[bug] generator_container_slsa3.yml and generator_generic_slsa3.yml should not use continue-on-error

[jaqx0r]

Describe the bug

Debugging workflow errors is made more difficult by hiding the location where failures occur.

https://github.com/google/mtail/actions/runs/8816120887/job/24199661807 for example actually fails in the previous job https://github.com/google/mtail/actions/runs/8816120887/job/24199649953 but this is hidden from view. It takes time to read and understand the workflow to figure out where the failure is occurring.

I assume there's a good reason for laundering the exit code into the "final" job but it's not evident why that is.

To Reproduce

In this case I'm passing incorrect value to the DIGEST parameter of the generator_container_slsa3.yml workflow.

Understanding why I was not passing a correct DIGEST is out of scope of this bug, but it was effectively because my goreleaser config emits multple architecture images, the example from goreleaser that I copied did not cope with that, and so the workflow was being passed a digest that was not actually a digest.

Learning all this was made more difficult because the worfklow was not failing at the point of failure.

Expected behavior
I would like the workflow to fail where the error occurs, so it is easier to understand why the workflow is failing when it does.

[ianlewis]

We have to use continue-on-error to support our own continue-on-error logic (see the workflow inputs. We can perhaps update the error messaging to make it clearer where to look for the errors when they occur.

[ianlewis]

We could also try to fail earlier but it would require us to put in and maintain continue-on-error checks for every job step. That would probably make it easier to grok errors but I'm not sure it's the right thing to do from a maintainability perspective because we're already light on resources at the moment.