Signature validation - Fallback to use storage API#1337
Conversation
orto17
commented
May 28, 2026
orto17
commented
- All tests passed. If this feature is not already covered by the tests, I added new tests.
- This pull request is on the dev branch.
- I used gofmt for formatting the code before submitting the pull request.
- Update documentation about new features / new supported technologies
orto17
changed the title
orto17
added
the
safe to test
github-actions
Bot
removed
the
safe to test
eranturgeman
left a comment
eranturgeman
left a comment
There was a problem hiding this comment.
Review: Signature Validation — Storage API Fallback
Verdict: REQUEST_CHANGES
The verifyArtifact.sh fix is correct and solves the immediate release-pipeline failure. The refactoring into load_remote_checksums_jf/curl → compare_local_to_remote is clean.
One functional bug exists in getFrogbot.sh's storage_request(): the auth guard uses REMOTE_PATH as a proxy for "private instance" instead of checking for credentials directly. This diverges from the correct pattern already used in verifyArtifact_storage_request_curl() in the same PR, and will silently omit auth for users who set FROGBOT_BASE_URL without REMOTE_PATH.
CI status: Azure Integration Tests (all 3 platforms) and Bitbucket Server Integration Tests are failing. Please confirm whether these are pre-existing infrastructure failures or regressions introduced by this PR.
orto17
added
the
safe to test
github-actions
Bot
removed
the
safe to test
2 participants
