From f4db0252c68e45db1ec07c2fe89638481d551a8a Mon Sep 17 00:00:00 2001 From: Eric Ball Date: Tue, 20 Jan 2026 16:39:11 -0800 Subject: [PATCH] Fix: Adapt release script for -e mode Testing did not reveal a flaw in the original code due to a lack of the "-e" bash mode. With that enabled, the script fails if the command isn't part of a conditional, or otherwise handled. In this case, we use a bash OR to assign the non-zero exit code if the command fails. Change-Id: I474afec6ca711875cd7937088018d7bbf08d37f3 Signed-off-by: Eric Ball --- shell/release-job.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/shell/release-job.sh b/shell/release-job.sh index 1c1e1561..a11082bd 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -440,17 +440,17 @@ container_release_file(){ echo "INFO: $VERSION is already released for image $name, checking signature..." image_digest=$(docker inspect --format='{{index .RepoDigests 0}}' \ "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION") - cosign verify --key "$COSIGN_PUBLIC_KEY" "$image_digest" - cosign_verified=$? - if [ "$cosign_verified" -eq 0 ]; then + exit_code=0 + cosign verify --key "$COSIGN_PUBLIC_KEY" "$image_digest" || exit_code=$? + if [ "$exit_code" -eq 0 ]; then echo "INFO: $name:$VERSION is already signed, continuing..." - elif [ "$cosign_verified" -eq 10 ] && [[ "$JOB_NAME" =~ "merge" ]]; then + elif [ "$exit_code" -eq 10 ] && [[ "$JOB_NAME" =~ "merge" ]]; then # Exit code 10 indicates the package was found without signature echo "INFO: No signature found for $name:$VERSION. Attempting to sign..." export COSIGN_PASSWORD cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest" else - echo "INFO: Could not verify signature, cosign exited with code $cosign_verified." + echo "INFO: Could not verify signature, cosign exited with code $exit_code." fi else echo "INFO: $VERSION not found in releases, release will be prepared. Continuing..." -- 2.16.6