fix(build): Make docker-buildx target compatible with podman

[kdacosta0]

The docker-buildx target was using Docker-specific 'buildx' commands,
which failed when CONTAINER_TOOL was set to 'podman'

Summary by Sourcery

Support Podman for cross-platform image builds by conditionally using standard Podman build and push commands in the docker-buildx Makefile target while retaining Docker buildx for other container tools.

Bug Fixes:

• Make the Makefile docker-buildx target compatible with Podman by using podman build and podman push when CONTAINER_TOOL is set to podman

Enhancements:

• Add conditional logic in the Makefile to choose between Docker buildx and Podman build commands

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Enhanced the Makefile’s docker-buildx target to support Podman by introducing a conditional branch that uses standard podman build and push commands when CONTAINER_TOOL=podman, while retaining the existing Docker buildx workflow in other cases.

File-Level Changes

Change	Details	Files
Introduce conditional logic for Podman compatibility in docker-buildx target	Added ifeq block to detect when CONTAINER_TOOL is podman Inserted podman build and push commands under the podman branch Wrapped existing buildx create/use/build/push/rm commands in the else branch	Makefile

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[qodo-merge-pro]

PR Compliance Guide 🔍

(Compliance updated until commit a4add9d)

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No auditing: The added Makefile logic for Podman vs Docker builds does not include any audit logging of critical actions like image builds or pushes, which may be acceptable for build scripts but cannot be confirmed from this diff alone. Referred Code ifeq ($(CONTAINER_TOOL),podman) $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile . $(CONTAINER_TOOL) push ${IMG} else # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder rm Dockerfile.cross endif
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Missing error handling: New build/push commands do not handle failures explicitly (e.g., conditional checks, retries, or contextual error messages), though Makefiles often rely on default non-zero exit behavior. Referred Code ifeq ($(CONTAINER_TOOL),podman) $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile . $(CONTAINER_TOOL) push ${IMG} else # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder rm Dockerfile.cross endif

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

---

Previous compliance checks

Compliance check up to commit 77e9184

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed
🔴	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Silent failures: The docker branch uses prefixed '-' to ignore failures and the podman branch lacks error handling entirely, which can mask build/push errors and provides no actionable context. Referred Code $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . $(CONTAINER_TOOL) push ${IMG} else - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No auditing: The new build/push logic introduces critical actions (image build and push) without any accompanying audit/log statements to trace who performed the action, when, and the outcome. Referred Code $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . $(CONTAINER_TOOL) push ${IMG} else - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Uncontrolled output: Build and push commands may emit detailed tool errors directly to the console without differentiation between user-facing and internal logs; the Makefile provides no safeguards to prevent sensitive internal details from being exposed. Referred Code $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . $(CONTAINER_TOOL) push ${IMG} else - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Unstructured logs: The build/push steps output raw tool logs without structured formatting or filtering, offering no assurance that sensitive data will not be emitted in logs. Referred Code $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . $(CONTAINER_TOOL) push ${IMG} else - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unvalidated inputs: External inputs such as IMG, PLATFORMS, and CONTAINER_TOOL are used directly in shell commands without validation or sanitization, which could lead to command injection or misuse in certain environments. Referred Code ifeq ($(CONTAINER_TOOL),podman) $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . $(CONTAINER_TOOL) push ${IMG} else - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder endif rm Dockerfile.cross

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Ensure temporary file cleanup on failure Use a trap command to ensure the temporary Dockerfile.cross is always removed, even if the podman build or push commands fail. This prevents leaving orphaned artifacts. Makefile [194-203] ifeq ($(CONTAINER_TOOL),podman) - $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + @trap 'rm -f Dockerfile.cross' EXIT; \ + $(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .; \ $(CONTAINER_TOOL) push ${IMG} else - $(CONTAINER_TOOL) buildx create --name project-v3-builder $(CONTAINER_TOOL) buildx use project-v3-builder - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . - $(CONTAINER_TOOL) buildx rm project-v3-builder + rm Dockerfile.cross endif - rm Dockerfile.cross Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that a failure in the podman commands would leave an orphaned temporary file and proposes a robust trap-based solution to ensure cleanup, improving the script's reliability.	Low
General	Combine build and push commands Combine the podman build and podman push commands into a single command by using the --push flag with podman build. This simplifies the Makefile and aligns it with the docker command's usage. Makefile [195-196] -$(CONTAINER_TOOL) build --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . -$(CONTAINER_TOOL) push ${IMG} +$(CONTAINER_TOOL) build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . Apply / Chat Suggestion importance[1-10]: 5 __ Why: The suggestion correctly proposes using the --push flag with podman build to combine two commands into one, which simplifies the code and improves consistency with the docker command path.	Low
Update

[osmman]

I think that this part is not needed for podman

[qodo-merge-pro]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Execute securesign/sigstore-e2e

Failed stage: Run tests [❌]

Failed test name: TestManualTUFRepoTest

Failure summary: The action failed because the E2E test for the TUF manual repository structure failed: - Test: TUF manual repo test [It] should verify workdir structure - File/Line: /home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:286 - Error: Expected at least one file with suffix .signing_config.v0.2.json, found 0 - Suite context shows TUF repo initialization ran, but the expected signing config file was not generated or placed in the workdir.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 458: configmap/ingress-nginx-controller created 459: service/ingress-nginx-controller created 460: service/ingress-nginx-controller-admission created 461: deployment.apps/ingress-nginx-controller created 462: job.batch/ingress-nginx-admission-create created 463: job.batch/ingress-nginx-admission-patch created 464: ingressclass.networking.k8s.io/nginx created 465: validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created 466: pod/ingress-nginx-controller-bcdf75cfc-7szwq condition met 467: ##[group]Run # Download the bundle.yaml 468: �[36;1m# Download the bundle.yaml�[0m 469: �[36;1mcurl -sL https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.84.0/bundle.yaml -o bundle.yaml �[0m 470: �[36;1m�[0m 471: �[36;1m# Check if the download was successful and the file is not empty�[0m 472: �[36;1mif [ ! -s "bundle.yaml" ]; then�[0m 473: �[36;1m echo "Error: Downloaded bundle.yaml is empty or failed to download."�[0m 474: �[36;1m exit 1�[0m ... 754: BUNDLE_IMG: ghcr.io/securesign/secure-sign-operator-bundle:dev-8de04b39f3c93e8048a11309b766e4fac40db1c9 755: CATALOG_IMG: ghcr.io/securesign/secure-sign-operator-fbc:dev-8de04b39f3c93e8048a11309b766e4fac40db1c9 756: NEW_OLM_CHANNEL: rhtas-operator.v1.4.0 757: OCP_VERSION: v4.19 758: TEST_NAMESPACE: test 759: REGISTRY_AUTH_FILE: /tmp/config.json 760: OPENSHIFT: false 761: ##[endgroup] 762: /home/runner/work/secure-sign-operator/secure-sign-operator/bin/controller-gen-v0.17.0 rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases 763: Downloading sigs.k8s.io/kustomize/kustomize/[email protected] 764: go: downloading sigs.k8s.io/kustomize/kustomize/v5 v5.6.0 765: go: downloading github.com/spf13/cobra v1.8.0 766: go: downloading sigs.k8s.io/kustomize/api v0.19.0 767: go: downloading sigs.k8s.io/kustomize/cmd/config v0.19.0 768: go: downloading sigs.k8s.io/kustomize/kyaml v0.19.0 769: go: downloading github.com/go-errors/errors v1.4.2 770: go: downloading github.com/davecgh/go-spew v1.1.1 ... 937: {"status":"Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"} 938: {"status":"Status: Downloaded newer image for mirror.gcr.io/alpine:latest"} 939: {"status":"The push refers to repository [ttl.sh/bfd060a9-9eb9-465d-93d9-245b616d86d1]"} 940: {"status":"Preparing","progressDetail":{},"id":"256f393e029f"} 941: {"status":"Pushing","progressDetail":{"current":101376,"total":8317404},"progress":"[\u003e ] 101.4kB/8.317MB","id":"256f393e029f"} 942: {"status":"Pushing","progressDetail":{"current":199680,"total":8317404},"progress":"[=\u003e ] 199.7kB/8.317MB","id":"256f393e029f"} 943: {"status":"Pushing","progressDetail":{"current":494592,"total":8317404},"progress":"[==\u003e ] 494.6kB/8.317MB","id":"256f393e029f"} 944: {"status":"Pushing","progressDetail":{"current":1061376,"total":8317404},"progress":"[======\u003e ] 1.061MB/8.317MB","id":"256f393e029f"} 945: {"status":"Pushing","progressDetail":{"current":2657280,"total":8317404},"progress":"[===============\u003e ] 2.657MB/8.317MB","id":"256f393e029f"} 946: {"status":"Pushing","progressDetail":{"current":5409792,"total":8317404},"progress":"[================================\u003e ] 5.41MB/8.317MB","id":"256f393e029f"} 947: {"status":"Pushing","progressDetail":{"current":8167936,"total":8317404},"progress":"[=================================================\u003e ] 8.168MB/8.317MB","id":"256f393e029f"} 948: {"status":"Pushing","progressDetail":{"current":8607232,"total":8317404},"progress":"[==================================================\u003e] 8.607MB","id":"256f393e029f"} 949: {"status":"Pushed","progressDetail":{},"id":"256f393e029f"} 950: {"status":"5m: digest: sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64 size: 527"} 951: {"progressDetail":{},"aux":{"Tag":"5m","Digest":"sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64","Size":527}} 952: t=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. 953: t=l=info app=cosign m=Root status: 954: t=l=info app=cosign m= { 955: t=l=info app=cosign m= "local": "/home/runner/.sigstore/root", 956: t=l=info app=cosign m= "remote": "http://tuf.local", 957: t=l=info app=cosign m= "metadata": { 958: t=l=info app=cosign m= "root.json": { 959: t=l=info app=cosign m= "version": 1, 960: t=l=info app=cosign m= "len": 4128, 961: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 962: t=l=info app=cosign m= "error": "" 963: t=l=info app=cosign m= }, 964: t=l=info app=cosign m= "snapshot.json": { 965: t=l=info app=cosign m= "version": 1, 966: t=l=info app=cosign m= "len": 994, 967: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 968: t=l=info app=cosign m= "error": "" 969: t=l=info app=cosign m= }, 970: t=l=info app=cosign m= "targets.json": { 971: t=l=info app=cosign m= "version": 1, 972: t=l=info app=cosign m= "len": 2416, 973: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 974: t=l=info app=cosign m= "error": "" 975: t=l=info app=cosign m= }, 976: t=l=info app=cosign m= "timestamp.json": { 977: t=l=info app=cosign m= "version": 1, 978: t=l=info app=cosign m= "len": 995, 979: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 980: t=l=info app=cosign m= "error": "" 981: t=l=info app=cosign m= } 982: t=l=info app=cosign m= }, 983: t=l=info app=cosign m= "targets": [ 984: t=l=info app=cosign m= "rekor.pub", 985: t=l=info app=cosign m= "fulcio_v1.crt.pem", 986: t=l=info app=cosign m= "trusted_root.json", 987: t=l=info app=cosign m= "tsa.certchain.pem", 988: t=l=info app=cosign m= "ctfe.pub" 989: t=l=info app=cosign m= ] 990: t=l=info app=cosign m=} 991: �[38;5;10m•�[0mt=l=error app=cosign m=Generating ephemeral keys... 992: t=l=error app=cosign m=Retrieving signed certificate... 993: t=l=error app=cosign m=Successfully verified SCT... 994: t=l=error app=cosign m=WARNING: Image reference ttl.sh/bfd060a9-9eb9-465d-93d9-245b616d86d1:5m uses a tag, not a digest, to identify the image to sign. 995: t=l=error app=cosign m= This can lead you to sign a different image than the intended one. Please use a 996: t=l=error app=cosign m= digest (example.com/ubuntu@sha256:abc123...) rather than tag 997: t=l=error app=cosign m= (example.com/ubuntu:latest) for the input to cosign. The ability to refer to 998: t=l=error app=cosign m= images by tag will be removed in a future release. 999: t=l=error app=cosign 1000: t=l=error app=cosign 1001: t=l=error app=cosign m= The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. 1002: t=l=error app=cosign m= Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. 1003: t=l=error app=cosign m= This may include the email address associated with the account with which you authenticate your contractual Agreement. 1004: t=l=error app=cosign m= This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. 1005: t=l=error app=cosign 1006: t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. 1007: t=l=error app=cosign m=Timestamp fetched with time: 2025-11-06 17:40:05 +0000 UTC 1008: t=l=error app=cosign m=tlog entry created with index: 2 1009: t=l=error app=cosign m=Pushing signature to: ttl.sh/bfd060a9-9eb9-465d-93d9-245b616d86d1 1010: �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign 1011: t=l=error app=cosign m=Verification for ttl.sh/bfd060a9-9eb9-465d-93d9-245b616d86d1:5m -- 1012: t=l=error app=cosign m=The following checks were performed on each of these signatures: 1013: t=l=error app=cosign m= - The cosign claims were validated 1014: t=l=error app=cosign m= - Existence of the claims in the transparency log was verified offline 1015: t=l=error app=cosign m= - The code-signing certificate was verified using trusted certificate authority certificates 1016: t=l=info app=cosign ... 1069: t=l=info app=ec m=OPA v1.6.0 1070: t=l=info app=ec m=Conftest v0.62.0 1071: t=l=info app=ec m=Cosign v2.4.1 1072: t=l=info app=ec m=Sigstore v1.8.9 1073: t=l=info app=ec m=Rekor v1.3.6 1074: t=l=info app=ec m=Tekton Pipeline v0.66.0 1075: t=l=info app=ec m=Kubernetes Client v0.32.3 1076: {"status":"Pulling from alpine","id":"latest"} 1077: {"status":"Digest: sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412"} 1078: {"status":"Status: Image is up to date for mirror.gcr.io/alpine:latest"} 1079: {"status":"The push refers to repository [ttl.sh/2a046767-eeb4-4ab3-8922-1768e2f1a40c]"} 1080: {"status":"Preparing","progressDetail":{},"id":"256f393e029f"} 1081: {"status":"Mounted from bfd060a9-9eb9-465d-93d9-245b616d86d1","progressDetail":{},"id":"256f393e029f"} 1082: {"status":"5m: digest: sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64 size: 527"} 1083: {"progressDetail":{},"aux":{"Tag":"5m","Digest":"sha256:9d04ae17046f42ec0cd37d0429fff0edd799d7159242938cc5a964dcd38c1b64","Size":527}} 1084: t=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. 1085: t=l=info app=cosign m=Root status: 1086: t=l=info app=cosign m= { 1087: t=l=info app=cosign m= "local": "/home/runner/.sigstore/root", 1088: t=l=info app=cosign m= "remote": "http://tuf.local", 1089: t=l=info app=cosign m= "metadata": { 1090: t=l=info app=cosign m= "root.json": { 1091: t=l=info app=cosign m= "version": 1, 1092: t=l=info app=cosign m= "len": 4128, 1093: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1094: t=l=info app=cosign m= "error": "" 1095: t=l=info app=cosign m= }, 1096: t=l=info app=cosign m= "snapshot.json": { 1097: t=l=info app=cosign m= "version": 1, 1098: t=l=info app=cosign m= "len": 994, 1099: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1100: t=l=info app=cosign m= "error": "" 1101: t=l=info app=cosign m= }, 1102: t=l=info app=cosign m= "targets.json": { 1103: t=l=info app=cosign m= "version": 1, 1104: t=l=info app=cosign m= "len": 2416, 1105: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1106: t=l=info app=cosign m= "error": "" 1107: t=l=info app=cosign m= }, 1108: t=l=info app=cosign m= "timestamp.json": { 1109: t=l=info app=cosign m= "version": 1, 1110: t=l=info app=cosign m= "len": 995, 1111: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1112: t=l=info app=cosign m= "error": "" 1113: t=l=info app=cosign m= } 1114: t=l=info app=cosign m= }, 1115: t=l=info app=cosign m= "targets": [ 1116: t=l=info app=cosign m= "ctfe.pub", 1117: t=l=info app=cosign m= "rekor.pub", 1118: t=l=info app=cosign m= "fulcio_v1.crt.pem", 1119: t=l=info app=cosign m= "trusted_root.json", 1120: t=l=info app=cosign m= "tsa.certchain.pem" 1121: t=l=info app=cosign m= ] 1122: t=l=info app=cosign m=} 1123: �[38;5;10m•�[0mt=l=error app=cosign m=Generating ephemeral keys... 1124: t=l=error app=cosign m=Retrieving signed certificate... 1125: t=l=error app=cosign m=Successfully verified SCT... 1126: t=l=error app=cosign m=WARNING: Image reference ttl.sh/2a046767-eeb4-4ab3-8922-1768e2f1a40c:5m uses a tag, not a digest, to identify the image to sign. 1127: t=l=error app=cosign m= This can lead you to sign a different image than the intended one. Please use a 1128: t=l=error app=cosign m= digest (example.com/ubuntu@sha256:abc123...) rather than tag 1129: t=l=error app=cosign m= (example.com/ubuntu:latest) for the input to cosign. The ability to refer to 1130: t=l=error app=cosign m= images by tag will be removed in a future release. 1131: t=l=error app=cosign 1132: t=l=error app=cosign 1133: t=l=error app=cosign m= The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. 1134: t=l=error app=cosign m= Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. 1135: t=l=error app=cosign m= This may include the email address associated with the account with which you authenticate your contractual Agreement. 1136: t=l=error app=cosign m= This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. 1137: t=l=error app=cosign 1138: t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. 1139: t=l=error app=cosign m=tlog entry created with index: 3 1140: t=l=error app=cosign m=Pushing signature to: ttl.sh/2a046767-eeb4-4ab3-8922-1768e2f1a40c 1141: �[38;5;10m•�[0mt=l=info app=cosign m= ... 1173: t=l=info app=rekor-cli m=4 1174: t=l=info app=rekor-cli m=mxw0AJt1oKZQtrEVLgERUxDqlEZUfLw9lTL2Pg2Hi+M= 1175: t=l=info app=rekor-cli 1176: t=l=info app=rekor-cli m=— rekor-server-6b877b489-w8fgv RxIyUTBFAiEApSIAdIRT5kp5zNFgfGQNBTLhPKyRcXHa7LvMNORHh/0CIGh/RmKV8o5hwBwvB8YJ8VVr5OEqNUHowkeqH3Z0HXUh 1177: t=l=info app=rekor-cli 1178: t=l=info app=rekor-cli 1179: t=l=info app=rekor-cli m=Inclusion Proof: 1180: t=l=info app=rekor-cli m=SHA256(0x01 | ea91e8777a0f65a252b88cb683fc72ec6f9fbd2b29a901af3a600e6a76b146ec | e5c3f57d83ebff2f4441b9a5a982cb544f3822dab1944df168a4685683ccf8bb) = 1181: t=l=info app=rekor-cli m= 1380b48db4cc447553fe5f9dd6d73fc9f382b810478509e5755313d481092783 1182: t=l=info app=rekor-cli 1183: t=l=info app=rekor-cli m=SHA256(0x01 | 4dd9823c67a1fe9bdb1b7a92b556cfcd51d914b0e6b34084d480919a0a975ba2 | 1380b48db4cc447553fe5f9dd6d73fc9f382b810478509e5755313d481092783) = 1184: t=l=info app=rekor-cli m= 9b1c34009b75a0a650b6b1152e01115310ea9446547cbc3d9532f63e0d878be3 1185: t=l=info app=rekor-cli 1186: t=l=info app=rekor-cli m=Computed Root Hash: 9b1c34009b75a0a650b6b1152e01115310ea9446547cbc3d9532f63e0d878be3 1187: t=l=info app=rekor-cli m=Expected Root Hash: 9b1c34009b75a0a650b6b1152e01115310ea9446547cbc3d9532f63e0d878be3 1188: �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign m=WARNING: Image reference ttl.sh/2a046767-eeb4-4ab3-8922-1768e2f1a40c:5m uses a tag, not a digest, to identify the image to sign. 1189: t=l=error app=cosign m= This can lead you to sign a different image than the intended one. Please use a 1190: t=l=error app=cosign m= digest (example.com/ubuntu@sha256:abc123...) rather than tag 1191: t=l=error app=cosign m= (example.com/ubuntu:latest) for the input to cosign. The ability to refer to 1192: t=l=error app=cosign m= images by tag will be removed in a future release. 1193: t=l=error app=cosign 1194: t=l=error app=cosign m=Generating ephemeral keys... 1195: t=l=error app=cosign m=Retrieving signed certificate... 1196: t=l=error app=cosign m=Successfully verified SCT... 1197: t=l=error app=cosign m=Using payload from: /tmp/tmp895245630/predicate.json 1198: t=l=error app=cosign 1199: t=l=error app=cosign m= The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. 1200: t=l=error app=cosign m= Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. 1201: t=l=error app=cosign m= This may include the email address associated with the account with which you authenticate your contractual Agreement. 1202: t=l=error app=cosign m= This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. 1203: t=l=error app=cosign 1204: t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. 1205: t=l=error app=cosign m=tlog entry created with index: 4 1206: �[38;5;10m•�[0mt=l=info app=cosign m=📦 Supply Chain Security Related artifacts for an image: ttl.sh/2a046767-eeb4-4ab3-8922-1768e2f1a40c:5m ... 1314: code: builtin.attestation.signature_check 1315: msg: Pass 1316: - metadata: 1317: code: builtin.attestation.syntax_check 1318: msg: Pass 1319: - metadata: 1320: code: builtin.image.signature_check 1321: msg: Pass 1322: ec-version: v0.7.156+redhat 1323: effective-time: "2025-11-06T17:40:39.91280846Z" 1324: key: "" 1325: policy: {} 1326: success: true 1327: �[38;5;10m•�[0m 1328: �[38;5;10m�[1mRan 13 of 13 Specs in 55.611 seconds�[0m 1329: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m13 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1330: --- PASS: TestCosignTest (55.61s) ... 1398: t=l=info app=rekor-cli m= | |_) | | _| | ' / | | | | | |_) | _____ | | | | | | 1399: t=l=info app=rekor-cli m= | _ < | |___ | . \ | |_| | | _ < |_____| | |___ | |___ | | 1400: t=l=info app=rekor-cli m= |_| \_\ |_____| |_|\_\ \___/ |_| \_\ \____| |_____| |___| 1401: t=l=info app=rekor-cli m=rekor-cli: Rekor CLI 1402: t=l=info app=rekor-cli 1403: t=l=info app=rekor-cli m=GitVersion: v0.0.0-20251021131950-daf32a2da885+dirty 1404: t=l=info app=rekor-cli m=GitCommit: daf32a2da885d84226af755191bc2b72b72dc917 1405: t=l=info app=rekor-cli m=GitTreeState: clean 1406: t=l=info app=rekor-cli m=BuildDate: t=l=info app=rekor-cli m=GoVersion: go1.24.6 (Red Hat 1.24.6-1.el9_6) X:strictfipsruntime 1407: t=l=info app=rekor-cli m=Compiler: gc 1408: t=l=info app=rekor-cli m=Platform: linux/amd64 1409: t=l=info app=rekor-cli 1410: �[38;5;10m•�[0m�[38;5;10m•�[0m�[38;5;10m•�[0mt=l=info app=git m=[master (root-commit) 233e8d6] CI commit 2025-11-06 17:39:52.183233664 +0000 UTC m=+2.332978367 1411: t=l=info app=git m= 1 file changed, 1 insertion(+) 1412: t=l=info app=git m= create mode 100644 testFile.txt 1413: �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. 1414: t=l=info app=cosign m=Root status: 1415: t=l=info app=cosign m= { 1416: t=l=info app=cosign m= "local": "/home/runner/.sigstore/root", 1417: t=l=info app=cosign m= "remote": "http://tuf.local", 1418: t=l=info app=cosign m= "metadata": { 1419: t=l=info app=cosign m= "root.json": { 1420: t=l=info app=cosign m= "version": 1, 1421: t=l=info app=cosign m= "len": 4128, 1422: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1423: t=l=info app=cosign m= "error": "" 1424: t=l=info app=cosign m= }, 1425: t=l=info app=cosign m= "snapshot.json": { 1426: t=l=info app=cosign m= "version": 1, 1427: t=l=info app=cosign m= "len": 994, 1428: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1429: t=l=info app=cosign m= "error": "" 1430: t=l=info app=cosign m= }, 1431: t=l=info app=cosign m= "targets.json": { 1432: t=l=info app=cosign m= "version": 1, 1433: t=l=info app=cosign m= "len": 2416, 1434: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1435: t=l=info app=cosign m= "error": "" 1436: t=l=info app=cosign m= }, 1437: t=l=info app=cosign m= "timestamp.json": { 1438: t=l=info app=cosign m= "version": 1, 1439: t=l=info app=cosign m= "len": 995, 1440: t=l=info app=cosign m= "expiration": "05 Nov 26 17:38 UTC", 1441: t=l=info app=cosign m= "error": "" 1442: t=l=info app=cosign m= } ... 1482: t=l=info app=rekor-cli m=rekor-server-6b877b489-w8fgv - 4509861502439947197 1483: t=l=info app=rekor-cli m=2 1484: t=l=info app=rekor-cli m=TdmCPGeh/pvbG3qStVbPzVHZFLDms0CE1ICRmgqXW6I= 1485: t=l=info app=rekor-cli 1486: t=l=info app=rekor-cli m=— rekor-server-6b877b489-w8fgv RxIyUTBFAiEA3jx6IAWcraLqyZEtuWH33MPsFnDjgyR20haujG7W/dYCIBPp13yEyVIeME6sPGkol2Qqd13bxebhqK/W7WxaZdYo 1487: t=l=info app=rekor-cli 1488: t=l=info app=rekor-cli 1489: t=l=info app=rekor-cli m=Inclusion Proof: 1490: t=l=info app=rekor-cli m=SHA256(0x01 | 094cdc7f20b7a88746a12e8dfee9d57a8d090cd42d83ec5d0334feaaf0812fee | 00eddf1a8af1a8efc14b3be93ef2015205727e77054138b33c31c83c66f5dd7c) = 1491: t=l=info app=rekor-cli m= 4dd9823c67a1fe9bdb1b7a92b556cfcd51d914b0e6b34084d480919a0a975ba2 1492: t=l=info app=rekor-cli 1493: t=l=info app=rekor-cli m=Computed Root Hash: 4dd9823c67a1fe9bdb1b7a92b556cfcd51d914b0e6b34084d480919a0a975ba2 1494: t=l=info app=rekor-cli m=Expected Root Hash: 4dd9823c67a1fe9bdb1b7a92b556cfcd51d914b0e6b34084d480919a0a975ba2 1495: �[38;5;10m•�[0m 1496: �[38;5;10m�[1mRan 9 of 9 Specs in 3.084 seconds�[0m 1497: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m9 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1498: --- PASS: TestGitsignE2E (3.08s) ... 1627: Total Tree Size: 1 1628: Root Hash: 094cdc7f20b7a88746a12e8dfee9d57a8d090cd42d83ec5d0334feaaf0812fee 1629: TreeID: 4509861502439947197 1630: [78 111 32 112 114 101 118 105 111 117 115 32 108 111 103 32 115 116 97 116 101 32 115 116 111 114 101 100 44 32 117 110 97 98 108 101 32 116 111 32 112 114 111 118 101 32 99 111 110 115 105 115 116 101 110 99 121 10 86 101 114 105 102 105 99 97 116 105 111 110 32 83 117 99 99 101 115 115 102 117 108 33 10 65 99 116 105 118 101 32 84 114 101 101 32 83 105 122 101 58 32 32 32 32 32 32 32 49 10 84 111 116 97 108 32 84 114 101 101 32 83 105 122 101 58 32 32 32 32 32 32 32 32 49 10 82 111 111 116 32 72 97 115 104 58 32 32 32 32 32 32 32 32 32 32 32 32 32 32 48 57 52 99 100 99 55 102 50 48 98 55 97 56 56 55 52 54 97 49 50 101 56 100 102 101 101 57 100 53 55 97 56 100 48 57 48 99 100 52 50 100 56 51 101 99 53 100 48 51 51 52 102 101 97 97 102 48 56 49 50 102 101 101 10 84 114 101 101 73 68 58 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 52 53 48 57 56 54 49 53 48 50 52 51 57 57 52 55 49 57 55 10] 1631: �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID): 1632: 3e963f2467247bbd094cdc7f20b7a88746a12e8dfee9d57a8d090cd42d83ec5d0334feaaf0812fee 1633: [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 51 101 57 54 51 102 50 52 54 55 50 52 55 98 98 100 48 57 52 99 100 99 55 102 50 48 98 55 97 56 56 55 52 54 97 49 50 101 56 100 102 101 101 57 100 53 55 97 56 100 48 57 48 99 100 52 50 100 56 51 101 99 53 100 48 51 51 52 102 101 97 97 102 48 56 49 50 102 101 101 10] 1634: �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID): 1635: 3e963f2467247bbd094cdc7f20b7a88746a12e8dfee9d57a8d090cd42d83ec5d0334feaaf0812fee 1636: [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 51 101 57 54 51 102 50 52 54 55 50 52 55 98 98 100 48 57 52 99 100 99 55 102 50 48 98 55 97 56 56 55 52 54 97 49 50 101 56 100 102 101 101 57 100 53 55 97 56 100 48 57 48 99 100 52 50 100 56 51 101 99 53 100 48 51 51 52 102 101 97 97 102 48 56 49 50 102 101 101 10] 1637: �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID): 1638: 3e963f2467247bbd094cdc7f20b7a88746a12e8dfee9d57a8d090cd42d83ec5d0334feaaf0812fee 1639: [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 51 101 57 54 51 102 50 52 54 55 50 52 55 98 98 100 48 57 52 99 100 99 55 102 50 48 98 55 97 56 56 55 52 54 97 49 50 101 56 100 102 101 101 57 100 53 55 97 56 100 48 57 48 99 100 52 50 100 56 51 101 99 53 100 48 51 51 52 102 101 97 97 102 48 56 49 50 102 101 101 10] 1640: �[38;5;10m•�[0m 1641: �[38;5;10m�[1mRan 9 of 9 Specs in 1.005 seconds�[0m 1642: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m9 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1643: --- PASS: TestRekorCliE2E (1.01s) ... 1654: t=l=info m=SIGSTORE_FULCIO_URL=http://fulcio-server.local 1655: t=l=info m=SIGSTORE_REKOR_URL=http://rekor-server.local 1656: t=l=info m=TUF_URL=http://tuf.local 1657: t=l=info m=TSA_URL=http://tsa-server.local/api/v1/timestamp 1658: t=l=info m=KEYCLOAK_REALM=trusted-artifact-signer 1659: t=l=info m=Getting binary 'updatetree' from CLI serverServer URLhttp://cli-server.local 1660: t=l=info m=Downloading updatetree from http://cli-server.local/clients/linux/updatetree-amd64.gz 1661: t=l=info m=Getting binary 'createtree' from CLI serverServer URLhttp://cli-server.local 1662: t=l=info m=Downloading createtree from http://cli-server.local/clients/linux/createtree-amd64.gz 1663: t=l=info app=createtree m=Usage of /tmp/createtree3364061757/createtree: 1664: -add_dir_header 1665: If true, adds the file directory to the header of the log messages 1666: -admin_server string 1667: Address of the gRPC Trillian Admin Server (host:port) 1668: -alsologtostderr 1669: log to standard error as well as files (no effect when -logtostderr=true) 1670: -config string 1671: Config file containing flags, file contents can be overridden by command line flags 1672: -description string 1673: Description of the new tree 1674: -display_name string 1675: Display name of the new tree 1676: -log_backtrace_at value 1677: when logging hits line file:N, emit a stack trace 1678: -log_dir string 1679: If non-empty, write log files in this directory (no effect when -logtostderr=true) 1680: -log_file string 1681: If non-empty, use this log file (no effect when -logtostderr=true) 1682: -log_file_max_size uint 1683: Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) 1684: -logtostderr 1685: log to standard error instead of files (default true) 1686: -max_root_duration duration ... 1699: Path to the file containing the Trillian server's PEM-encoded public TLS certificate. If unset, unsecured connections will be used 1700: -tree_state string 1701: State of the new tree (default "ACTIVE") 1702: -tree_type string 1703: Type of the new tree (default "LOG") 1704: -v value 1705: number for the log level verbosity 1706: -vmodule value 1707: comma-separated list of pattern=N settings for file-filtered logging 1708: �[38;5;10m•�[0mt=l=info app=updatetree m=Usage of /tmp/updatetree665657900/updatetree: 1709: -add_dir_header 1710: If true, adds the file directory to the header of the log messages 1711: -admin_server string 1712: Address of the gRPC Trillian Admin Server (host:port) 1713: -alsologtostderr 1714: log to standard error as well as files (no effect when -logtostderr=true) 1715: -log_backtrace_at value 1716: when logging hits line file:N, emit a stack trace 1717: -log_dir string 1718: If non-empty, write log files in this directory (no effect when -logtostderr=true) 1719: -log_file string 1720: If non-empty, use this log file (no effect when -logtostderr=true) 1721: -log_file_max_size uint 1722: Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) 1723: -logtostderr 1724: log to standard error instead of files (default true) 1725: -one_output ... 1736: logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2) 1737: -tls_cert_file string 1738: Path to the file containing the Trillian server's PEM-encoded public TLS certificate. If unset, unsecured connections will be used 1739: -tree_id int 1740: The ID of the tree to be set updated 1741: -tree_state string 1742: If set the tree state will be updated 1743: -tree_type string 1744: If set the tree type will be updated 1745: -v value 1746: number for the log level verbosity 1747: -vmodule value 1748: comma-separated list of pattern=N settings for file-filtered logging 1749: �[38;5;10m•�[0m 1750: �[38;5;10m�[1mRan 2 of 2 Specs in 0.474 seconds�[0m 1751: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m2 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1752: --- PASS: TestTrillianTest (0.47s) ... 1756: Running Suite: Create tuf repo manually - /home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool 1757: ====================================================================================================================== 1758: Random Seed: �[1m1762450792�[0m 1759: Will run �[1m2�[0m of �[1m2�[0m specs 1760: t=l=info m=Getting binary 'tuftool' from CLI serverServer URLhttp://cli-server.local 1761: t=l=info m=Downloading tuftool from http://cli-server.local/clients/linux/tuftool-amd64.gz 1762: t=l=info m=Done. Using '/tmp/tuftool698693819/tuftool' with version: 1763: t=l=info app=tuftool m=tuftool 0.12.0 1764: t=l=info m=Created temporary directory: /tmp/trustroot_example2264689879 1765: t=l=info app=tuftool m=e1e36ed9572a37a9f374a7f94be7354057ac63f54bdf3b13ef37cf99e8301c63 1766: t=l=info app=tuftool m=c093f4c1771ef96afec270243b1450d5466f3723b6cfe161f249a2f8f792cd43 1767: t=l=info app=tuftool m=3bfd04db61d0b35a93eb530411144a14e32211dc71cfa6be4ad0dad77e7deb0d 1768: t=l=info app=tuftool m=cd6c598512d5f1653973654e3fb6e9cfffc184b820715143d5787c92577a35fe 1769: �[38;5;10m•�[0m 1770: �[38;5;243m------------------------------�[0m 1771: �[38;5;9m• [FAILED] [0.001 seconds]�[0m 1772: �[0mTUF manual repo test �[38;5;9m�[1m[It] should verify workdir structure�[0m 1773: �[38;5;243m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:68�[0m 1774: �[38;5;9m[FAILED] Expected at least one file with suffix .signing_config.v0.2.json, found 0 1775: Expected 1776: <int>: 0 1777: to be >= 1778: <int>: 1�[0m 1779: �[38;5;9mIn �[1m[It]�[0m�[38;5;9m at: �[1m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:286�[0m �[38;5;243m@ 11/06/25 17:39:53.869�[0m 1780: �[38;5;243m------------------------------�[0m 1781: �[38;5;9m�[1mSummarizing 1 Failure:�[0m 1782: �[38;5;9m[FAIL]�[0m �[0mTUF manual repo test �[38;5;9m�[1m[It] should verify workdir structure�[0m 1783: �[38;5;243m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:286�[0m 1784: �[38;5;9m�[1mRan 2 of 2 Specs in 1.388 seconds�[0m 1785: �[38;5;9m�[1mFAIL!�[0m -- �[38;5;10m�[1m1 Passed�[0m | �[38;5;9m�[1m1 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1786: --- FAIL: TestManualTUFRepoTest (1.39s) 1787: FAIL 1788: FAIL github.com/securesign/sigstore-e2e/test/tuftool 1.401s 1789: FAIL 1790: ##[error]Process completed with exit code 1. 1791: ##[group]Run kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager ... 1850: I1106 17:36:31.982364 1 controller.go:286] "Starting Controller" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" 1851: I1106 17:36:31.982403 1 controller.go:289] "Starting workers" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" worker count=1 1852: I1106 17:36:31.983455 1 controller.go:286] "Starting Controller" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" 1853: I1106 17:36:31.983469 1 controller.go:289] "Starting workers" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" worker count=1 1854: I1106 17:36:31.984548 1 controller.go:286] "Starting Controller" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" 1855: I1106 17:36:31.984562 1 controller.go:286] "Starting Controller" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" 1856: I1106 17:36:31.984570 1 controller.go:286] "Starting Controller" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" 1857: I1106 17:36:31.984577 1 controller.go:289] "Starting workers" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" worker count=1 1858: I1106 17:36:31.984580 1 controller.go:289] "Starting workers" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" worker count=1 1859: I1106 17:36:31.984570 1 controller.go:289] "Starting workers" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" worker count=1 1860: I1106 17:36:31.986778 1 controller.go:286] "Starting Controller" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" 1861: I1106 17:36:31.986788 1 controller.go:286] "Starting Controller" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" 1862: I1106 17:36:31.986792 1 controller.go:289] "Starting workers" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" worker count=1 1863: I1106 17:36:31.986801 1 controller.go:289] "Starting workers" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" worker count=1 1864: I1106 17:36:44.057843 1 warning_handler.go:64] "metadata.finalizers: \"tas.rhtas.redhat.com\": prefer a domain-qualified finalizer name including a path (/) to avoid accidental conflicts with other finalizer writers" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" Securesign="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="b4f633f1-e43f-4aa7-a864-c99d242fe8c4" 1865: E1106 17:36:44.292638 1 base_action.go:92] "error during action execution" err="could not generate Secret: resourceVersion should not be set on objects to be created" logger="handle-keys" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="ad1fd399-eb48-4d4c-8bac-1f6db57d4f74" 1866: E1106 17:36:44.292754 1 controller.go:474] "Reconciler error" err="could not generate Secret: resourceVersion should not be set on objects to be created" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="ad1fd399-eb48-4d4c-8bac-1f6db57d4f74" 1867: I1106 17:36:44.589151 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a0187539-3982-46b1-9a4c-0a78705057b5" error="deployment not ready(fulcio-server): not available" 1868: I1106 17:36:44.589181 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a0187539-3982-46b1-9a4c-0a78705057b5" 1869: I1106 17:36:44.599710 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="e384eced-d8d5-4a5b-94f6-d69dde0502b1" error="deployment not ready(fulcio-server): not available" 1870: I1106 17:36:44.599742 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="e384eced-d8d5-4a5b-94f6-d69dde0502b1" 1871: I1106 17:36:44.618300 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a40cd553-4ea8-4a3b-969f-9ee629a4bab0" error="deployment not ready(tsa-server): not available" 1872: I1106 17:36:44.618330 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a40cd553-4ea8-4a3b-969f-9ee629a4bab0" 1873: I1106 17:36:44.626618 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="2377feda-1f95-4e5b-a6e9-e7d590039a73" error="deployment not ready(tsa-server): not available" 1874: I1106 17:36:44.626648 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="2377feda-1f95-4e5b-a6e9-e7d590039a73" 1875: I1106 17:36:45.297986 1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="ad2df72a-985c-4112-8497-d752fbcbb6a6" error="deployment not ready(trillian-db): not available" 1876: I1106 17:36:45.298015 1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="ad2df72a-985c-4112-8497-d752fbcbb6a6" 1877: I1106 17:36:45.344175 1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="5a095369-54fc-4b8c-80e5-5b86e03f859c" error="deployment not ready(trillian-db): not available" 1878: I1106 17:36:45.347331 1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="5a095369-54fc-4b8c-80e5-5b86e03f859c" 1879: I1106 17:36:45.370645 1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="bc48b616-6fd3-4403-8ab4-f0a586de95a7" error="deployment not ready(trillian-db): not available" 1880: I1106 17:36:45.370671 1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="bc48b616-6fd3-4403-8ab4-f0a586de95a7" 1881: I1106 17:37:07.918736 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="e412820a-d845-416a-add7-93c5df4bf256" error="deployment not ready(tsa-server): not available" 1882: I1106 17:37:07.918860 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="e412820a-d845-416a-add7-93c5df4bf256" 1883: I1106 17:37:30.918538 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="d03ef305-0347-4a2e-b926-150efebc3d51" error="deployment not ready(trillian-logserver): not available" 1884: I1106 17:37:30.918558 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="d03ef305-0347-4a2e-b926-150efebc3d51" 1885: I1106 17:37:30.924640 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="0d7e4d29-9250-4353-9ea6-65f7118ec00d" error="deployment not ready(trillian-logserver): not available" 1886: I1106 17:37:30.924665 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="0d7e4d29-9250-4353-9ea6-65f7118ec00d" 1887: I1106 17:37:46.929424 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="2bf4ac79-2c9f-4e3e-a7af-6d8348b16416" error="deployment not ready(trillian-logsigner): not available" 1888: I1106 17:37:46.929447 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="2bf4ac79-2c9f-4e3e-a7af-6d8348b16416" 1889: I1106 17:37:46.935905 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4bfacd29-8acf-43da-8873-9daef1b443a9" error="deployment not ready(trillian-logsigner): not available" 1890: I1106 17:37:46.935932 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4bfacd29-8acf-43da-8873-9daef1b443a9" 1891: I1106 17:38:00.634243 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4f40decc-e9b8-4f48-a6ed-5fcf7b233996" error="deployment not ready(rekor-server): not available" 1892: I1106 17:38:00.634269 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4f40decc-e9b8-4f48-a6ed-5fcf7b233996" 1893: I1106 17:38:00.646563 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="68e8be68-abf2-460b-a747-f6127209d50d" error="deployment not ready(rekor-server): not available" 1894: I1106 17:38:00.646594 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="68e8be68-abf2-460b-a747-f6127209d50d" 1895: I1106 17:38:04.946831 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="09847ef0-547e-45de-a351-757a656b4b1f" error="deployment not ready(ctlog): not available" 1896: I1106 17:38:04.946911 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="09847ef0-547e-45de-a351-757a656b4b1f" 1897: I1106 17:38:04.953454 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="0521c3d2-d218-4925-9f9f-8cb4ffbaa4c1" error="deployment not ready(ctlog): not available" 1898: I1106 17:38:04.953477 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="0521c3d2-d218-4925-9f9f-8cb4ffbaa4c1" 1899: I1106 17:38:07.922138 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="bed8f93d-67d0-47d1-a763-33cbb85c2028" error="deployment not ready(rekor-server): not available" 1900: I1106 17:38:07.923424 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="bed8f93d-67d0-47d1-a763-33cbb85c2028" 1901: I1106 17:38:07.935911 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="1d64f99e-1783-4d9f-822b-fbe1541f2ac9" error="deployment not ready(rekor-server): not available" 1902: I1106 17:38:07.935940 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="1d64f99e-1783-4d9f-822b-fbe1541f2ac9" 1903: I1106 17:38:14.050076 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="aab4890a-b918-4b95-b816-569b9253f6b5" error="deployment not ready(rekor-server): not available" 1904: I1106 17:38:14.050105 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="aab4890a-b918-4b95-b816-569b9253f6b5" 1905: I1106 17:38:20.994419 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="eca54370-9c1d-4418-a253-bbe976c91dc0" error="deployment not ready(rekor-server): not available" 1906: I1106 17:38:20.994510 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="eca54370-9c1d-4418-a253-bbe976c91dc0" 1907: I1106 17:38:34.550685 1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4084b15b-8707-47bc-8aee-8c13ece3a7a1" Succeeded=0 Failures=0 1908: I1106 17:38:39.558188 1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="77bf317e-5cee-4542-acaa-747530f851b9" Succeeded=0 Failures=0 1909: I1106 17:38:44.564738 1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6ad159e9-e488-420c-a944-982f9417ff25" Succeeded=1 Failures=0 1910: I1106 17:38:44.669552 1 initialize.go:43] "deployment is not ready" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="23f16312-26b0-41d0-963d-c30689029064" error="deployment not ready(tuf): not available" 1911: I1106 17:38:44.669573 1 initialize.go:48] "Waiting for deployment" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="23f16312-26b0-41d0-963d-c30689029064" 1912: I1106 17:38:44.675514 1 initialize.go:43] "deployment is not ready" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="51c00892-dddb-4676-bf96-92290e08385f" error="deployment not ready(tuf): not available" 1913: I1106 17:38:44.675532 1 initialize.go:48] "Waiting for deployment" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="51c00892-dddb-4676-bf96-92290e08385f"