cosign copy
no longer copies signatures by default in 2.2.1
#3379
Labels
bug
Something isn't working
cosign copy
no longer copies signatures by default in 2.2.1
#3379
Description
We recently started using cosign at v2.2.0. We have a CI step that runs
cosign copy temp-image prod-image
which would copy the container image and signatures.After the
cosign-installer
action got updated in our repo this week, I noticed I could no longer verify signatures on prod images because the signatures were missing from the prod registry.I tested with
-d
using 2.2.0 and 2.2.1 and confirmed 2.2.1 doesn't copy or look for existing .sig artifacts without setting-only sign
. 2.2.0 does copy without needing extra params.I think this change was introduced by #3247. Should there be some default tags if nothing is explicitly requested?
Version
v2.2.1
The text was updated successfully, but these errors were encountered: