Skip to content

ci: fix release assets signing#672

Merged
ozgb merged 5 commits into
mainfrom
ozgb-fix-release-assets-signing
Feb 14, 2026
Merged

ci: fix release assets signing#672
ozgb merged 5 commits into
mainfrom
ozgb-fix-release-assets-signing

Conversation

@ozgb

@ozgb ozgb commented Feb 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Overview

Fixes the release workflow with the following:

  • Use Sigstore .bundle rather than separate .pem and .sig files
  • Fix checking out inputs.ref rather than workflow branch for CI-only files
  • Removes duplicate -node in release assets filename

Run for 0.22.0-rc.1 here: https://github.com/midnightntwrk/midnight-node/actions/runs/21990734816

🗹 TODO before merging

  • Ready

📌 Submission Checklist

  • Changes are backward-compatible (or flagged if breaking)
  • Pull request description explains why the change is needed
  • Self-reviewed the diff
  • I have included a change file, or skipped for this reason:
  • If the changes introduce a new feature, I have bumped the node minor version
  • Update documentation (if relevant)
  • Updated AGENTS.md if build commands, architecture, or workflows changed
  • No new todos introduced

🧪 Testing Evidence

Please describe any additional testing aside from CI:

  • Additional tests are provided (if possible)

🔱 Fork Strategy

  • Node Runtime Update
  • Node Client Update
  • Other:
  • N/A

Links

ozgb added 5 commits February 13, 2026 14:07
@ozgb
fix: add --bundle flag to cosign sign-blob for cosign v2.4+ compatibi…
1ea404f 
…lity

Cosign v2.4+ (installed via cosign-installer@v4.0.0) requires the
--bundle flag with sign-blob. Without it, signing fails with
"must provide --bundle with --signing-config or --use-signing-config".
@ozgb
fix: checkout signing script from workflow branch, not input ref
e6da4e2 
The signing script checkout was using inputs.ref (the release branch),
which still had the old script without --bundle. CI utilities should
come from the workflow's own branch to pick up fixes immediately.
@ozgb
fix: use Sigstore bundle format instead of separate .sig/.pem files
c2c17b7 
Cosign v2.4+ only writes the .bundle file and silently ignores
--output-signature/--output-certificate. Switch to .bundle as the
sole signing artifact, which is the standard Sigstore format.
@ozgb
fix: remove duplicated "node-" in release asset filenames
adcd3bd 
Use IMAGE_TAG instead of RELEASE_TAG for filenames to avoid
"midnight-node-node-" and "midnight-node-toolkit-node-" prefixes.
@ozgb
fix: checkout image signing script from workflow branch, not input ref
84e2d57 
Same fix as for the binary signing script checkout — CI utilities
should come from the workflow's own branch to pick up fixes.
@github-actions

github-actions Bot commented Feb 13, 2026

Copy link
Copy Markdown
Contributor

kics-logo

KICS version: v2.1.16

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 96
LOW LOW 12
INFO INFO 83
TRACE TRACE 0
TOTAL TOTAL 191
Metric Values
Files scanned placeholder 31
Files parsed placeholder 31
Files failed to scan placeholder 0
Total executed queries placeholder 73
Queries failed to execute placeholder 0
Execution time placeholder 9

@ozgb ozgb marked this pull request as ready for review February 13, 2026 14:46
@ozgb ozgb requested a review from a team as a code owner February 13, 2026 14:46
@KrisF-Midnight KrisF-Midnight mentioned this pull request Feb 13, 2026
Closed
10 tasks
@ozgb ozgb enabled auto-merge February 13, 2026 14:48
@ozgb ozgb added this pull request to the merge queue Feb 14, 2026
Merged via the queue into main with commit be4ff06 Feb 14, 2026
67 of 72 checks passed
@ozgb ozgb deleted the ozgb-fix-release-assets-signing branch February 14, 2026 13:21
gilescope pushed a commit that referenced this pull request Apr 8, 2026
@rsporny
test: add ariadne v2 tests (#672)
a1a987a 
added:
- guaranteed seats tests
- seats distribution matching DParam tests

changed:
- participation tolerance will use absolute value if calculated one is too small

Refs: ETCM-8934
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux
test: add ariadne v2 tests (#672)
8de8656 
added:
- guaranteed seats tests
- seats distribution matching DParam tests

changed:
- participation tolerance will use absolute value if calculated one is too small

Refs: ETCM-8934
Signed-off-by: Mike Clay <mike.clay@shielded.io>
m2ux added a commit that referenced this pull request Apr 23, 2026
@m2ux
test: add ariadne v2 tests (#672)
23f337c 
added:
- guaranteed seats tests
- seats distribution matching DParam tests

changed:
- participation tolerance will use absolute value if calculated one is too small

Refs: ETCM-8934
Signed-off-by: Mike Clay <mike.clay@shielded.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gilescope gilescope gilescope approved these changes

+1 more reviewer

@KrisF-Midnight KrisF-Midnight KrisF-Midnight approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

skip-changes-check-all

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ozgb @gilescope @KrisF-Midnight