Merge branch 'main' of github.com:fosrl/pangolin into dev

2026-03-07 03:06:40 +00:00 · 2026-02-17 21:06:16 -08:00
parent 5d92190d50 9eacefb155
commit e2f78ba476
3 changed files with 26 additions and 47 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -525,41 +525,10 @@ jobs:
                          VERIFIED_INDEX_KEYLESS=false
                        fi
-                        # If index verification fails, attempt to verify child platform manifests
+                        # Check if verification succeeded
-                        if [ "${VERIFIED_INDEX}" != "true" ] || [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
+                        if [ "${VERIFIED_INDEX}" != "true" ] && [ "${VERIFIED_INDEX_KEYLESS}" != "true" ]; then
-                          echo "Index verification not available; attempting child manifest verification for ${BASE_IMAGE}:${IMAGE_TAG}"
+                          echo "⚠️  WARNING: Verification not available for ${BASE_IMAGE}:${IMAGE_TAG}"
-                          CHILD_VERIFIED=false
+                          echo "This may be due to registry propagation delays. Continuing anyway."
                          for ARCH in arm64 amd64; do
                            CHILD_TAG="${IMAGE_TAG}-${ARCH}"
                            echo "Resolving child digest for ${BASE_IMAGE}:${CHILD_TAG}"
                            CHILD_DIGEST="$(skopeo inspect --retry-times 3 docker://${BASE_IMAGE}:${CHILD_TAG} | jq -r '.Digest' || true)"
                            if [ -n "${CHILD_DIGEST}" ] && [ "${CHILD_DIGEST}" != "null" ]; then
                              CHILD_REF="${BASE_IMAGE}@${CHILD_DIGEST}"
                              echo "==> cosign verify (public key) child ${CHILD_REF}"
                              if retry_verify "cosign verify --key env://COSIGN_PUBLIC_KEY '${CHILD_REF}' -o text"; then
                                CHILD_VERIFIED=true
                                echo "Public key verification succeeded for child ${CHILD_REF}"
                              else
                                echo "Public key verification failed for child ${CHILD_REF}"
                              fi
                              echo "==> cosign verify (keyless policy) child ${CHILD_REF}"
                              if retry_verify "cosign verify --certificate-oidc-issuer '${issuer}' --certificate-identity-regexp '${id_regex}' '${CHILD_REF}' -o text"; then
                                CHILD_VERIFIED=true
                                echo "Keyless verification succeeded for child ${CHILD_REF}"
                              else
                                echo "Keyless verification failed for child ${CHILD_REF}"
                              fi
                            else
                              echo "No child digest found for ${BASE_IMAGE}:${CHILD_TAG}; skipping"
                            fi
                          done
                          if [ "${CHILD_VERIFIED}" != "true" ]; then
                            echo "Failed to verify index and no child manifests verified for ${BASE_IMAGE}:${IMAGE_TAG}"
                            exit 1
                          fi
                        fi
                      ) || TAG_FAILED=true
--- a/server/lib/deleteOrg.ts
+++ b/server/lib/deleteOrg.ts
@@ -85,7 +85,9 @@ export async function deleteOrgById(
                        deletedNewtIds.push(deletedNewt.newtId);
                        await trx
                            .delete(newtSessions)
-                            .where(eq(newtSessions.newtId, deletedNewt.newtId));
+                            .where(
                                eq(newtSessions.newtId, deletedNewt.newtId)
                            );
                    }
                }
            }
@@ -229,13 +231,15 @@ export function sendTerminationMessages(result: DeleteOrgByIdResult): void {
        );
    }
    for (const olmId of result.olmsToTerminate) {
-        sendTerminateClient(0, OlmErrorCodes.TERMINATED_REKEYED, olmId).catch(
+        sendTerminateClient(
-            (error) => {
+            0,
-                logger.error(
+            OlmErrorCodes.TERMINATED_REKEYED,
-                    "Failed to send termination message to olm:",
+            olmId
-                    error
+        ).catch((error) => {
-                );
+            logger.error(
-            }
+                "Failed to send termination message to olm:",
-        );
+                error
            );
        });
    }
 }
--- a/server/routers/auth/deleteMyAccount.ts
+++ b/server/routers/auth/deleteMyAccount.ts
@@ -15,10 +15,13 @@ import {
 import { verifyPassword } from "@server/auth/password";
 import { verifyTotpCode } from "@server/auth/totp";
 import { calculateUserClientsForOrgs } from "@server/lib/calculateUserClientsForOrgs";
 import { deleteOrgById, sendTerminationMessages } from "@server/lib/deleteOrg";
 import { UserType } from "@server/types/UserTypes";
 import { build } from "@server/build";
 import { getOrgTierData } from "#dynamic/lib/billing";
 import {
    deleteOrgById,
    sendTerminationMessages
 } from "@server/lib/deleteOrg";
 import { UserType } from "@server/types/UserTypes";
 const deleteMyAccountBody = z.strictObject({
    password: z.string().optional(),
@@ -230,7 +233,10 @@ export async function deleteMyAccount(
    } catch (error) {
        logger.error(error);
        return next(
-            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+            createHttpError(
                HttpCode.INTERNAL_SERVER_ERROR,
                "An error occurred"
            )
        );
    }
 }