Cosign.gitlab-ci.yml template doesn't fail the job when cosign produces an error

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

From slack thread: https://gitlab.slack.com/archives/C04SB6GR2D8/p1696406118754609?thread_ts=1696346641.087589&cid=C04SB6GR2D8

Btw when I changed to the template, the job now succeeds but the signing fails.I imagine we'd want the job to fail? https://gitlab.com/gl-demo-ultimate-paporte/leticket-app/-/jobs/5219063074

This is because the template runs cosign in after_script, which doesn't affect the job's exit code.

We should fail the job in this case.

Edited Aug 27, 2025 by 🤖 GitLab Bot 🤖