@actions/attest 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/lib/attest.js.map +1 -1
  2. package/lib/sign.d.ts +1 -1
  3. package/lib/sign.js +3 -1
  4. package/lib/sign.js.map +1 -1
  5. package/lib/store.js +5 -7
  6. package/lib/store.js.map +1 -1
  7. package/package.json +6 -7
package/lib/attest.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAAqD;AACrD,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAIxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;AAwB1D;;;;;;GAMG;AACH,SAAsB,MAAM,CAAC,OAAsB;;QACjD,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,MAAM,EAAE,OAAO,CAAC,aAAa;SAC9B,CAAA;QACD,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,OAAO,CAAC,aAAa;YAC3B,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,6BAAoB,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAE1D,gCAAgC;QAChC,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,EAAE,mBAAmB;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,4BAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAW,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAEpD,wBAAwB;QACxB,IAAI,aAAiC,CAAA;QACrC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE;YAC9B,aAAa,GAAG,MAAM,IAAA,wBAAgB,EAAC,IAAA,qBAAY,EAAC,MAAM,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;SAC5E;QAED,OAAO,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC7C,CAAC;CAAA;AA1BD,wBA0BC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,aAAsB;IAC3D,IAAI,SAAiB,CAAA;IACrB,QAAQ,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAK,EAAE;QACjD,KAAK,sBAAsB;YACzB,SAAS;gBACP,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC;qBACrE,QAAQ,CAAA;YACb,MAAK;QACP,KAAK,aAAa;YAChB,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAA;YACpE,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;KAC7D;IAED,MAAM,WAAW,GAAG,IAAI,wBAAe,CAAC,SAAS,CAAC,CAAA;IAElD,2CAA2C;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAA;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,OAAO;QACL,MAAM,EAAE,IAAA,qBAAY,EAAC,MAAM,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE;QACnC,MAAM;QACN,aAAa;KACd,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA6C;AAC7C,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAKxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;AAwB1D;;;;;;GAMG;AACH,SAAsB,MAAM,CAAC,OAAsB;;QACjD,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,MAAM,EAAE,OAAO,CAAC,aAAa;SAC9B,CAAA;QACD,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,OAAO,CAAC,aAAa;YAC3B,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,6BAAoB,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAE1D,gCAAgC;QAChC,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,EAAE,mBAAmB;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,4BAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAW,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAEpD,wBAAwB;QACxB,IAAI,aAAiC,CAAA;QACrC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE;YAC9B,aAAa,GAAG,MAAM,IAAA,wBAAgB,EAAC,IAAA,qBAAY,EAAC,MAAM,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;SAC5E;QAED,OAAO,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC7C,CAAC;CAAA;AA1BD,wBA0BC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,aAAsB;IAC3D,IAAI,SAAiB,CAAA;IACrB,QAAQ,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAK,EAAE;QACjD,KAAK,sBAAsB;YACzB,SAAS;gBACP,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC;qBACrE,QAAQ,CAAA;YACb,MAAK;QACP,KAAK,aAAa;YAChB,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAA;YACpE,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;KAC7D;IAED,MAAM,WAAW,GAAG,IAAI,wBAAe,CAAC,SAAS,CAAC,CAAA;IAElD,2CAA2C;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAA;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,OAAO;QACL,MAAM,EAAE,IAAA,qBAAY,EAAC,MAAM,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE;QACnC,MAAM;QACN,aAAa;KACd,CAAA;AACH,CAAC"}
package/lib/sign.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  /// <reference types="node" />
2
- import { Bundle } from '@sigstore/bundle';
2
+ import { Bundle } from '@sigstore/sign';
3
3
  /**
4
4
  * The payload to be signed (body) and its media type (type).
5
5
  */
package/lib/sign.js CHANGED
@@ -57,6 +57,8 @@ const initBundleBuilder = (opts) => {
57
57
  retry
58
58
  }));
59
59
  }
60
- return new sign_1.DSSEBundleBuilder({ signer, witnesses });
60
+ // Build the bundle with the singleCertificate option which will
61
+ // trigger the creation of v0.3 DSSE bundles
62
+ return new sign_1.DSSEBundleBuilder({ signer, witnesses, singleCertificate: true });
61
63
  };
62
64
  //# sourceMappingURL=sign.js.map
package/lib/sign.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,yCAQuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,SAAS,EAAE,MAAM;YACjB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAC,CAAC,CAAA;AACnD,CAAC,CAAA"}
1
+ {"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,SAAS,EAAE,MAAM;YACjB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,IAAI,EAAC,CAAC,CAAA;AAC5E,CAAC,CAAA"}
package/lib/store.js CHANGED
@@ -31,13 +31,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
31
31
  step((generator = generator.apply(thisArg, _arguments || [])).next());
32
32
  });
33
33
  };
34
- var __importDefault = (this && this.__importDefault) || function (mod) {
35
- return (mod && mod.__esModule) ? mod : { "default": mod };
36
- };
37
34
  Object.defineProperty(exports, "__esModule", { value: true });
38
35
  exports.writeAttestation = void 0;
39
36
  const github = __importStar(require("@actions/github"));
40
- const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
41
37
  const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations';
42
38
  /**
43
39
  * Writes an attestation to the repository's attestations endpoint.
@@ -47,15 +43,17 @@ const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations';
47
43
  * @throws Error if the attestation fails to persist.
48
44
  */
49
45
  const writeAttestation = (attestation, token) => __awaiter(void 0, void 0, void 0, function* () {
50
- var _a;
51
- const octokit = github.getOctokit(token, { request: { fetch: make_fetch_happen_1.default } });
46
+ const octokit = github.getOctokit(token);
52
47
  try {
53
48
  const response = yield octokit.request(CREATE_ATTESTATION_REQUEST, {
54
49
  owner: github.context.repo.owner,
55
50
  repo: github.context.repo.repo,
56
51
  data: { bundle: attestation }
57
52
  });
58
- return (_a = response.data) === null || _a === void 0 ? void 0 : _a.id;
53
+ const data = typeof response.data == 'string'
54
+ ? JSON.parse(response.data)
55
+ : response.data;
56
+ return data === null || data === void 0 ? void 0 : data.id;
59
57
  }
60
58
  catch (err) {
61
59
  const message = err instanceof Error ? err.message : err;
package/lib/store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AACzC,0EAAqC;AAErC,MAAM,0BAA0B,GAAG,yCAAyC,CAAA;AAE5E;;;;;;GAMG;AACI,MAAM,gBAAgB,GAAG,CAC9B,WAAoB,EACpB,KAAa,EACI,EAAE;;IACnB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,OAAO,EAAE,EAAC,KAAK,EAAL,2BAAK,EAAC,EAAC,CAAC,CAAA;IAE5D,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;YAChC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,IAAI,EAAE,EAAC,MAAM,EAAE,WAAW,EAAC;SAC5B,CAAC,CAAA;QAEF,OAAO,MAAA,QAAQ,CAAC,IAAI,0CAAE,EAAE,CAAA;KACzB;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;QACxD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAA;KAC7D;AACH,CAAC,CAAA,CAAA;AAlBY,QAAA,gBAAgB,oBAkB5B"}
1
+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AAEzC,MAAM,0BAA0B,GAAG,yCAAyC,CAAA;AAE5E;;;;;;GAMG;AACI,MAAM,gBAAgB,GAAG,CAC9B,WAAoB,EACpB,KAAa,EACI,EAAE;IACnB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IAExC,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;YAChC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,IAAI,EAAE,EAAC,MAAM,EAAE,WAAW,EAAC;SAC5B,CAAC,CAAA;QAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;YAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;QACnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE,CAAA;KAChB;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;QACxD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAA;KAC7D;AACH,CAAC,CAAA,CAAA;AAtBY,QAAA,gBAAgB,oBAsB5B"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@actions/attest",
3
- "version": "1.1.0",
3
+ "version": "1.2.0",
4
4
  "description": "Actions attestation lib",
5
5
  "keywords": [
6
6
  "github",
@@ -38,18 +38,17 @@
38
38
  "@sigstore/mock": "^0.6.5",
39
39
  "@sigstore/rekor-types": "^2.0.0",
40
40
  "@types/jsonwebtoken": "^9.0.6",
41
- "@types/make-fetch-happen": "^10.0.4",
42
41
  "jose": "^5.2.3",
43
- "nock": "^13.5.1"
42
+ "nock": "^13.5.1",
43
+ "undici": "^5.28.4"
44
44
  },
45
45
  "dependencies": {
46
46
  "@actions/core": "^1.10.1",
47
47
  "@actions/github": "^6.0.0",
48
48
  "@actions/http-client": "^2.2.1",
49
- "@sigstore/bundle": "^2.2.0",
50
- "@sigstore/sign": "^2.2.3",
49
+ "@sigstore/bundle": "^2.3.0",
50
+ "@sigstore/sign": "^2.3.0",
51
51
  "jsonwebtoken": "^9.0.2",
52
- "jwks-rsa": "^3.1.0",
53
- "make-fetch-happen": "^13.0.0"
52
+ "jwks-rsa": "^3.1.0"
54
53
  }
55
54
  }