From b7fde5134da45a202999ea41ebebce6f1c2f4678 Mon Sep 17 00:00:00 2001
From: Junjie Gao <junjiegao@microsoft.com>
Date: Wed, 29 May 2024 11:51:05 +0800
Subject: [PATCH] fix: error message for dangling reference index (#402)

---
 notation.go      |  8 +++++++-
 notation_test.go | 17 +++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/notation.go b/notation.go
index 8cb566a8..e5738062 100644
--- a/notation.go
+++ b/notation.go
@@ -28,6 +28,7 @@ import (
 	"time"
 
 	orasRegistry "oras.land/oras-go/v2/registry"
+	"oras.land/oras-go/v2/registry/remote"
 
 	"github.com/notaryproject/notation-core-go/signature"
 	"github.com/notaryproject/notation-core-go/signature/cose"
@@ -41,6 +42,7 @@ import (
 )
 
 var errDoneVerification = errors.New("done verification")
+
 var reservedAnnotationPrefixes = [...]string{"io.cncf.notary"}
 
 // SignerSignOptions contains parameters for Signer.Sign.
@@ -166,7 +168,11 @@ func Sign(ctx context.Context, signer Signer, repo registry.Repository, signOpts
 	logger.Debugf("Pushing signature of artifact descriptor: %+v, signature media type: %v", targetDesc, signOpts.SignatureMediaType)
 	_, _, err = repo.PushSignature(ctx, signOpts.SignatureMediaType, sig, targetDesc, annotations)
 	if err != nil {
-		logger.Error("Failed to push the signature")
+		var referrerError *remote.ReferrersError
+		// do not log an error for failing to delete referral index
+		if !errors.As(err, &referrerError) || !referrerError.IsReferrersIndexDelete() {
+			logger.Error("Failed to push the signature")
+		}
 		return ocispec.Descriptor{}, ErrorPushSignatureFailed{Msg: err.Error()}
 	}
 
diff --git a/notation_test.go b/notation_test.go
index 3145a055..03ef24a5 100644
--- a/notation_test.go
+++ b/notation_test.go
@@ -37,6 +37,7 @@ import (
 	"github.com/notaryproject/notation-go/verifier/trustpolicy"
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"oras.land/oras-go/v2/registry/remote"
 )
 
 var expectedMetadata = map[string]string{"foo": "bar", "bar": "foo"}
@@ -158,6 +159,22 @@ func TestSignSuccessWithUserMetadata(t *testing.T) {
 	}
 }
 
+func TestSignWithDanglingReferrersIndex(t *testing.T) {
+	repo := mock.NewRepository()
+	repo.PushSignatureError = &remote.ReferrersError{
+		Op:  "DeleteReferrersIndex",
+		Err: errors.New("error"),
+	}
+	opts := SignOptions{}
+	opts.ArtifactReference = mock.SampleArtifactUri
+	opts.SignatureMediaType = jws.MediaTypeEnvelope
+
+	_, err := Sign(context.Background(), &dummySigner{}, repo, opts)
+	if err == nil {
+		t.Fatalf("no error occurred, expected error")
+	}
+}
+
 func TestSignWithNilRepo(t *testing.T) {
 	opts := SignOptions{}
 	opts.ArtifactReference = mock.SampleArtifactUri