Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.320.0 release commit was unsigned/unverified #3509

Open
timothyeburke opened this issue Oct 17, 2024 · 0 comments
Open

v2.320.0 release commit was unsigned/unverified #3509

timothyeburke opened this issue Oct 17, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@timothyeburke
Copy link

timothyeburke commented Oct 17, 2024
edited
Loading

Describe the bug

The git commit releasing v2.320.0 was not signed and is unverified on GitHub. This prevents git verify-commit from validating the release integrity of the branch.

Previously, @nebuk89 committed to adding repo rules to enforce this in the future in August. It appears those security rules have not been updated. As of this writing, the last signed release was v2.317.0 in May 2024.

To Reproduce
Navigate to https://github.com/actions/runner/releases, find all recent releases are unsigned.
image

Expected behavior
The release commit has signature verification.
image

Runner Version and Platform

Version of your runner? 2.320.0

What's not working?

git verify-commit v2.320.0 fails due to unsigned/unverified commit.

Job Log Output

N/A

Runner and Worker's Diagnostic Logs

N/A
@timothyeburke timothyeburke added the bug Something isn't working label Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@timothyeburke