Resolve "Keyless signing with sigstore not working in child pipelines" (!209562) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

In the related issue, the infrastructure team are reporting failures integrating with Sigstore via cosign in child pipelines. grouppipeline security identified the root cause and pushed a fix in the original MR.

I've confirmed the fix is good and enabled the FF globally. This MR removes the FF as it is no longer needed.

References

Issue: Keyless signing with sigstore not working in child pipelines
Original MR: Resolve "Keyless signing with sigstore not working in child pipelines"
FF: [FF] sigstore_child_pipelines_fix -- Derisk fix for sigstore signing in child pipelines
Feature flag <code data-sourcepos="12:18-12:47">sigstore_child_pipelines_fix</code> has been set to <code data-sourcepos="12:65-12:71">true%</code> of actors on <strong data-sourcepos="12:86-12:93">gprd</strong>

Screenshots or screen recordings

https://gitlab.com/gitlab-org/gitlab/-/issues/422146#note_2832976172

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #422146

Edited Oct 21, 2025 by Sam Roque-Worcel

Resolve "Keyless signing with sigstore not working in child pipelines"

What does this MR do and why?

References

Screenshots or screen recordings

MR acceptance checklist

Merge request reports