Unable to validate cosign version: 'v2.0.0'

[PierrickP]

Hello, i got an error today (with a depency ?)

[eyenx]

Same issue for me

[eyenx]

It's due to chart-testing still using a cosing-installer action version that tries to grab the cosign release from googleapis.com and gives back an AccessDenied. Or am I wrong?

[eyenx]

I see in the action this

$SUDO curl -sL [https://storage.googleapis.com/cosign-releases/${bootstrap_version}/${bootstrap_filename}](https://storage.googleapis.com/cosign-releases/$%7Bbootstrap_version%7D/$%7Bbootstrap_filename%7D) -o ${cosign_executable_name}

Instead of this

[eyenx]

Version 2.4.0 of chart-testing still uses cosign-installer version 3.0.1

https://github.com/helm/chart-testing-action/blob/v2.4.0/action.yml#L23C13-L23C82

[stevehipwell]

This was working correctly an hour ago (09:40 GMT).

[eyenx]

This was working correctly an hour ago (09:40 GMT).

I guess googleapis.com closed the access for unauthorized users.

[rene-bos]

I can confirm that the actions works when using the latest commit on main. Looks like we just need a 2.5.0 release. Until then we can pin to cb49023b9227b1097e5eddd8824f48bdea11b1aa to fix the problem for now.

- name: Setup chart-testing
  uses: helm/chart-testing-action@cb49023b9227b1097e5eddd8824f48bdea11b1aa # Unreleased version

@cpanato are you the right person to ping for creating a new release?

[cpanato]

i will take a look and maybe we need to run a new release

[bobcallaway]

this is due to https://blog.sigstore.dev/cosign-releases-bucket-deprecation/

[jessebot]

I can confirm that the actions works when using the latest commit on main. Looks like we just need a 2.5.0 release. Until then we can pin to cb49023b9227b1097e5eddd8824f48bdea11b1aa to fix the problem for now.

- name: Setup chart-testing
  uses: helm/chart-testing-action@cb49023b9227b1097e5eddd8824f48bdea11b1aa # Unreleased version

That's weird because when I try to pin to that commit hash, I get the following:

Run changed=$(ct list-changed --target-branch main)
  changed=$(ct list-changed --target-branch main)
  if [[ -n "$changed" ]]; then
    echo "changed=true" >> "$GITHUB_OUTPUT"
  fi
  shell: /usr/bin/bash -e {0}
  env:
    CT_CONFIG_DIR: /opt/hostedtoolcache/ct/3.9.0/amd64/etc
    VIRTUAL_ENV: /opt/hostedtoolcache/ct/3.9.0/amd64/venv
Error: targetBranch 'main' does not exist
Error: Process completed with exit code 1.

[tboerger]

That's weird because when I try to pin to that commit hash, I get the following:

The same happens for me, looks like we got to wait for a new release of the action :(

[marcelbirkner]

Thank you for the fix. Using cb49023b9227b1097e5eddd8824f48bdea11b1aa has solved the problem for us. Still looking forward to the new release.

[cpanato]

release v2.5.0 should fix that: https://github.com/helm/chart-testing-action/releases/tag/v2.5.0

[tboerger]

With the 2.5.0 release my builds are still failing but with the same error mentioned by @jessebot. Executing ct list-changed --config ct.yaml --target-branch master results in the error targetBranch 'master' does not exist: https://github.com/promhippie/charts/actions/runs/6706484493/job/18223069631

Edit: Currently I am working around the issue by downgrading the action to v2.3.1, but that sucks.

[pat-s]

Can confirm the issues.

With 2.3.1 I get another error though

Run changed=$(ct list-changed --target-branch main)
Error: failed running process: exit status 128
Error: Process completed with exit code 1.

[marcelbirkner]

Builds are working for us on our "main" branch but failing with the same errors as for @pat-s and @tboerger for pull request branches.

Example for main branch

Example for pull request branch

[jessebot]

With the 2.5.0 release my builds are still failing but with the same error mentioned by @jessebot. Executing ct list-changed --config ct.yaml --target-branch master results in the error targetBranch 'master' does not exist: https://github.com/promhippie/charts/actions/runs/6706484493/job/18223069631

Edit: Currently I am working around the issue by downgrading the action to v2.3.1, but that sucks.

I opened #133 to help with triage by the maintainers, as this is technically a separate issue,