veilor-os

History

obsidian-ai c2b4df8ef9 ci: gate cosign/sbom/attest steps to github only cosign keyless sign uses Sigstore Fulcio which requires a Fulcio-trusted OIDC issuer. Forgejo runs don't have one, so cosign falls back to the interactive device flow and times out (error obtaining token: expired_token). Same applies to attest-build-provenance and the SBOM action's signed attestation. Skip all three on Forgejo for now; ISO + sha256 are sufficient for v0.5.x test releases. Re-add when we self-host a Sigstore stack or sign with a key-pair instead of keyless.	2026-05-06 15:41:00 +01:00
..
build-iso.yml	ci: gate cosign/sbom/attest steps to github only	2026-05-06 15:41:00 +01:00
lint.yml	ci: pin actions to node20-safe tags + runner sock pass-through	2026-05-06 10:50:15 +01:00

obsidian-ai c2b4df8ef9 ci: gate cosign/sbom/attest steps to github only

cosign keyless sign uses Sigstore Fulcio which requires a
Fulcio-trusted OIDC issuer. Forgejo runs don't have one, so cosign
falls back to the interactive device flow and times out
(error obtaining token: expired_token). Same applies to
attest-build-provenance and the SBOM action's signed attestation.

Skip all three on Forgejo for now; ISO + sha256 are sufficient for
v0.5.x test releases. Re-add when we self-host a Sigstore stack or
sign with a key-pair instead of keyless.

2026-05-06 15:41:00 +01:00

build-iso.yml

ci: gate cosign/sbom/attest steps to github only

2026-05-06 15:41:00 +01:00

lint.yml

ci: pin actions to node20-safe tags + runner sock pass-through

2026-05-06 10:50:15 +01:00