You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: add retry to curl downloads for transient network failures (#210)
Transient network errors during the cosign download can cause the
action to fail. This is particularly problematic when the action runs
after images have been pushed to a registry, resulting in unsigned
images.
Add --retry 3 to all curl calls. By default, curl uses exponential
backoff: it waits 1 second before the first retry, then doubles the
wait time for each subsequent retry up to a maximum of 10 minutes. It
also respects Retry-After headers in the response.
Closes: #209
Signed-off-by: Jose Fernandez <me@jrfernandez.com>
log_info "Downloading bootstrap version '${bootstrap_version}' of cosign to verify version to be installed...\n https://github.com/sigstore/cosign/releases/download/${bootstrap_version}/${bootstrap_filename}"
if [[ "$shaBootstrap" != "${expected_bootstrap_version_digest}" ]]; then
193
195
log_error "Unable to validate cosign version: '${input_cosign_release}'"
@@ -211,7 +213,7 @@ runs:
211
213
212
214
# Download custom cosign
213
215
log_info "Downloading platform-specific version '${input_cosign_release}' of cosign...\n https://github.com/sigstore/cosign/releases/download/${input_cosign_release}/${desired_cosign_filename}"
log_info "Downloading detached signature for platform-specific '${input_cosign_release}' of cosign...\n https://github.com/sigstore/cosign/releases/download/${input_cosign_release}/${signature_file}"
0 commit comments