Question: Should the sign workflow supply the unsigned binary artifacts to the created sbuild workflow?

When creating a signing workflow for a Linux kernel, one supplies a signing template artifact as well as supporting .deb artifacts to the workflow. It then creates an extractforsigning workrequest that consumes those supporting artifacts, signs the request and assembled as signed source. This signed source is then passed to a sbuild workflow though this time the supporting artifacts are not communicated even though the signed source issues Build-Depends on them. As a result, the created sbuild workrequest fails installing its Build-Depends unless the exact same supporting artifacts are available from the base distribution identified by vendor and codename.

At the very least, this is inconsistent. Why would the extractforsigning workrequest require those artifacts rather than pulling them from the base distribution OR why would the sbuild workrequest not use the supplied artifacts?

This suggests that the signing workflow should be redesigned. Either it should consume a collection (or whatever we use to represent a distribution) and draw its artifacts from that collection in an automated way (for both created workrequests) or it should forward the explicitly passed artifacts to the sbuild workrequest.