@actions/attest 1.2.1 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/lib/endpoints.d.ts +0 -1
- package/lib/endpoints.js +13 -8
- package/lib/endpoints.js.map +1 -1
- package/lib/oidc.d.ts +1 -1
- package/lib/oidc.js +1 -0
- package/lib/oidc.js.map +1 -1
- package/lib/provenance.js +4 -4
- package/lib/provenance.js.map +1 -1
- package/lib/sign.js +1 -0
- package/lib/sign.js.map +1 -1
- package/package.json +4 -4
package/README.md
CHANGED
|
@@ -12,6 +12,9 @@ Once the attestation has been created and signed, it will be uploaded to the GH
|
|
|
12
12
|
attestations API and associated with the repository from which the workflow was
|
|
13
13
|
initiated.
|
|
14
14
|
|
|
15
|
+
See [Using artifact attestations to establish provenance for builds](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)
|
|
16
|
+
for more information on artifact attestations.
|
|
17
|
+
|
|
15
18
|
## Usage
|
|
16
19
|
|
|
17
20
|
### `attest`
|
package/lib/endpoints.d.ts
CHANGED
package/lib/endpoints.js
CHANGED
|
@@ -23,22 +23,16 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.signingEndpoints = exports.
|
|
26
|
+
exports.signingEndpoints = exports.SIGSTORE_PUBLIC_GOOD = void 0;
|
|
27
27
|
const github = __importStar(require("@actions/github"));
|
|
28
28
|
const PUBLIC_GOOD_ID = 'public-good';
|
|
29
29
|
const GITHUB_ID = 'github';
|
|
30
30
|
const FULCIO_PUBLIC_GOOD_URL = 'https://fulcio.sigstore.dev';
|
|
31
31
|
const REKOR_PUBLIC_GOOD_URL = 'https://rekor.sigstore.dev';
|
|
32
|
-
const FULCIO_INTERNAL_URL = 'https://fulcio.githubapp.com';
|
|
33
|
-
const TSA_INTERNAL_URL = 'https://timestamp.githubapp.com';
|
|
34
32
|
exports.SIGSTORE_PUBLIC_GOOD = {
|
|
35
33
|
fulcioURL: FULCIO_PUBLIC_GOOD_URL,
|
|
36
34
|
rekorURL: REKOR_PUBLIC_GOOD_URL
|
|
37
35
|
};
|
|
38
|
-
exports.SIGSTORE_GITHUB = {
|
|
39
|
-
fulcioURL: FULCIO_INTERNAL_URL,
|
|
40
|
-
tsaServerURL: TSA_INTERNAL_URL
|
|
41
|
-
};
|
|
42
36
|
const signingEndpoints = (sigstore) => {
|
|
43
37
|
var _a;
|
|
44
38
|
let instance;
|
|
@@ -57,8 +51,19 @@ const signingEndpoints = (sigstore) => {
|
|
|
57
51
|
case PUBLIC_GOOD_ID:
|
|
58
52
|
return exports.SIGSTORE_PUBLIC_GOOD;
|
|
59
53
|
case GITHUB_ID:
|
|
60
|
-
return
|
|
54
|
+
return buildGitHubEndpoints();
|
|
61
55
|
}
|
|
62
56
|
};
|
|
63
57
|
exports.signingEndpoints = signingEndpoints;
|
|
58
|
+
function buildGitHubEndpoints() {
|
|
59
|
+
const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com';
|
|
60
|
+
let host = new URL(serverURL).hostname;
|
|
61
|
+
if (host === 'github.com') {
|
|
62
|
+
host = 'githubapp.com';
|
|
63
|
+
}
|
|
64
|
+
return {
|
|
65
|
+
fulcioURL: `https://fulcio.${host}`,
|
|
66
|
+
tsaServerURL: `https://timestamp.${host}`
|
|
67
|
+
};
|
|
68
|
+
}
|
|
64
69
|
//# sourceMappingURL=endpoints.js.map
|
package/lib/endpoints.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"endpoints.js","sourceRoot":"","sources":["../src/endpoints.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AAEzC,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,SAAS,GAAG,QAAQ,CAAA;AAE1B,MAAM,sBAAsB,GAAG,6BAA6B,CAAA;AAC5D,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;
|
|
1
|
+
{"version":3,"file":"endpoints.js","sourceRoot":"","sources":["../src/endpoints.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AAEzC,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,SAAS,GAAG,QAAQ,CAAA;AAE1B,MAAM,sBAAsB,GAAG,6BAA6B,CAAA;AAC5D,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAU7C,QAAA,oBAAoB,GAAc;IAC7C,SAAS,EAAE,sBAAsB;IACjC,QAAQ,EAAE,qBAAqB;CAChC,CAAA;AAEM,MAAM,gBAAgB,GAAG,CAAC,QAA2B,EAAa,EAAE;;IACzE,IAAI,QAA0B,CAAA;IAE9B,4EAA4E;IAC5E,0DAA0D;IAC1D,IAAI,QAAQ,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;QAC9D,QAAQ,GAAG,QAAQ,CAAA;KACpB;SAAM;QACL,QAAQ;YACN,CAAA,MAAA,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,0CAAE,UAAU,MAAK,QAAQ;gBACxD,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,CAAA;KAChB;IAED,QAAQ,QAAQ,EAAE;QAChB,KAAK,cAAc;YACjB,OAAO,4BAAoB,CAAA;QAC7B,KAAK,SAAS;YACZ,OAAO,oBAAoB,EAAE,CAAA;KAChC;AACH,CAAC,CAAA;AApBY,QAAA,gBAAgB,oBAoB5B;AAED,SAAS,oBAAoB;IAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IACvE,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE;QACzB,IAAI,GAAG,eAAe,CAAA;KACvB;IACD,OAAO;QACL,SAAS,EAAE,kBAAkB,IAAI,EAAE;QACnC,YAAY,EAAE,qBAAqB,IAAI,EAAE;KAC1C,CAAA;AACH,CAAC"}
|
package/lib/oidc.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
declare const REQUIRED_CLAIMS: readonly ["iss", "ref", "sha", "repository", "event_name", "workflow_ref", "repository_id", "repository_owner_id", "runner_environment", "run_id", "run_attempt"];
|
|
1
|
+
declare const REQUIRED_CLAIMS: readonly ["iss", "ref", "sha", "repository", "event_name", "job_workflow_ref", "workflow_ref", "repository_id", "repository_owner_id", "runner_environment", "run_id", "run_attempt"];
|
|
2
2
|
export type ClaimSet = {
|
|
3
3
|
[K in (typeof REQUIRED_CLAIMS)[number]]: string;
|
|
4
4
|
};
|
package/lib/oidc.js
CHANGED
package/lib/oidc.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAwC;AACxC,sDAA+C;AAC/C,kDAAmC;AACnC,wDAA2B;AAE3B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQH,MAAM,gBAAgB,GAAG,CAAO,MAAc,EAAqB,EAAE;IAC1E,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;KACd;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;KAC5D;AACH,CAAC,CAAA,CAAA;AATY,QAAA,gBAAgB,oBAS5B;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACW,EAAE;IAC3B,0BAA0B;IAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,GAAG,CAAC,MAAM,CACR,KAAK,EACL,YAAY,CAAC,MAAM,CAAC,EACpB,EAAC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAC,EACjC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YACf,IAAI,GAAG,EAAE;gBACP,MAAM,CAAC,GAAG,CAAC,CAAA;aACZ;iBAAM,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;gBAClD,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAA;aACtC;iBAAM;gBACL,OAAO,CAAC,OAAO,CAAC,CAAA;aACjB;QACH,CAAC,CACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAED,6EAA6E;AAC7E,sBAAsB;AACtB,yDAAyD;AACzD,6CAA6C;AAC7C,MAAM,YAAY,GAChB,CAAC,MAAc,EAA4B,EAAE,CAC7C,CAAC,MAAqB,EAAE,QAAgC,EAAE,EAAE;IAC1D,8DAA8D;IAC9D,IAAI,wBAAU,CAAC,gBAAgB,CAAC;SAC7B,OAAO,CAAa,GAAG,MAAM,mCAAmC,CAAC;SACjE,IAAI,CAAC,IAAI,CAAC,EAAE;QACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,QAAQ,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAA;SACrD;aAAM;YACL,yCAAyC;YACzC,IAAA,kBAAI,EAAC,EAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAC,CAAC,CAAC,aAAa,CACjD,MAAM,CAAC,GAAG,EACV,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAC,GAAG,EAAE,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAC,CAAA;YACpC,CAAC,CACF,CAAA;SACF;IACH,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE;QACX,QAAQ,CAAC,GAAG,CAAC,CAAA;IACf,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AAEH,SAAS,cAAc,CAAC,MAAsB;IAC5C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE;QACnC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE;YACtB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;SAC1B;KACF;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAC/D;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAwC;AACxC,sDAA+C;AAC/C,kDAAmC;AACnC,wDAA2B;AAE3B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQH,MAAM,gBAAgB,GAAG,CAAO,MAAc,EAAqB,EAAE;IAC1E,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;KACd;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;KAC5D;AACH,CAAC,CAAA,CAAA;AATY,QAAA,gBAAgB,oBAS5B;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACW,EAAE;IAC3B,0BAA0B;IAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,GAAG,CAAC,MAAM,CACR,KAAK,EACL,YAAY,CAAC,MAAM,CAAC,EACpB,EAAC,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAC,EACjC,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;YACf,IAAI,GAAG,EAAE;gBACP,MAAM,CAAC,GAAG,CAAC,CAAA;aACZ;iBAAM,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;gBAClD,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAA;aACtC;iBAAM;gBACL,OAAO,CAAC,OAAO,CAAC,CAAA;aACjB;QACH,CAAC,CACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA,CAAA;AAED,6EAA6E;AAC7E,sBAAsB;AACtB,yDAAyD;AACzD,6CAA6C;AAC7C,MAAM,YAAY,GAChB,CAAC,MAAc,EAA4B,EAAE,CAC7C,CAAC,MAAqB,EAAE,QAAgC,EAAE,EAAE;IAC1D,8DAA8D;IAC9D,IAAI,wBAAU,CAAC,gBAAgB,CAAC;SAC7B,OAAO,CAAa,GAAG,MAAM,mCAAmC,CAAC;SACjE,IAAI,CAAC,IAAI,CAAC,EAAE;QACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAChB,QAAQ,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAA;SACrD;aAAM;YACL,yCAAyC;YACzC,IAAA,kBAAI,EAAC,EAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAC,CAAC,CAAC,aAAa,CACjD,MAAM,CAAC,GAAG,EACV,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAC,GAAG,EAAE,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAC,CAAA;YACpC,CAAC,CACF,CAAA;SACF;IACH,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,CAAC,EAAE;QACX,QAAQ,CAAC,GAAG,CAAC,CAAA;IACf,CAAC,CAAC,CAAA;AACN,CAAC,CAAA;AAEH,SAAS,cAAc,CAAC,MAAsB;IAC5C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE;QACnC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE;YACtB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;SAC1B;KACF;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAC/D;AACH,CAAC"}
|
package/lib/provenance.js
CHANGED
|
@@ -13,8 +13,7 @@ exports.attestProvenance = exports.buildSLSAProvenancePredicate = void 0;
|
|
|
13
13
|
const attest_1 = require("./attest");
|
|
14
14
|
const oidc_1 = require("./oidc");
|
|
15
15
|
const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1';
|
|
16
|
-
const
|
|
17
|
-
const GITHUB_BUILD_TYPE = 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1';
|
|
16
|
+
const GITHUB_BUILD_TYPE = 'https://actions.github.io/buildtypes/workflow/v1';
|
|
18
17
|
const DEFAULT_ISSUER = 'https://token.actions.githubusercontent.com';
|
|
19
18
|
/**
|
|
20
19
|
* Builds an SLSA (Supply Chain Levels for Software Artifacts) provenance
|
|
@@ -50,7 +49,8 @@ const buildSLSAProvenancePredicate = (issuer = DEFAULT_ISSUER) => __awaiter(void
|
|
|
50
49
|
github: {
|
|
51
50
|
event_name: claims.event_name,
|
|
52
51
|
repository_id: claims.repository_id,
|
|
53
|
-
repository_owner_id: claims.repository_owner_id
|
|
52
|
+
repository_owner_id: claims.repository_owner_id,
|
|
53
|
+
runner_environment: claims.runner_environment
|
|
54
54
|
}
|
|
55
55
|
},
|
|
56
56
|
resolvedDependencies: [
|
|
@@ -64,7 +64,7 @@ const buildSLSAProvenancePredicate = (issuer = DEFAULT_ISSUER) => __awaiter(void
|
|
|
64
64
|
},
|
|
65
65
|
runDetails: {
|
|
66
66
|
builder: {
|
|
67
|
-
id: `${
|
|
67
|
+
id: `${serverURL}/${claims.job_workflow_ref}`
|
|
68
68
|
},
|
|
69
69
|
metadata: {
|
|
70
70
|
invocationId: `${serverURL}/${claims.repository}/actions/runs/${claims.run_id}/attempts/${claims.run_attempt}`
|
package/lib/provenance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;
|
|
1
|
+
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAE5E,MAAM,cAAc,GAAG,6CAA6C,CAAA;AASpE;;;;;;;;GAQG;AACI,MAAM,4BAA4B,GAAG,CAC1C,SAAiB,cAAc,EACX,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,YAAY;SACpD,OAAO,CAAC,GAAG,MAAM,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;SACpC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEb,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE;YACN,eAAe,EAAE;gBACf,SAAS,EAAE,iBAAiB;gBAC5B,kBAAkB,EAAE;oBAClB,QAAQ,EAAE;wBACR,GAAG,EAAE,WAAW;wBAChB,UAAU,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;wBAC/C,IAAI,EAAE,YAAY;qBACnB;iBACF;gBACD,kBAAkB,EAAE;oBAClB,MAAM,EAAE;wBACN,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;wBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;wBAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;qBAC9C;iBACF;gBACD,oBAAoB,EAAE;oBACpB;wBACE,GAAG,EAAE,OAAO,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG,EAAE;wBAC1D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,GAAG;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,EAAE,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,gBAAgB,EAAE;iBAC9C;gBACD,QAAQ,EAAE;oBACR,YAAY,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,iBAAiB,MAAM,CAAC,MAAM,aAAa,MAAM,CAAC,WAAW,EAAE;iBAC/G;aACF;SACF;KACF,CAAA;AACH,CAAC,CAAA,CAAA;AApDY,QAAA,4BAA4B,gCAoDxC;AAED;;;;;;;GAOG;AACH,SAAsB,gBAAgB,CACpC,OAAgC;;QAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,oCAA4B,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpE,OAAO,IAAA,eAAM,kCACR,OAAO,KACV,aAAa,EAAE,SAAS,CAAC,IAAI,EAC7B,SAAS,EAAE,SAAS,CAAC,MAAM,IAC3B,CAAA;IACJ,CAAC;CAAA;AATD,4CASC"}
|
package/lib/sign.js
CHANGED
package/lib/sign.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,SAAS,EAAE,MAAM;YACjB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,IAAI,EAAC,CAAC,CAAA;AAC5E,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,SAAS,EAAE,MAAM;YACjB,eAAe,EAAE,IAAI;YACrB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,IAAI,EAAC,CAAC,CAAA;AAC5E,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@actions/attest",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"description": "Actions attestation lib",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"github",
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
"url": "https://github.com/actions/toolkit/issues"
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
|
-
"@sigstore/mock": "^0.
|
|
38
|
+
"@sigstore/mock": "^0.7.4",
|
|
39
39
|
"@sigstore/rekor-types": "^2.0.0",
|
|
40
40
|
"@types/jsonwebtoken": "^9.0.6",
|
|
41
41
|
"jose": "^5.2.3",
|
|
@@ -47,8 +47,8 @@
|
|
|
47
47
|
"@actions/github": "^6.0.0",
|
|
48
48
|
"@actions/http-client": "^2.2.1",
|
|
49
49
|
"@octokit/plugin-retry": "^6.0.1",
|
|
50
|
-
"@sigstore/bundle": "^2.3.
|
|
51
|
-
"@sigstore/sign": "^2.3.
|
|
50
|
+
"@sigstore/bundle": "^2.3.2",
|
|
51
|
+
"@sigstore/sign": "^2.3.2",
|
|
52
52
|
"jsonwebtoken": "^9.0.2",
|
|
53
53
|
"jwks-rsa": "^3.1.0"
|
|
54
54
|
},
|