chore: operational fix for CI timeout by sonupreetam · Pull Request #116 · complytime/org-infra

sonupreetam · 2026-02-27T19:46:02Z

Summary

Verification was succeeding, but the step never "finished" because GitHub Actions was struggling to flush 1.7MB of JSON into the log.

The "Verify SBOM" step in the sign-and-verify workflow was hanging/timing out because
cosign verify-attestation dumps the entire verified attestation payload (~1.7MB for the
SBOM DSSE envelope) to stdout, which GitHub Actions struggles to buffer and render in the
step log.
Redirect stdout to /dev/null on all three verify-attestation steps (SLSA provenance,
SBOM, vulnerability scan).
Verification still works via exit code — cosign exits non-zero
on failure. The --verbose debug trace (written to stderr) remains visible in the logs.
This step had finished during previous testing.

Run the sign-and-verify workflow and confirm all three verify steps complete without hanging
Check the test run: https://github.com/sonupreetam/image-publish-test/actions/runs/22500307259

Signed-off-by: sonupreetam <spreetam@redhat.com>

Fix verify-attestation step hanging

c9a48d7

Signed-off-by: sonupreetam <spreetam@redhat.com>

sonupreetam changed the title ~~feat: operational fix for CI timeout~~ chore: operational fix for CI timeout Feb 27, 2026

sonupreetam marked this pull request as ready for review February 27, 2026 19:49

sonupreetam requested review from a team, jpower432, marcusburghardt and qduanmu February 27, 2026 19:50