You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Starting with Tekton release v0.29.0 we sign Tekton releases through Tekton Chains / cosign and push attestations to the OCI registry as well as to rekor.sigstore.dev.
I noticed today when doing a new Tekton release (v0.37.0) that the rekor didn't return any entry when searching by the Tekton controller image sha. I went back to check older releases to understand when the problem started, and now there is no result for any of the Tekton releases.
Since the Rekor UUID is documented in the Tekton release notes, I could fetch the artifacts, but the attestation part is empty.
For instance, for Tekton v0.29.0:
Description
Starting with Tekton release v0.29.0 we sign Tekton releases through Tekton Chains / cosign and push attestations to the OCI registry as well as to rekor.sigstore.dev.
I noticed today when doing a new Tekton release (v0.37.0) that the rekor didn't return any entry when searching by the Tekton controller image sha. I went back to check older releases to understand when the problem started, and now there is no result for any of the Tekton releases.
Since the Rekor UUID is documented in the Tekton release notes, I could fetch the artifacts, but the attestation part is empty.
For instance, for Tekton v0.29.0:
Version
I discovered the issue with rekor-cli version
v0.8.1
, I tried earlier versions back untilv0.4.0
and there was no difference.The text was updated successfully, but these errors were encountered: