Merge branch 'main' of github.com:fosrl/pangolin into dev

2026-02-18 07:26:27 +00:00 · 2026-02-17 21:06:16 -08:00
parent 5d92190d50 9eacefb155
commit e2f78ba476
3 changed files with 26 additions and 47 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -525,41 +525,10 @@ jobs:
                          VERIFIED_INDEX_KEYLESS=false
                        fi

-                        # If index verification fails, attempt to verify child platform manifests
-                        if [ "${VERIFIED_INDEX}" != "true" ] || [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
-                          echo "Index verification not available; attempting child manifest verification for ${BASE_IMAGE}:${IMAGE_TAG}"
-                          CHILD_VERIFIED=false
-
-                          for ARCH in arm64 amd64; do
-                            CHILD_TAG="${IMAGE_TAG}-${ARCH}"
-                            echo "Resolving child digest for ${BASE_IMAGE}:${CHILD_TAG}"
-                            CHILD_DIGEST="$(skopeo inspect --retry-times 3 docker://${BASE_IMAGE}:${CHILD_TAG} | jq -r '.Digest' || true)"
-                            if [ -n "${CHILD_DIGEST}" ] && [ "${CHILD_DIGEST}" != "null" ]; then
-                              CHILD_REF="${BASE_IMAGE}@${CHILD_DIGEST}"
-                              echo "==> cosign verify (public key) child ${CHILD_REF}"
-                              if retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${CHILD_REF}' -o text"; then
-                                CHILD_VERIFIED=true
-                                echo "Public key verification succeeded for child ${CHILD_REF}"
-                              else
-                                echo "Public key verification failed for child ${CHILD_REF}"
-                              fi
-
-                              echo "==> cosign verify (keyless policy) child ${CHILD_REF}"
-                              if retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${CHILD_REF}' -o text"; then
-                                CHILD_VERIFIED=true
-                                echo "Keyless verification succeeded for child ${CHILD_REF}"
-                              else
-                                echo "Keyless verification failed for child ${CHILD_REF}"
-                              fi
-                            else
-                              echo "No child digest found for ${BASE_IMAGE}:${CHILD_TAG}; skipping"
-                            fi
-                          done
-
-                          if [ "${CHILD_VERIFIED}" != "true" ]; then
-                            echo "Failed to verify index and no child manifests verified for ${BASE_IMAGE}:${IMAGE_TAG}"
-                            exit 1
-                          fi
+                        # Check if verification succeeded
+                        if [ "${VERIFIED_INDEX}" != "true" ] && [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
+                          echo "⚠️  WARNING: Verification not available for ${BASE_IMAGE}:${IMAGE_TAG}"
+                          echo "This may be due to registry propagation delays. Continuing anyway."
                        fi
                      ) || TAG_FAILED=true

--- a/server/lib/deleteOrg.ts
+++ b/server/lib/deleteOrg.ts
@@ -85,7 +85,9 @@ export async function deleteOrgById(
                        deletedNewtIds.push(deletedNewt.newtId);
                        await trx
                            .delete(newtSessions)
-                            .where(eq(newtSessions.newtId, deletedNewt.newtId));
+                            .where(
+                                eq(newtSessions.newtId, deletedNewt.newtId)
+                            );
                    }
                }
            }
@@ -229,13 +231,15 @@ export function sendTerminationMessages(result: DeleteOrgByIdResult): void {
        );
    }
    for (const olmId of result.olmsToTerminate) {
-        sendTerminateClient(0, OlmErrorCodes.TERMINATED_REKEYED, olmId).catch(
-            (error) => {
-                logger.error(
-                    "Failed to send termination message to olm:",
-                    error
-                );
-            }
-        );
+        sendTerminateClient(
+            0,
+            OlmErrorCodes.TERMINATED_REKEYED,
+            olmId
+        ).catch((error) => {
+            logger.error(
+                "Failed to send termination message to olm:",
+                error
+            );
+        });
    }
 }
--- a/server/routers/auth/deleteMyAccount.ts
+++ b/server/routers/auth/deleteMyAccount.ts
@@ -15,10 +15,13 @@ import {
 import { verifyPassword } from "@server/auth/password";
 import { verifyTotpCode } from "@server/auth/totp";
 import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
-import { deleteOrgById, sendTerminationMessages } from "@server/lib/deleteOrg";
-import { UserType } from "@server/types/UserTypes";
 import { build } from "@server/build";
 import { getOrgTierData } from "#dynamic/lib/billing";
+import {
+    deleteOrgById,
+    sendTerminationMessages
+} from "@server/lib/deleteOrg";
+import { UserType } from "@server/types/UserTypes";

 const deleteMyAccountBody = z.strictObject({
    password: z.string().optional(),
@@ -230,7 +233,10 @@ export async function deleteMyAccount(
    } catch (error) {
        logger.error(error);
        return next(
-            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "An error occurred"
+            )
        );
    }
 }