fix: set explicit RHTAS service URLs in gitsign e2e test

[osmman]

Summary

• Adds explicit gitsign.fulcio, gitsign.rekor, and gitsign.issuer URLs to the git config in the gitsign e2e test, matching the pattern already used in the rekorsearchui test
• Adds api.FulcioURL to the mandatory config check so the test fails fast if the URL is missing

Without these, gitsign falls back to fulcio.sigstore.dev (public Sigstore), causing the test to fail when the RHTAS Keycloak OIDC token is rejected by the public Fulcio instance.

Test plan

• Verify gitsign e2e test passes in CI against an RHTAS deployment
• Confirm no regression in rekorsearchui test (uses the same pattern)

🤖 Generated with Claude Code

[qodo-for-securesign]

Review Summary by Qodo

Set explicit RHTAS service URLs in gitsign e2e test

🐞 Bug fix

Walkthroughs

Description

• Adds explicit RHTAS service URLs to gitsign git config
• Prevents fallback to public Sigstore defaults
• Adds FulcioURL to mandatory config validation
• Ensures OIDC token compatibility with RHTAS deployment

Diagram

flowchart LR
  A["Gitsign Config"] -->|Add explicit URLs| B["Fulcio URL"]
  A -->|Add explicit URLs| C["Rekor URL"]
  A -->|Add explicit URLs| D["Issuer URL"]
  E["Mandatory Config Check"] -->|Include| B
  B -->|Prevent fallback to| F["Public Sigstore"]
  C -->|Prevent fallback to| F
  D -->|Prevent fallback to| F

Loading

File Changes

1. test/gitsign/gitsign_sign_verify_test.go 🐞 Bug fix +4/-1

Configure explicit RHTAS URLs for gitsign

• Added api.FulcioURL to mandatory config validation check
• Configured gitsign with explicit fulcio, rekor, and issuer URLs from RHTAS
• Prevents gitsign from falling back to public Sigstore defaults
• Ensures OIDC token from RHTAS Keycloak is accepted by configured services

test/gitsign/gitsign_sign_verify_test.go

---

[qodo-for-securesign]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review