor-server.local
1655:  t=l=info m=TUF_URL=http://tuf.local
1656:  t=l=info m=TSA_URL=http://tsa-server.local/api/v1/timestamp
1657:  t=l=info m=KEYCLOAK_REALM=trusted-artifact-signer
1658:  t=l=info m=Getting binary 'updatetree' from CLI serverServer URLhttp://cli-server.local
1659:  t=l=info m=Downloading updatetree from http://cli-server.local/clients/linux/updatetree-amd64.gz
1660:  t=l=info m=Getting binary 'createtree' from CLI serverServer URLhttp://cli-server.local
1661:  t=l=info m=Downloading createtree from http://cli-server.local/clients/linux/createtree-amd64.gz
1662:  t=l=info app=createtree m=Usage of /tmp/createtree4263932766/createtree:
1663:  -add_dir_header
1664:  If true, adds the file directory to the header of the log messages
1665:  -admin_server string
1666:  Address of the gRPC Trillian Admin Server (host:port)
1667:  -alsologtostderr
1668:  log to standard error as well as files (no effect when -logtostderr=true)
1669:  -config string
1670:  Config file containing flags, file contents can be overridden by command line flags
1671:  -description string
1672:  Description of the new tree
1673:  -display_name string
1674:  Display name of the new tree
1675:  -log_backtrace_at value
1676:  when logging hits line file:N, emit a stack trace
1677:  -log_dir string
1678:  If non-empty, write log files in this directory (no effect when -logtostderr=true)
1679:  -log_file string
1680:  If non-empty, use this log file (no effect when -logtostderr=true)
1681:  -log_file_max_size uint
1682:  Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
1683:  -logtostderr
1684:  log to standard error instead of files (default true)
1685:  -max_root_duration duration
...

1698:  Path to the file containing the Trillian server's PEM-encoded public TLS certificate. If unset, unsecured connections will be used
1699:  -tree_state string
1700:  State of the new tree (default "ACTIVE")
1701:  -tree_type string
1702:  Type of the new tree (default "LOG")
1703:  -v value
1704:  number for the log level verbosity
1705:  -vmodule value
1706:  comma-separated list of pattern=N settings for file-filtered logging
1707:  �[38;5;10m•�[0mt=l=info app=updatetree m=Usage of /tmp/updatetree1889831261/updatetree:
1708:  -add_dir_header
1709:  If true, adds the file directory to the header of the log messages
1710:  -admin_server string
1711:  Address of the gRPC Trillian Admin Server (host:port)
1712:  -alsologtostderr
1713:  log to standard error as well as files (no effect when -logtostderr=true)
1714:  -log_backtrace_at value
1715:  when logging hits line file:N, emit a stack trace
1716:  -log_dir string
1717:  If non-empty, write log files in this directory (no effect when -logtostderr=true)
1718:  -log_file string
1719:  If non-empty, use this log file (no effect when -logtostderr=true)
1720:  -log_file_max_size uint
1721:  Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
1722:  -logtostderr
1723:  log to standard error instead of files (default true)
1724:  -one_output
...

1735:  logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2)
1736:  -tls_cert_file string
1737:  Path to the file containing the Trillian server's PEM-encoded public TLS certificate. If unset, unsecured connections will be used
1738:  -tree_id int
1739:  The ID of the tree to be set updated
1740:  -tree_state string
1741:  If set the tree state will be updated
1742:  -tree_type string
1743:  If set the tree type will be updated
1744:  -v value
1745:  number for the log level verbosity
1746:  -vmodule value
1747:  comma-separated list of pattern=N settings for file-filtered logging
1748:  �[38;5;10m•�[0m
1749:  �[38;5;10m�[1mRan 2 of 2 Specs in 0.439 seconds�[0m
1750:  �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m2 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m
1751:  --- PASS: TestTrillianTest (0.44s)
...

1755:  Running Suite: Create tuf repo manually - /home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool
1756:  ======================================================================================================================
1757:  Random Seed: �[1m1762509967�[0m
1758:  Will run �[1m2�[0m of �[1m2�[0m specs
1759:  t=l=info m=Getting binary 'tuftool' from CLI serverServer URLhttp://cli-server.local
1760:  t=l=info m=Downloading tuftool from http://cli-server.local/clients/linux/tuftool-amd64.gz
1761:  t=l=info m=Done. Using '/tmp/tuftool2006377150/tuftool' with version:
1762:  t=l=info app=tuftool m=tuftool 0.12.0
1763:  t=l=info m=Created temporary directory: /tmp/trustroot_example3392978546
1764:  t=l=info app=tuftool m=d1b5266bb51d0080823005c59c627ea8bfcd15afc5460eea23d61be39f924830
1765:  t=l=info app=tuftool m=f5eb883e590eb5b3615396de070385e27a49822951b8d469f807e1f4fcd4b9c8
1766:  t=l=info app=tuftool m=f1222df7cf1e31365727c9b591b0487237c48c8cb8c6c8ff33d02b2e6de3c3be
1767:  t=l=info app=tuftool m=097bf52dd236c018532378ae3fb8316b94984b74ed6546c22d3775b45d31e24c
1768:  �[38;5;10m•�[0m
1769:  �[38;5;243m------------------------------�[0m
1770:  �[38;5;9m• [FAILED] [0.001 seconds]�[0m
1771:  �[0mTUF manual repo test �[38;5;9m�[1m[It] should verify workdir structure�[0m
1772:  �[38;5;243m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:68�[0m
1773:  �[38;5;9m[FAILED] unexpected file in targets: /tmp/trustroot_example3392978546/tuf-repo/targets/45f89066b2b8a5e2ef7e7e4f38fab24d8c90a3284fbd681cdfdcb51b09b4ab68.signing_config.v0.2.json
1774:  Expected
1775:  <bool>: false
1776:  to be true�[0m
1777:  �[38;5;9mIn �[1m[It]�[0m�[38;5;9m at: �[1m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:253�[0m �[38;5;243m@ 11/07/25 10:06:08.629�[0m
1778:  �[38;5;243m------------------------------�[0m
1779:  �[38;5;9m�[1mSummarizing 1 Failure:�[0m
1780:  �[38;5;9m[FAIL]�[0m �[0mTUF manual repo test �[38;5;9m�[1m[It] should verify workdir structure�[0m
1781:  �[38;5;243m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:253�[0m
1782:  �[38;5;9m�[1mRan 2 of 2 Specs in 1.599 seconds�[0m
1783:  �[38;5;9m�[1mFAIL!�[0m -- �[38;5;10m�[1m1 Passed�[0m | �[38;5;9m�[1m1 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m
1784:  --- FAIL: TestManualTUFRepoTest (1.60s)
1785:  FAIL
1786:  FAIL	github.com/securesign/sigstore-e2e/test/tuftool	1.617s
1787:  FAIL
1788:  ##[error]Process completed with exit code 1.
1789:  ##[group]Run kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager
...

1848:  I1107 10:02:30.720109       1 controller.go:286] "Starting Controller" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor"
1849:  I1107 10:02:30.720114       1 controller.go:286] "Starting Controller" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority"
1850:  I1107 10:02:30.720176       1 controller.go:289] "Starting workers" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" worker count=1
1851:  I1107 10:02:30.720221       1 controller.go:289] "Starting workers" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" worker count=1
1852:  I1107 10:02:30.720244       1 controller.go:286] "Starting Controller" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian"
1853:  I1107 10:02:30.720255       1 controller.go:289] "Starting workers" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" worker count=1
1854:  I1107 10:02:30.720260       1 controller.go:286] "Starting Controller" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf"
1855:  I1107 10:02:30.720267       1 controller.go:289] "Starting workers" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" worker count=1
1856:  I1107 10:02:30.720282       1 controller.go:286] "Starting Controller" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio"
1857:  I1107 10:02:30.720286       1 controller.go:286] "Starting Controller" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog"
1858:  I1107 10:02:30.720290       1 controller.go:286] "Starting Controller" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign"
1859:  I1107 10:02:30.720291       1 controller.go:289] "Starting workers" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" worker count=1
1860:  I1107 10:02:30.720293       1 controller.go:289] "Starting workers" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" worker count=1
1861:  I1107 10:02:30.720319       1 controller.go:289] "Starting workers" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" worker count=1
1862:  I1107 10:02:43.665305       1 warning_handler.go:64] "metadata.finalizers: \"tas.rhtas.redhat.com\": prefer a domain-qualified finalizer name including a path (/) to avoid accidental conflicts with other finalizer writers" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" Securesign="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="500fa8d4-55b5-4f35-9341-30636504baf3"
1863:  I1107 10:02:44.289247       1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="432777c8-ecdd-4453-a8b0-79237b229323" error="deployment not ready(fulcio-server): not available"
1864:  I1107 10:02:44.289281       1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="432777c8-ecdd-4453-a8b0-79237b229323"
1865:  I1107 10:02:44.302212       1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="e4ef0370-be85-46f6-8bfb-ae2807765d6e" error="deployment not ready(fulcio-server): not available"
1866:  I1107 10:02:44.302237       1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="e4ef0370-be85-46f6-8bfb-ae2807765d6e"
1867:  I1107 10:02:44.302358       1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="9a5b7aca-79db-46ea-bc1a-6bfa02710f64" error="deployment not ready(tsa-server): not available"
1868:  I1107 10:02:44.302377       1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="9a5b7aca-79db-46ea-bc1a-6bfa02710f64"
1869:  I1107 10:02:44.311721       1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6b66c64b-a79c-4762-8f90-d477ad4fd3a9" error="deployment not ready(tsa-server): not available"
1870:  I1107 10:02:44.311748       1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6b66c64b-a79c-4762-8f90-d477ad4fd3a9"
1871:  I1107 10:02:44.973834       1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4685d9da-5227-49f0-8417-b5491f23df19" error="deployment not ready(trillian-db): not available"
1872:  I1107 10:02:44.974998       1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4685d9da-5227-49f0-8417-b5491f23df19"
1873:  I1107 10:02:44.998412       1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="5e4f7fd6-b582-46b9-85b4-49f260fddcf5" error="deployment not ready(trillian-db): not available"
1874:  I1107 10:02:44.998492       1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="5e4f7fd6-b582-46b9-85b4-49f260fddcf5"
1875:  I1107 10:02:45.006534       1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="1b242aa0-f5d4-4705-80cf-a686cae6fd29" error="deployment not ready(trillian-db): not available"
1876:  I1107 10:02:45.006551       1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="1b242aa0-f5d4-4705-80cf-a686cae6fd29"
1877:  I1107 10:03:22.323171       1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="48a4c10d-325f-41e8-bb0f-d74072b4e119" error="deployment not ready(trillian-logserver): not available"
1878:  I1107 10:03:22.323198       1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="48a4c10d-325f-41e8-bb0f-d74072b4e119"
1879:  I1107 10:03:22.332570       1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a7518fd8-00db-4880-a5b8-3143133488cc" error="deployment not ready(trillian-logserver): not available"
1880:  I1107 10:03:22.332605       1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a7518fd8-00db-4880-a5b8-3143133488cc"
1881:  I1107 10:03:39.325370       1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="14866d52-d07c-4d76-884e-5c4e311f7d5f" error="deployment not ready(trillian-logserver): not available"
1882:  I1107 10:03:39.325405       1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="14866d52-d07c-4d76-884e-5c4e311f7d5f"
1883:  I1107 10:03:50.366983       1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6d56a6c5-9a7c-4770-812b-ee1b9e4808f6" error="deployment not ready(rekor-server): not available"
1884:  I1107 10:03:50.367008       1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6d56a6c5-9a7c-4770-812b-ee1b9e4808f6"
1885:  I1107 10:03:50.376423       1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f9be68af-39ba-4bda-8cb9-de7a95aac392" error="deployment not ready(rekor-server): not available"
1886:  I1107 10:03:50.376450       1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f9be68af-39ba-4bda-8cb9-de7a95aac392"
1887:  I1107 10:04:04.439598       1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4bdf35d4-238e-4350-bcc0-ab7447d49f93" error="deployment not ready(rekor-server): not available"
1888:  I1107 10:04:04.439626       1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4bdf35d4-238e-4350-bcc0-ab7447d49f93"
1889:  I1107 10:04:12.402729       1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a3c6b1b0-045e-4f43-acee-a0e5c18843be" error="deployment not ready(rekor-server): not available"
1890:  I1107 10:04:12.404250       1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a3c6b1b0-045e-4f43-acee-a0e5c18843be"
1891:  I1107 10:04:13.693986       1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="950bb36e-984f-4ee9-b121-253b44c4e6f9" error="deployment not ready(rekor-server): not available"
1892:  I1107 10:04:13.694022       1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="950bb36e-984f-4ee9-b121-253b44c4e6f9"
1893:  I1107 10:04:13.705465       1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="9ed7401f-7529-4a1e-a2c7-bffed94c5bfa" error="deployment not ready(rekor-server): not available"
1894:  I1107 10:04:13.705489       1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="9ed7401f-7529-4a1e-a2c7-bffed94c5bfa"
1895:  I1107 10:04:24.555861       1 initialize.go:42] "deployment is not ready" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4e27b18d-ac26-4c15-9f75-159d3d7eaca0" error="deployment not ready(ctlog): not available"
1896:  I1107 10:04:24.555888       1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4e27b18d-ac26-4c15-9f75-159d3d7eaca0"
1897:  I1107 10:04:24.566318       1 initialize.go:42] "deployment is not ready" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="415206d5-35a0-402b-abc4-377bb58d3a97" error="deployment not ready(ctlog): not available"
1898:  I1107 10:04:24.566347       1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="415206d5-35a0-402b-abc4-377bb58d3a97"
1899:  I1107 10:04:44.465653       1 resolve_pub_key.go:152] "retrying to get rekor public key" logger="resolve public key" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="8392d334-cffc-461e-a4bd-a95c65273e8c"
1900:  E1107 10:04:44.472648       1 base_action.go:92] "error during action execution" err="ResolvePubKey: unable to resolve public key: Get \"http://rekor-server.test.svc/api/v1/log/publicKey\": dial tcp 10.96.78.12:80: i/o timeout" logger="resolve public key" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="8392d334-cffc-461e-a4bd-a95c65273e8c"
1901:  E1107 10:04:44.472779       1 controller.go:474] "Reconciler error" err="ResolvePubKey: unable to resolve public key: Get \"http://rekor-server.test.svc/api/v1/log/publicKey\": dial tcp 10.96.78.12:80: i/o timeout" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="8392d334-cffc-461e-a4bd-a95c65273e8c"
1902:  I1107 10:04:54.208168       1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="b8a58828-3f4e-4cb7-8cdb-0a0548bffe5b" Succeeded=0 Failures=0
1903:  I1107 10:04:59.214660       1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="09ffd4bb-770a-494b-a1bf-e1b96bfb2393" Succeeded=1 Failures=0
1904:  I1107 10:04:59.347220       1 initialize.go:43] "deployment is not ready" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="19c7aebf-1835-442a-ab75-eb3cbd098ca4" error="deployment not ready(tuf): not available"
1905:  I1107 10:04:59.347246       1 initialize.go:48] "Waiting for deployment" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="19c7aebf-1835-442a-ab75-eb3cbd098ca4"
1906:  I1107 10:04:59.352466       1 initialize.go:43] "deployment is not ready" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6ac64651-7ca3-4974-a2a5-9b22936bed48" error="deployment not ready(tuf): not available"
1907:  I1107 10:04:59.352488       1 initialize.go:48] "Waiting for deployment" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6ac64651-7ca3-4974-a2a5-9b22936bed48"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@tommyd450 tommyd450 tommyd450 approved these changes

Assignees

No one assigned

Labels

dependencies Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JasonPowr @tommyd450 @osmman