docker/actions-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #854 from crazy-max/cosign-no-verbose

Browse Source 
sigstore: remove verbose flag from persisted cosign args
This commit is contained in:
CrazyMax
2025-11-12 15:52:35 +01:00
committed by GitHub
parent fd15fa02c0 d018ed13d0
commit 4f8424eebb
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/sigstore/sigstore.ts
View File

@@ -80,7 +80,6 @@ export class Sigstore {
await core.group(`Signing attestation manifest ${attestationRef}`, async () => {
// prettier-ignore
const cosignArgs = [
'--verbose',
'sign',
'--yes',
'--oidc-provider', 'github-actions',
@@ -92,7 +91,7 @@ export class Sigstore {
cosignArgs.push('--tlog-upload=false');
}
core.info(`[command]cosign ${[...cosignArgs, attestationRef].join(' ')}`);
const execRes = await Exec.getExecOutput('cosign', [...cosignArgs, attestationRef], {
const execRes = await Exec.getExecOutput('cosign', ['--verbose', ...cosignArgs, attestationRef], {
ignoreReturnCode: true,
silent: true,
env: Object.assign({}, process.env, {
@@ -141,7 +140,6 @@ export class Sigstore {
await core.group(`Verifying signature of ${attestationRef}`, async () => {
// prettier-ignore
const cosignArgs = [
'--verbose',
'verify',
'--experimental-oci11',
'--new-bundle-format',
@@ -154,7 +152,7 @@ export class Sigstore {
}
core.info(`[command]cosign ${[...cosignArgs, attestationRef].join(' ')}`);
for (let attempt = 0; attempt < retries; attempt++) {
const execRes = await Exec.getExecOutput('cosign', [...cosignArgs, attestationRef], {
const execRes = await Exec.getExecOutput('cosign', ['--verbose', ...cosignArgs, attestationRef], {
ignoreReturnCode: true,
silent: true,
env: Object.assign({}, process.env, {