Add extra no signed email case

lukehinds · Sep 3, 2022 · 53d1728 · 53d1728
1 parent b874830
commit 53d1728
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -141,3 +141,11 @@ ghcr.io/lukehinds/nginx2@sha256:32d4567494509b13a40899885dfbee46cec32ce918e39125
 
 Altenatively, you can use a different email address to sign the unsigned image,
 which should also fail
+
+```shell
+& helm install nginx-unsigned --atomic -n nginx-ns1 ./manifests/nginx-demo -f manifests/nginx-unsigned.yaml
+
+Error: INSTALLATION FAILED: release nginx-unsigned failed, and has been uninstalled due to atomic being set: admission webhook "policy.sigstore.dev" denied the request: validation failed: failed policy: sigstore-demo: spec.template.spec.containers[0].image
+ghcr.io/lukehinds/nginx2@sha256:32d4567494509b13a40899885dfbee46cec32ce918e39125161ac4de8337339c signature keyless validation failed for authority authority-0 for ghcr.io/lukehinds/nginx2@sha256:32d4567494509b13a40899885dfbee46cec32ce918e39125161ac4de8337339c: no matching signatures:
+none of the expected identities matched what was in the certificate
+```