Skip to content

ci(deps): bump firestoned/github-actions/security/verify-signed-commits from 1.3.6 to 1.3.7 #255

ci(deps): bump firestoned/github-actions/security/verify-signed-commits from 1.3.6 to 1.3.7

ci(deps): bump firestoned/github-actions/security/verify-signed-commits from 1.3.6 to 1.3.7 #255

Status Failure
Total duration 12m 45s
Artifacts 7

build.yaml

on: pull_request
🔐 Verify Signed Commits
21s
🔐 Verify Signed Commits
⚖️ Verify SPDX License Headers
27s
⚖️ Verify SPDX License Headers
🧾 Validate VEX Statements
12s
🧾 Validate VEX Statements
🔏 Validate Auto-VEX Sign-off
2m 9s
🔏 Validate Auto-VEX Sign-off
🛡️ Security Vulnerability Scan
30s
🛡️ Security Vulnerability Scan
🏗️ IaC Security Scan (Trivy config)
29s
🏗️ IaC Security Scan (Trivy config)
🧪 cargo-deny (License + Advisory + Sources)
38s
🧪 cargo-deny (License + Advisory + Sources)
🏷️ Extract Version Information
11s
🏷️ Extract Version Information
🎨 Check Formatting
14s
🎨 Check Formatting
Matrix: build
📦 Package Deployment Manifests
📦 Package Deployment Manifests
Matrix: ✍️ Sign Binary Artifacts
🔬 Generate SLSA Provenance Subjects
0s
🔬 Generate SLSA Provenance Subjects
Matrix: docker
🏛️ Generate SLSA Provenance  /  detect-env
🏛️ Generate SLSA Provenance / detect-env
Matrix: grype-triage
Matrix: attest
🏛️ Generate SLSA Provenance  /  generator
🏛️ Generate SLSA Provenance / generator
🤖 Auto-VEX (reachability)
0s
🤖 Auto-VEX (reachability)
🤖 Auto-VEX (presence)
0s
🤖 Auto-VEX (presence)
🏛️ Generate SLSA Provenance  /  upload-assets
🏛️ Generate SLSA Provenance / upload-assets
🧾 Assemble OpenVEX
0s
🧾 Assemble OpenVEX
🏛️ Generate SLSA Provenance  /  final
🏛️ Generate SLSA Provenance / final
Matrix: grype
🚀 Upload Release Assets
🚀 Upload Release Assets
Fit to window
Zoom out
Zoom in

Annotations

1 error and 13 warnings
🛡️ Security Vulnerability Scan
Process completed with exit code 1.
🛡️ Security Vulnerability Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4, actions/upload-artifact@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🔏 Validate Auto-VEX Sign-off
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
📎 Clippy
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux x86_64
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux ARM64
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🧪 Test
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/cache@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Distroless
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Chainguard
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Variables should be defined before their use: Dockerfile.chainguard#L40
UndefinedVar: Usage of undefined variable '$BASE_IMAGE' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
🔏 Attest Docker Image - Distroless
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Distroless
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record
🔏 Attest Docker Image - Chainguard
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Chainguard
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record

Artifacts

Produced during runtime
Name Size Digest
5spot-linux-amd64 Expired
13.1 MB
sha256:9322ff27af03b1173767f2ee892aa7eddafa13a072dfae9d7a51bb93cdb2e721
5spot-linux-arm64 Expired
12.6 MB
sha256:5f355755866ee1779f7ee42b5735808da9c45255884f3ced2799130f425f87f3
cargo-audit-report
1.04 KB
sha256:f84d7c1308d83fecf230ab5653a12ce1ebf814350a7ab9878cd6dad178503a14
finos~5-spot~75EYZ2.dockerbuild
95 KB
sha256:cc88ae67b5c87b491e85ac2408e45ee91e16611de4732478730b47e7e4a5c8fd
finos~5-spot~QFWIO5.dockerbuild
76.1 KB
sha256:20cd7b1e0abb05686459bb471d4449fa3dc00ea79b24ae86a7ec19d8dc3bdedc
grype-pull_request-Chainguard-255
385 Bytes
sha256:62d7416bcaeb423b03f1c2eeacab647a279ddf4ed4da6213f777300405834ce4
grype-pull_request-Distroless-255
3.72 KB
sha256:a4bc612918f568722805985db135498b47785f307569193b59229d9ba6bc3eed