File tree Expand file tree Collapse file tree 1 file changed +23
-5
lines changed
Expand file tree Collapse file tree 1 file changed +23
-5
lines changed Original file line number Diff line number Diff line change @@ -482,14 +482,32 @@ jobs:
482482 echo "==> cosign sign (key) --recursive ${REF}"
483483 cosign sign --key env://COSIGN_PRIVATE_KEY --recursive "${REF}"
484484
485+ # Retry wrapper for verification to handle registry propagation delays
486+ retry_verify() {
487+ local cmd="$1"
488+ local attempts=6
489+ local delay=5
490+ local i=1
491+ until eval "$cmd"; do
492+ if [ $i -ge $attempts ]; then
493+ echo "Verification failed after $attempts attempts"
494+ return 1
495+ fi
496+ echo "Verification not yet available. Retry $i/$attempts after ${delay}s..."
497+ sleep $delay
498+ i=$((i+1))
499+ delay=$((delay*2))
500+ # Cap the delay to avoid very long waits
501+ if [ $delay -gt 60 ]; then delay=60; fi
502+ done
503+ return 0
504+ }
505+
485506 echo "==> cosign verify (public key) ${REF}"
486- cosign verify --key env://COSIGN_PUBLIC_KEY " ${REF}" -o text
507+ retry_verify " cosign verify --key env://COSIGN_PUBLIC_KEY ' ${REF}' -o text"
487508
488509 echo "==> cosign verify (keyless policy) ${REF}"
489- cosign verify \
490- --certificate-oidc-issuer "${issuer}" \
491- --certificate-identity-regexp "${id_regex}" \
492- "${REF}" -o text
510+ retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${REF}' -o text"
493511
494512 echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
495513 done
You can’t perform that action at this time.
0 commit comments