@actions/attest 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/lib/endpoints.d.ts +0 -1
- package/lib/endpoints.js +13 -8
- package/lib/endpoints.js.map +1 -1
- package/lib/oidc.d.ts +1 -1
- package/lib/oidc.js +1 -0
- package/lib/oidc.js.map +1 -1
- package/lib/provenance.js +4 -4
- package/lib/provenance.js.map +1 -1
- package/lib/sign.js +1 -0
- package/lib/sign.js.map +1 -1
- package/lib/store.d.ts +4 -1
- package/lib/store.js +6 -2
- package/lib/store.js.map +1 -1
- package/package.json +10 -4
package/README.md
CHANGED
|
@@ -12,6 +12,9 @@ Once the attestation has been created and signed, it will be uploaded to the GH
|
|
|
12
12
|
attestations API and associated with the repository from which the workflow was
|
|
13
13
|
initiated.
|
|
14
14
|
|
|
15
|
+
See [Using artifact attestations to establish provenance for builds](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)
|
|
16
|
+
for more information on artifact attestations.
|
|
17
|
+
|
|
15
18
|
## Usage
|
|
16
19
|
|
|
17
20
|
### `attest`
|
package/lib/endpoints.d.ts
CHANGED
package/lib/endpoints.js
CHANGED
|
@@ -23,22 +23,16 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.signingEndpoints = exports.
|
|
26
|
+
exports.signingEndpoints = exports.SIGSTORE_PUBLIC_GOOD = void 0;
|
|
27
27
|
const github = __importStar(require("@actions/github"));
|
|
28
28
|
const PUBLIC_GOOD_ID = 'public-good';
|
|
29
29
|
const GITHUB_ID = 'github';
|
|
30
30
|
const FULCIO_PUBLIC_GOOD_URL = 'https://fulcio.sigstore.dev';
|
|
31
31
|
const REKOR_PUBLIC_GOOD_URL = 'https://rekor.sigstore.dev';
|
|
32
|
-
const FULCIO_INTERNAL_URL = 'https://fulcio.githubapp.com';
|
|
33
|
-
const TSA_INTERNAL_URL = 'https://timestamp.githubapp.com';
|
|
34
32
|
exports.SIGSTORE_PUBLIC_GOOD = {
|
|
35
33
|
fulcioURL: FULCIO_PUBLIC_GOOD_URL,
|
|
36
34
|
rekorURL: REKOR_PUBLIC_GOOD_URL
|
|
37
35
|
};
|
|
38
|
-
exports.SIGSTORE_GITHUB = {
|
|
39
|
-
fulcioURL: FULCIO_INTERNAL_URL,
|
|
40
|
-
tsaServerURL: TSA_INTERNAL_URL
|
|
41
|
-
};
|
|
42
36
|
const signingEndpoints = (sigstore) => {
|
|
43
37
|
var _a;
|
|
44
38
|
let instance;
|
|
@@ -57,8 +51,19 @@ const signingEndpoints = (sigstore) => {
|
|
|
57
51
|
case PUBLIC_GOOD_ID:
|
|
58
52
|
return exports.SIGSTORE_PUBLIC_GOOD;
|
|
59
53
|
case GITHUB_ID:
|
|
60
|
-
return
|
|
54
|
+
return buildGitHubEndpoints();
|
|
61
55
|
}
|
|
62
56
|
};
|
|
63
57
|
exports.signingEndpoints = signingEndpoints;
|
|
58
|
+
function buildGitHubEndpoints() {
|
|
59
|
+
const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com';
|
|
60
|
+
let host = new URL(serverURL).hostname;
|
|
61
|
+
if (host === 'github.com') {
|
|
62
|
+
host = 'githubapp.com';
|
|
63
|
+
}
|
|
64
|
+
return {
|
|
65
|
+
fulcioURL: `https://fulcio.${host}`,
|
|
66
|
+
tsaServerURL: `https://timestamp.${host}`
|
|
67
|
+
};
|
|
68
|
+
}
|
|
64
69
|
//# sourceMappingURL=endpoints.js.map
|
package/lib/endpoints.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"endpoints.js","sourceRoot":"","sources":["../src/endpoints.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AAEzC,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,SAAS,GAAG,QAAQ,CAAA;AAE1B,MAAM,sBAAsB,GAAG,6BAA6B,CAAA;AAC5D,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;
|
|
1
|
+
{"version":3,"file":"endpoints.js","sourceRoot":"","sources":["../src/endpoints.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AAEzC,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,SAAS,GAAG,QAAQ,CAAA;AAE1B,MAAM,sBAAsB,GAAG,6BAA6B,CAAA;AAC5D,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAU7C,QAAA,oBAAoB,GAAc;IAC7C,SAAS,EAAE,sBAAsB;IACjC,QAAQ,EAAE,qBAAqB;CAChC,CAAA;AAEM,MAAM,gBAAgB,GAAG,CAAC,QAA2B,EAAa,EAAE;;IACzE,IAAI,QAA0B,CAAA;IAE9B,4EAA4E;IAC5E,0DAA0D;IAC1D,IAAI,QAAQ,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAC9D,QAAQ,GAAG,QAAQ,CAAA;KACpB;SAAM;QACL,QAAQ;YACN,CAAA,MAAA,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,0CAAE,UAAU,MAAK,QAAQ;gBACxD,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,CAAA;KAChB;IAED,QAAQ,QAAQ,EAAE;QAChB,KAAK,cAAc;YACjB,OAAO,4BAAoB,CAAA;QAC7B,KAAK,SAAS;YACZ,OAAO,oBAAoB,EAAE,CAAA;KAChC;AACH,CAAC,CAAA;AApBY,QAAA,gBAAgB,oBAoB5B;AAED,SAAS,oBAAoB;IAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IACvE,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE;QACzB,IAAI,GAAG,eAAe,CAAA;KACvB;IACD,OAAO;QACL,SAAS,EAAE,kBAAkB,IAAI,EAAE;QACnC,YAAY,EAAE,qBAAqB,IAAI,EAAE;KAC1C,CAAA;AACH,CAAC"}
|
package/lib/oidc.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
declare const REQUIRED_CLAIMS: readonly ["iss", "ref", "sha", "repository", "event_name", "workflow_ref", "repository_id", "repository_owner_id", "runner_environment", "run_id", "run_attempt"];
|
|
1
|
+
declare const REQUIRED_CLAIMS: readonly ["iss", "ref", "sha", "repository", "event_name", "job_workflow_ref", "workflow_ref", "repository_id", "repository_owner_id", "runner_environment", "run_id", "run_attempt"];
|
|
2
2
|
export type ClaimSet = {
|
|
3
3
|
[K in (typeof REQUIRED_CLAIMS)[number]]: string;
|
|
4
4
|
};
|
package/lib/oidc.js
CHANGED
package/lib/oidc.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAwC;AACxC,sDAA+C;AAC/C,kDAAmC;AACnC,wDAA2B;AAE3B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQH,MAAM,gBAAgB,GAAG,CAAO,MAAc,EAAqB,EAAE;IAC1E,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;KACd;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;KAC5D;AACH,CAAC,CAAA,CAAA;AATY,QAAA,gBAAgB,oBAS5B;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACW,EAAE;IAC3B,0BAA0B;IAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,GAAG,CAAC,MAAM,CACR,KAAK,EACL,YAAY,CAAC,MAAM,CAAC,EACpB,EAAC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAC,EACjC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YACf,IAAI,GAAG,EAAE;gBACP,MAAM,CAAC,GAAG,CAAC,CAAA;aACZ;iBAAM,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;gBAClD,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAA;aACtC;iBAAM;gBACL,OAAO,CAAC,OAAO,CAAC,CAAA;aACjB;QACH,CAAC,CACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAED,6EAA6E;AAC7E,sBAAsB;AACtB,yDAAyD;AACzD,6CAA6C;AAC7C,MAAM,YAAY,GAChB,CAAC,MAAc,EAA4B,EAAE,CAC7C,CAAC,MAAqB,EAAE,QAAgC,EAAE,EAAE;IAC1D,8DAA8D;IAC9D,IAAI,wBAAU,CAAC,gBAAgB,CAAC;SAC7B,OAAO,CAAa,GAAG,MAAM,mCAAmC,CAAC;SACjE,IAAI,CAAC,IAAI,CAAC,EAAE;QACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,QAAQ,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAA;SACrD;aAAM;YACL,yCAAyC;YACzC,IAAA,kBAAI,EAAC,EAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAC,CAAC,CAAC,aAAa,CACjD,MAAM,CAAC,GAAG,EACV,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAC,GAAG,EAAE,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAC,CAAA;YACpC,CAAC,CACF,CAAA;SACF;IACH,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE;QACX,QAAQ,CAAC,GAAG,CAAC,CAAA;IACf,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AAEH,SAAS,cAAc,CAAC,MAAsB;IAC5C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE;QACnC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE;YACtB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;SAC1B;KACF;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAC/D;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAwC;AACxC,sDAA+C;AAC/C,kDAAmC;AACnC,wDAA2B;AAE3B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQH,MAAM,gBAAgB,GAAG,CAAO,MAAc,EAAqB,EAAE;IAC1E,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;KACd;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;KAC5D;AACH,CAAC,CAAA,CAAA;AATY,QAAA,gBAAgB,oBAS5B;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACW,EAAE;IAC3B,0BAA0B;IAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,GAAG,CAAC,MAAM,CACR,KAAK,EACL,YAAY,CAAC,MAAM,CAAC,EACpB,EAAC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAC,EACjC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YACf,IAAI,GAAG,EAAE;gBACP,MAAM,CAAC,GAAG,CAAC,CAAA;aACZ;iBAAM,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;gBAClD,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAA;aACtC;iBAAM;gBACL,OAAO,CAAC,OAAO,CAAC,CAAA;aACjB;QACH,CAAC,CACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAED,6EAA6E;AAC7E,sBAAsB;AACtB,yDAAyD;AACzD,6CAA6C;AAC7C,MAAM,YAAY,GAChB,CAAC,MAAc,EAA4B,EAAE,CAC7C,CAAC,MAAqB,EAAE,QAAgC,EAAE,EAAE;IAC1D,8DAA8D;IAC9D,IAAI,wBAAU,CAAC,gBAAgB,CAAC;SAC7B,OAAO,CAAa,GAAG,MAAM,mCAAmC,CAAC;SACjE,IAAI,CAAC,IAAI,CAAC,EAAE;QACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,QAAQ,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAA;SACrD;aAAM;YACL,yCAAyC;YACzC,IAAA,kBAAI,EAAC,EAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAC,CAAC,CAAC,aAAa,CACjD,MAAM,CAAC,GAAG,EACV,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAC,GAAG,EAAE,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAC,CAAA;YACpC,CAAC,CACF,CAAA;SACF;IACH,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE;QACX,QAAQ,CAAC,GAAG,CAAC,CAAA;IACf,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AAEH,SAAS,cAAc,CAAC,MAAsB;IAC5C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE;QACnC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE;YACtB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;SAC1B;KACF;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAC/D;AACH,CAAC"}
|
package/lib/provenance.js
CHANGED
|
@@ -13,8 +13,7 @@ exports.attestProvenance = exports.buildSLSAProvenancePredicate = void 0;
|
|
|
13
13
|
const attest_1 = require("./attest");
|
|
14
14
|
const oidc_1 = require("./oidc");
|
|
15
15
|
const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1';
|
|
16
|
-
const
|
|
17
|
-
const GITHUB_BUILD_TYPE = 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1';
|
|
16
|
+
const GITHUB_BUILD_TYPE = 'https://actions.github.io/buildtypes/workflow/v1';
|
|
18
17
|
const DEFAULT_ISSUER = 'https://token.actions.githubusercontent.com';
|
|
19
18
|
/**
|
|
20
19
|
* Builds an SLSA (Supply Chain Levels for Software Artifacts) provenance
|
|
@@ -50,7 +49,8 @@ const buildSLSAProvenancePredicate = (issuer = DEFAULT_ISSUER) => __awaiter(void
|
|
|
50
49
|
github: {
|
|
51
50
|
event_name: claims.event_name,
|
|
52
51
|
repository_id: claims.repository_id,
|
|
53
|
-
repository_owner_id: claims.repository_owner_id
|
|
52
|
+
repository_owner_id: claims.repository_owner_id,
|
|
53
|
+
runner_environment: claims.runner_environment
|
|
54
54
|
}
|
|
55
55
|
},
|
|
56
56
|
resolvedDependencies: [
|
|
@@ -64,7 +64,7 @@ const buildSLSAProvenancePredicate = (issuer = DEFAULT_ISSUER) => __awaiter(void
|
|
|
64
64
|
},
|
|
65
65
|
runDetails: {
|
|
66
66
|
builder: {
|
|
67
|
-
id: `${
|
|
67
|
+
id: `${serverURL}/${claims.job_workflow_ref}`
|
|
68
68
|
},
|
|
69
69
|
metadata: {
|
|
70
70
|
invocationId: `${serverURL}/${claims.repository}/actions/runs/${claims.run_id}/attempts/${claims.run_attempt}`
|
package/lib/provenance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;
|
|
1
|
+
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAE5E,MAAM,cAAc,GAAG,6CAA6C,CAAA;AASpE;;;;;;;;GAQG;AACI,MAAM,4BAA4B,GAAG,CAC1C,SAAiB,cAAc,EACX,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,YAAY;SACpD,OAAO,CAAC,GAAG,MAAM,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;SACpC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEb,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE;YACN,eAAe,EAAE;gBACf,SAAS,EAAE,iBAAiB;gBAC5B,kBAAkB,EAAE;oBAClB,QAAQ,EAAE;wBACR,GAAG,EAAE,WAAW;wBAChB,UAAU,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;wBAC/C,IAAI,EAAE,YAAY;qBACnB;iBACF;gBACD,kBAAkB,EAAE;oBAClB,MAAM,EAAE;wBACN,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;wBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;wBAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;qBAC9C;iBACF;gBACD,oBAAoB,EAAE;oBACpB;wBACE,GAAG,EAAE,OAAO,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG,EAAE;wBAC1D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,GAAG;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,EAAE,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,gBAAgB,EAAE;iBAC9C;gBACD,QAAQ,EAAE;oBACR,YAAY,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,iBAAiB,MAAM,CAAC,MAAM,aAAa,MAAM,CAAC,WAAW,EAAE;iBAC/G;aACF;SACF;KACF,CAAA;AACH,CAAC,CAAA,CAAA;AApDY,QAAA,4BAA4B,gCAoDxC;AAED;;;;;;;GAOG;AACH,SAAsB,gBAAgB,CACpC,OAAgC;;QAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,oCAA4B,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpE,OAAO,IAAA,eAAM,kCACR,OAAO,KACV,aAAa,EAAE,SAAS,CAAC,IAAI,EAC7B,SAAS,EAAE,SAAS,CAAC,MAAM,IAC3B,CAAA;IACJ,CAAC;CAAA;AATD,4CASC"}
|
package/lib/sign.js
CHANGED
package/lib/sign.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,SAAS,EAAE,MAAM;YACjB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,IAAI,EAAC,CAAC,CAAA;AAC5E,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,SAAS,EAAE,MAAM;YACjB,eAAe,EAAE,IAAI;YACrB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,IAAI,EAAC,CAAC,CAAA;AAC5E,CAAC,CAAA"}
|
package/lib/store.d.ts
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
export type WriteOptions = {
|
|
2
|
+
retry?: number;
|
|
3
|
+
};
|
|
1
4
|
/**
|
|
2
5
|
* Writes an attestation to the repository's attestations endpoint.
|
|
3
6
|
* @param attestation - The attestation to write.
|
|
@@ -5,4 +8,4 @@
|
|
|
5
8
|
* @returns The ID of the attestation.
|
|
6
9
|
* @throws Error if the attestation fails to persist.
|
|
7
10
|
*/
|
|
8
|
-
export declare const writeAttestation: (attestation: unknown, token: string) => Promise<string>;
|
|
11
|
+
export declare const writeAttestation: (attestation: unknown, token: string, options?: WriteOptions) => Promise<string>;
|
package/lib/store.js
CHANGED
|
@@ -34,7 +34,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
34
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
35
|
exports.writeAttestation = void 0;
|
|
36
36
|
const github = __importStar(require("@actions/github"));
|
|
37
|
+
const plugin_retry_1 = require("@octokit/plugin-retry");
|
|
37
38
|
const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations';
|
|
39
|
+
const DEFAULT_RETRY_COUNT = 5;
|
|
38
40
|
/**
|
|
39
41
|
* Writes an attestation to the repository's attestations endpoint.
|
|
40
42
|
* @param attestation - The attestation to write.
|
|
@@ -42,8 +44,10 @@ const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations';
|
|
|
42
44
|
* @returns The ID of the attestation.
|
|
43
45
|
* @throws Error if the attestation fails to persist.
|
|
44
46
|
*/
|
|
45
|
-
const writeAttestation = (attestation, token) => __awaiter(void 0, void 0, void 0, function* () {
|
|
46
|
-
|
|
47
|
+
const writeAttestation = (attestation, token, options = {}) => __awaiter(void 0, void 0, void 0, function* () {
|
|
48
|
+
var _a;
|
|
49
|
+
const retries = (_a = options.retry) !== null && _a !== void 0 ? _a : DEFAULT_RETRY_COUNT;
|
|
50
|
+
const octokit = github.getOctokit(token, { retry: { retries } }, plugin_retry_1.retry);
|
|
47
51
|
try {
|
|
48
52
|
const response = yield octokit.request(CREATE_ATTESTATION_REQUEST, {
|
|
49
53
|
owner: github.context.repo.owner,
|
package/lib/store.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;
|
|
1
|
+
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AACzC,wDAA2C;AAE3C,MAAM,0BAA0B,GAAG,yCAAyC,CAAA;AAC5E,MAAM,mBAAmB,GAAG,CAAC,CAAA;AAK7B;;;;;;GAMG;AACI,MAAM,gBAAgB,GAAG,CAC9B,WAAoB,EACpB,KAAa,EACb,UAAwB,EAAE,EACT,EAAE;;IACnB,MAAM,OAAO,GAAG,MAAA,OAAO,CAAC,KAAK,mCAAI,mBAAmB,CAAA;IACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,EAAC,OAAO,EAAC,EAAC,EAAE,oBAAK,CAAC,CAAA;IAEnE,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;YAChC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,IAAI,EAAE,EAAC,MAAM,EAAE,WAAW,EAAC;SAC5B,CAAC,CAAA;QAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;YAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;QACnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE,CAAA;KAChB;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;QACxD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAA;KAC7D;AACH,CAAC,CAAA,CAAA;AAxBY,QAAA,gBAAgB,oBAwB5B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@actions/attest",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"description": "Actions attestation lib",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"github",
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"url": "https://github.com/actions/toolkit/issues"
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
|
-
"@sigstore/mock": "^0.
|
|
38
|
+
"@sigstore/mock": "^0.7.4",
|
|
39
39
|
"@sigstore/rekor-types": "^2.0.0",
|
|
40
40
|
"@types/jsonwebtoken": "^9.0.6",
|
|
41
41
|
"jose": "^5.2.3",
|
|
@@ -46,9 +46,15 @@
|
|
|
46
46
|
"@actions/core": "^1.10.1",
|
|
47
47
|
"@actions/github": "^6.0.0",
|
|
48
48
|
"@actions/http-client": "^2.2.1",
|
|
49
|
-
"@
|
|
50
|
-
"@sigstore/
|
|
49
|
+
"@octokit/plugin-retry": "^6.0.1",
|
|
50
|
+
"@sigstore/bundle": "^2.3.2",
|
|
51
|
+
"@sigstore/sign": "^2.3.2",
|
|
51
52
|
"jsonwebtoken": "^9.0.2",
|
|
52
53
|
"jwks-rsa": "^3.1.0"
|
|
54
|
+
},
|
|
55
|
+
"overrides": {
|
|
56
|
+
"@octokit/plugin-retry": {
|
|
57
|
+
"@octokit/core": "^5.2.0"
|
|
58
|
+
}
|
|
53
59
|
}
|
|
54
60
|
}
|