You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is difficult to see what is currently available in prod and preprod, compared to git content -- and difficult to see if their current state is a result of correct operation or a publishing issue.
I don't know what the correct fix is: just throwing some ideas out there:
An action that runs after every sync (and maybe also on cron) that actually fetches the prod, preprod and git main branch metadata as a TUF client, and publishes the received metadata version numbers (at a minimum root+timestamp) on a web page somewhere
In the sync* GitHub actions, once the process is successful, move a git tag or a branch to point to the commit that was synced
other approaches? Is there a solution where it's easy to tell which environments a particular PR has reached?
Out of these I like option 1 because it actually documents what clients see, not what our CI/CD thinks the sync state should be: It could also be further improved by sanity checks that file issues if the versions are not what we expected.
The text was updated successfully, but these errors were encountered:
It is difficult to see what is currently available in prod and preprod, compared to git content -- and difficult to see if their current state is a result of correct operation or a publishing issue.
Weirdly enough I had a dream this weekend where we dynamically published the values on the root-signing repository. +1 to this idea!
a web page somewhere
Having a table on the sigstore dashboard would be good -- the probers can probably manage this. I'm not sure how the sigstore dash is built or where it's hosted/what we can put on it, but that would b likely be the best way for on-callers to monitor state as well.
Idea, it hasn’t been created yet. However, it was meant for debugging purposes and would be internal, not for public consumption, probably using Cloud Monitoring. If you want it for TUF, I’d create something else.
It is difficult to see what is currently available in prod and preprod, compared to git content -- and difficult to see if their current state is a result of correct operation or a publishing issue.
I don't know what the correct fix is: just throwing some ideas out there:
Out of these I like option 1 because it actually documents what clients see, not what our CI/CD thinks the sync state should be: It could also be further improved by sanity checks that file issues if the versions are not what we expected.
The text was updated successfully, but these errors were encountered: