fix: added warning for dangling referrers index deletion

[patrickzheng200]

This PR tries to resolve #615.

[codecov-commenter]

Codecov Report

Merging #619 (ee4cb98) into main (0ec3b3d) will decrease coverage by 0.15%.
The diff coverage is 0.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #619      +/-   ##
==========================================
- Coverage   34.43%   34.28%   -0.15%     
==========================================
  Files          32       32              
  Lines        1844     1852       +8     
==========================================
  Hits          635      635              
- Misses       1188     1196       +8     
  Partials       21       21              

Impacted Files	Coverage Δ
cmd/notation/sign.go	37.39% <0.00%> (-2.80%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[sajayantony]

Should the exit code be zero? /cc @toddysm

[toddysm]

@sajayantony I believe so and avoid braking any scripts.

Also, is this the only message we will show:

Warning: failed to delete dangling referrers index sha256:xxx for referrers tag sha256-1ba1561: DELETE "https://ghcr.io/v2/demo-user/python/manifests/sha256:e1b7d6": response status code 405: unsupported: The operation is unsupported.

I believe there should still be a confirmation that the operation succeeded and the signature got attached to the artifact. We should show the standard message we show when signature is attached + the warning.

[qweeah]

@shizhMSFT @Wwwsylvia Since this error is generated based on oras-go-specific procedure, should oras-go export this error so caller can implement upon?

[qweeah]

It's beyond this PR's scope, I created an issue for tracking, let's move discussion there.

[Wwwsylvia]

Yeah we need to think about how to improve oras-go for such use case.

[shizhMSFT]

Once oras-go is updated and have a new release, we can update here. But for now, let's do a string match.

[patrickzheng200]

Should the exit code be zero? /cc @toddysm

Yes, the exit code should be 0. Once the warning is printed out, Successfully signed... is printed out and finally return nil.

[patrickzheng200]

@sajayantony I believe so and avoid braking any scripts.

Also, is this the only message we will show:

Warning: failed to delete dangling referrers index sha256:xxx for referrers tag sha256-1ba1561: DELETE "https://ghcr.io/v2/demo-user/python/manifests/sha256:e1b7d6": response status code 405: unsupported: The operation is unsupported.

I believe there should still be a confirmation that the operation succeeded and the signature got attached to the artifact. We should show the standard message we show when signature is attached + the warning.

This warning message is an addition to the standard result. Can refer this in the code.

[patrickzheng200]

Closing this PR due to suggestion here: #615 (comment).
IMO, we should think through this process again before implementation.

[patrickzheng200]

Reopened based on discussion.

[priteshbandi]

LGTM

[shizhMSFT]

LGTM