Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scorecards workflow fails #14636

Closed
ahrtr opened this issue Oct 27, 2022 · 6 comments · Fixed by #14646
Closed

Scorecards workflow fails #14636

ahrtr opened this issue Oct 27, 2022 · 6 comments · Fixed by #14646
Labels
help wanted type/bug

Comments

@ahrtr
Copy link
Member

ahrtr commented Oct 27, 2022

What happened?

The Scorecards workflow fails.

Please see https://github.com/etcd-io/etcd/actions/runs/3333799872/jobs/5517612372

Could you take a look at this? cc @joycebrum

What did you expect to happen?

I expect it should be successful

How can we reproduce it (as minimally and precisely as possible)?

Please see the check results on the latest commit

Anything else we need to know?

No response

Etcd version (please run commands below)

$ etcd --version
# paste output here

$ etcdctl version
# paste output here

Etcd configuration (command line flags or environment variables)

paste your configuration here

Etcd debug information (please run commands blow, feel free to obfuscate the IP address or FQDN in the output)

$ etcdctl member list -w table
# paste output here

$ etcdctl --endpoints=<member list> endpoint status -w table
# paste output here

Relevant log output

No response
@ahrtr ahrtr added the type/bug label Oct 27, 2022
@ahrtr
Copy link
Member Author

ahrtr commented Oct 27, 2022

This seems the reason (see below). @joycebrum could you please clarify what update tool is needed? Is the failure caused by any recent commits in this repo (I doubt it)?

"score":0,"reason":"no update tool detected","name":"Dependency-Update-Tool"

@joycebrum
Copy link
Contributor

@ahrtr, the error is actually this:

2022/10/27 04:41:03 error signing scorecard json results: error signing payload: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: tuf: invalid key

I've created an issue to Scorecard Team ossf/scorecard-action#998, but the version upgrade of scorecard github action seems to solve it. I'll open a PR with the solution, thanks for reaching me out 😄.

@joycebrum joycebrum mentioned this issue Oct 28, 2022
Merged
@ahrtr
Copy link
Member Author

ahrtr commented Oct 28, 2022

@ahrtr, the error is actually this:

2022/10/27 04:41:03 error signing scorecard json results: error signing payload: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: tuf: invalid key

I've created an issue to Scorecard Team ossf/scorecard-action#998, but the version upgrade of scorecard github action seems to solve it. I'll open a PR with the solution, thanks for reaching me out 😄.

Thanks @joycebrum Could you help me to understand why we ran into this issue without changing anything on Scorecard workflow configuration?

@ahrtr ahrtr reopened this Oct 28, 2022
@ahrtr
Copy link
Member Author

ahrtr commented Oct 28, 2022

I'd like to get more clarification from @joycebrum before closing this issue.

@joycebrum
Copy link
Contributor

@ahrtr I'm not sure why it started to happen out of nowhere.

I've openned this issue ossf/scorecard-action#998 to the Scorecard team and it seems to be related to the issue sigstore/cosign#2390 in sigstore.

@ahrtr
Copy link
Member Author

ahrtr commented Oct 31, 2022

@ahrtr I'm not sure why it started to happen out of nowhere.

I've openned this issue ossf/scorecard-action#998 to the Scorecard team and it seems to be related to the issue sigstore/cosign#2390 in sigstore.

Thank you @joycebrum

@ahrtr ahrtr closed this as completed Oct 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted type/bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix error on Scorecard run by upgrading the action version
2 participants
@joycebrum @ahrtr