@actions/attest 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/lib/attest.d.ts +3 -0
- package/lib/attest.js +1 -1
- package/lib/attest.js.map +1 -1
- package/lib/oidc.d.ts +1 -1
- package/lib/oidc.js +36 -40
- package/lib/oidc.js.map +1 -1
- package/lib/provenance.js +1 -2
- package/lib/provenance.js.map +1 -1
- package/lib/store.d.ts +2 -0
- package/lib/store.js +1 -0
- package/lib/store.js.map +1 -1
- package/package.json +2 -4
package/README.md
CHANGED
|
@@ -63,6 +63,8 @@ export type AttestOptions = {
|
|
|
63
63
|
// Sigstore instance to use for signing. Must be one of "public-good" or
|
|
64
64
|
// "github".
|
|
65
65
|
sigstore?: 'public-good' | 'github'
|
|
66
|
+
// HTTP headers to include in request to attestations API.
|
|
67
|
+
headers?: {[header: string]: string | number | undefined}
|
|
66
68
|
// Whether to skip writing the attestation to the GH attestations API.
|
|
67
69
|
skipWrite?: boolean
|
|
68
70
|
}
|
|
@@ -113,6 +115,8 @@ export type AttestProvenanceOptions = {
|
|
|
113
115
|
// Sigstore instance to use for signing. Must be one of "public-good" or
|
|
114
116
|
// "github".
|
|
115
117
|
sigstore?: 'public-good' | 'github'
|
|
118
|
+
// HTTP headers to include in request to attestations API.
|
|
119
|
+
headers?: {[header: string]: string | number | undefined}
|
|
116
120
|
// Whether to skip writing the attestation to the GH attestations API.
|
|
117
121
|
skipWrite?: boolean
|
|
118
122
|
// Issuer URL responsible for minting the OIDC token from which the
|
package/lib/attest.d.ts
CHANGED
package/lib/attest.js
CHANGED
|
@@ -45,7 +45,7 @@ function attest(options) {
|
|
|
45
45
|
// Store the attestation
|
|
46
46
|
let attestationID;
|
|
47
47
|
if (options.skipWrite !== true) {
|
|
48
|
-
attestationID = yield (0, store_1.writeAttestation)((0, bundle_1.bundleToJSON)(bundle), options.token);
|
|
48
|
+
attestationID = yield (0, store_1.writeAttestation)((0, bundle_1.bundleToJSON)(bundle), options.token, { headers: options.headers });
|
|
49
49
|
}
|
|
50
50
|
return toAttestation(bundle, attestationID);
|
|
51
51
|
});
|
package/lib/attest.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA6C;AAC7C,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAKxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;
|
|
1
|
+
{"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA6C;AAC7C,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAKxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;AA0B1D;;;;;;GAMG;AACH,SAAsB,MAAM,CAAC,OAAsB;;QACjD,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,MAAM,EAAE,OAAO,CAAC,aAAa;SAC9B,CAAA;QACD,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,OAAO,CAAC,aAAa;YAC3B,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,6BAAoB,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAE1D,gCAAgC;QAChC,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,EAAE,mBAAmB;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,4BAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAW,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAEpD,wBAAwB;QACxB,IAAI,aAAiC,CAAA;QACrC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE;YAC9B,aAAa,GAAG,MAAM,IAAA,wBAAgB,EACpC,IAAA,qBAAY,EAAC,MAAM,CAAC,EACpB,OAAO,CAAC,KAAK,EACb,EAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAC,CAC3B,CAAA;SACF;QAED,OAAO,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC7C,CAAC;CAAA;AA9BD,wBA8BC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,aAAsB;IAC3D,IAAI,SAAiB,CAAA;IACrB,QAAQ,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAK,EAAE;QACjD,KAAK,sBAAsB;YACzB,SAAS;gBACP,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC;qBACrE,QAAQ,CAAA;YACb,MAAK;QACP,KAAK,aAAa;YAChB,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAA;YACpE,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;KAC7D;IAED,MAAM,WAAW,GAAG,IAAI,wBAAe,CAAC,SAAS,CAAC,CAAA;IAElD,2CAA2C;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAA;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,OAAO;QACL,MAAM,EAAE,IAAA,qBAAY,EAAC,MAAM,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE;QACnC,MAAM;QACN,aAAa;KACd,CAAA;AACH,CAAC"}
|
package/lib/oidc.d.ts
CHANGED
|
@@ -2,5 +2,5 @@ declare const REQUIRED_CLAIMS: readonly ["iss", "ref", "sha", "repository", "eve
|
|
|
2
2
|
export type ClaimSet = {
|
|
3
3
|
[K in (typeof REQUIRED_CLAIMS)[number]]: string;
|
|
4
4
|
};
|
|
5
|
-
export declare const getIDTokenClaims: (issuer
|
|
5
|
+
export declare const getIDTokenClaims: (issuer?: string) => Promise<ClaimSet>;
|
|
6
6
|
export {};
|
package/lib/oidc.js
CHANGED
|
@@ -31,16 +31,16 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
31
31
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
32
|
});
|
|
33
33
|
};
|
|
34
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
35
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
|
-
};
|
|
37
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
35
|
exports.getIDTokenClaims = void 0;
|
|
39
36
|
const core_1 = require("@actions/core");
|
|
40
37
|
const http_client_1 = require("@actions/http-client");
|
|
41
|
-
const
|
|
42
|
-
const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
|
|
38
|
+
const jose = __importStar(require("jose"));
|
|
43
39
|
const OIDC_AUDIENCE = 'nobody';
|
|
40
|
+
const VALID_SERVER_URLS = [
|
|
41
|
+
'https://github.com',
|
|
42
|
+
new RegExp('^https://[a-z0-9-]+\\.ghe\\.com$')
|
|
43
|
+
];
|
|
44
44
|
const REQUIRED_CLAIMS = [
|
|
45
45
|
'iss',
|
|
46
46
|
'ref',
|
|
@@ -56,6 +56,7 @@ const REQUIRED_CLAIMS = [
|
|
|
56
56
|
'run_attempt'
|
|
57
57
|
];
|
|
58
58
|
const getIDTokenClaims = (issuer) => __awaiter(void 0, void 0, void 0, function* () {
|
|
59
|
+
issuer = issuer || getIssuer();
|
|
59
60
|
try {
|
|
60
61
|
const token = yield (0, core_1.getIDToken)(OIDC_AUDIENCE);
|
|
61
62
|
const claims = yield decodeOIDCToken(token, issuer);
|
|
@@ -69,43 +70,25 @@ const getIDTokenClaims = (issuer) => __awaiter(void 0, void 0, void 0, function*
|
|
|
69
70
|
exports.getIDTokenClaims = getIDTokenClaims;
|
|
70
71
|
const decodeOIDCToken = (token, issuer) => __awaiter(void 0, void 0, void 0, function* () {
|
|
71
72
|
// Verify and decode token
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
}
|
|
77
|
-
else if (!decoded || typeof decoded === 'string') {
|
|
78
|
-
reject(new Error('No decoded token'));
|
|
79
|
-
}
|
|
80
|
-
else {
|
|
81
|
-
resolve(decoded);
|
|
82
|
-
}
|
|
83
|
-
});
|
|
73
|
+
const jwks = jose.createLocalJWKSet(yield getJWKS(issuer));
|
|
74
|
+
const { payload } = yield jose.jwtVerify(token, jwks, {
|
|
75
|
+
audience: OIDC_AUDIENCE,
|
|
76
|
+
issuer
|
|
84
77
|
});
|
|
78
|
+
return payload;
|
|
79
|
+
});
|
|
80
|
+
const getJWKS = (issuer) => __awaiter(void 0, void 0, void 0, function* () {
|
|
81
|
+
const client = new http_client_1.HttpClient('@actions/attest');
|
|
82
|
+
const config = yield client.getJson(`${issuer}/.well-known/openid-configuration`);
|
|
83
|
+
if (!config.result) {
|
|
84
|
+
throw new Error('No OpenID configuration found');
|
|
85
|
+
}
|
|
86
|
+
const jwks = yield client.getJson(config.result.jwks_uri);
|
|
87
|
+
if (!jwks.result) {
|
|
88
|
+
throw new Error('No JWKS found for issuer');
|
|
89
|
+
}
|
|
90
|
+
return jwks.result;
|
|
85
91
|
});
|
|
86
|
-
// Returns a callback to locate the public key for the given JWT header. This
|
|
87
|
-
// involves two calls:
|
|
88
|
-
// 1. Fetch the OpenID configuration to get the JWKS URI.
|
|
89
|
-
// 2. Fetch the public key from the JWKS URI.
|
|
90
|
-
const getPublicKey = (issuer) => (header, callback) => {
|
|
91
|
-
// Look up the JWKS URI from the issuer's OpenID configuration
|
|
92
|
-
new http_client_1.HttpClient('actions/attest')
|
|
93
|
-
.getJson(`${issuer}/.well-known/openid-configuration`)
|
|
94
|
-
.then(data => {
|
|
95
|
-
if (!data.result) {
|
|
96
|
-
callback(new Error('No OpenID configuration found'));
|
|
97
|
-
}
|
|
98
|
-
else {
|
|
99
|
-
// Fetch the public key from the JWKS URI
|
|
100
|
-
(0, jwks_rsa_1.default)({ jwksUri: data.result.jwks_uri }).getSigningKey(header.kid, (err, key) => {
|
|
101
|
-
callback(err, key === null || key === void 0 ? void 0 : key.getPublicKey());
|
|
102
|
-
});
|
|
103
|
-
}
|
|
104
|
-
})
|
|
105
|
-
.catch(err => {
|
|
106
|
-
callback(err);
|
|
107
|
-
});
|
|
108
|
-
};
|
|
109
92
|
function assertClaimSet(claims) {
|
|
110
93
|
const missingClaims = [];
|
|
111
94
|
for (const claim of REQUIRED_CLAIMS) {
|
|
@@ -117,4 +100,17 @@ function assertClaimSet(claims) {
|
|
|
117
100
|
throw new Error(`Missing claims: ${missingClaims.join(', ')}`);
|
|
118
101
|
}
|
|
119
102
|
}
|
|
103
|
+
// Derive the current OIDC issuer based on the server URL
|
|
104
|
+
function getIssuer() {
|
|
105
|
+
const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com';
|
|
106
|
+
// Ensure the server URL is a valid GitHub server URL
|
|
107
|
+
if (!VALID_SERVER_URLS.some(valid_url => serverURL.match(valid_url))) {
|
|
108
|
+
throw new Error(`Invalid server URL: ${serverURL}`);
|
|
109
|
+
}
|
|
110
|
+
let host = new URL(serverURL).hostname;
|
|
111
|
+
if (host === 'github.com') {
|
|
112
|
+
host = 'githubusercontent.com';
|
|
113
|
+
}
|
|
114
|
+
return `https://token.actions.${host}`;
|
|
115
|
+
}
|
|
120
116
|
//# sourceMappingURL=oidc.js.map
|
package/lib/oidc.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAwC;AACxC,sDAA+C;AAC/C,2CAA4B;AAE5B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,iBAAiB,GAAG;IACxB,oBAAoB;IACpB,IAAI,MAAM,CAAC,kCAAkC,CAAC;CACtC,CAAA;AAEV,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQH,MAAM,gBAAgB,GAAG,CAAO,MAAe,EAAqB,EAAE;IAC3E,MAAM,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAC9B,IAAI;QACF,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;KACd;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;KAC5D;AACH,CAAC,CAAA,CAAA;AAVY,QAAA,gBAAgB,oBAU5B;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACY,EAAE;IAC5B,0BAA0B;IAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,CAAA;IAC1D,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;QAClD,QAAQ,EAAE,aAAa;QACvB,MAAM;KACP,CAAC,CAAA;IAEF,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA,CAAA;AAED,MAAM,OAAO,GAAG,CAAO,MAAc,EAA+B,EAAE;IACpE,MAAM,MAAM,GAAG,IAAI,wBAAU,CAAC,iBAAiB,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CACjC,GAAG,MAAM,mCAAmC,CAC7C,CAAA;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;KACjD;IAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAqB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAE7E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;KAC5C;IAED,OAAO,IAAI,CAAC,MAAM,CAAA;AACpB,CAAC,CAAA,CAAA;AAED,SAAS,cAAc,CAAC,MAAuB;IAC7C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE;QACnC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE;YACtB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;SAC1B;KACF;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;KAC/D;AACH,CAAC;AAED,yDAAyD;AACzD,SAAS,SAAS;IAChB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IAEvE,qDAAqD;IACrD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE;QACpE,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,EAAE,CAAC,CAAA;KACpD;IAED,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE;QACzB,IAAI,GAAG,uBAAuB,CAAA;KAC/B;IAED,OAAO,yBAAyB,IAAI,EAAE,CAAA;AACxC,CAAC"}
|
package/lib/provenance.js
CHANGED
|
@@ -14,7 +14,6 @@ const attest_1 = require("./attest");
|
|
|
14
14
|
const oidc_1 = require("./oidc");
|
|
15
15
|
const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1';
|
|
16
16
|
const GITHUB_BUILD_TYPE = 'https://actions.github.io/buildtypes/workflow/v1';
|
|
17
|
-
const DEFAULT_ISSUER = 'https://token.actions.githubusercontent.com';
|
|
18
17
|
/**
|
|
19
18
|
* Builds an SLSA (Supply Chain Levels for Software Artifacts) provenance
|
|
20
19
|
* predicate using the GitHub Actions Workflow build type.
|
|
@@ -24,7 +23,7 @@ const DEFAULT_ISSUER = 'https://token.actions.githubusercontent.com';
|
|
|
24
23
|
* issuer.
|
|
25
24
|
* @returns The SLSA provenance predicate.
|
|
26
25
|
*/
|
|
27
|
-
const buildSLSAProvenancePredicate = (issuer
|
|
26
|
+
const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void 0, function* () {
|
|
28
27
|
const serverURL = process.env.GITHUB_SERVER_URL;
|
|
29
28
|
const claims = yield (0, oidc_1.getIDTokenClaims)(issuer);
|
|
30
29
|
// Split just the path and ref from the workflow string.
|
package/lib/provenance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;
|
|
1
|
+
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAS5E;;;;;;;;GAQG;AACI,MAAM,4BAA4B,GAAG,CAC1C,MAAe,EACK,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,YAAY;SACpD,OAAO,CAAC,GAAG,MAAM,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;SACpC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEb,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE;YACN,eAAe,EAAE;gBACf,SAAS,EAAE,iBAAiB;gBAC5B,kBAAkB,EAAE;oBAClB,QAAQ,EAAE;wBACR,GAAG,EAAE,WAAW;wBAChB,UAAU,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;wBAC/C,IAAI,EAAE,YAAY;qBACnB;iBACF;gBACD,kBAAkB,EAAE;oBAClB,MAAM,EAAE;wBACN,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;wBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;wBAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;qBAC9C;iBACF;gBACD,oBAAoB,EAAE;oBACpB;wBACE,GAAG,EAAE,OAAO,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG,EAAE;wBAC1D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,GAAG;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,EAAE,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,gBAAgB,EAAE;iBAC9C;gBACD,QAAQ,EAAE;oBACR,YAAY,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,iBAAiB,MAAM,CAAC,MAAM,aAAa,MAAM,CAAC,WAAW,EAAE;iBAC/G;aACF;SACF;KACF,CAAA;AACH,CAAC,CAAA,CAAA;AApDY,QAAA,4BAA4B,gCAoDxC;AAED;;;;;;;GAOG;AACH,SAAsB,gBAAgB,CACpC,OAAgC;;QAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,oCAA4B,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpE,OAAO,IAAA,eAAM,kCACR,OAAO,KACV,aAAa,EAAE,SAAS,CAAC,IAAI,EAC7B,SAAS,EAAE,SAAS,CAAC,MAAM,IAC3B,CAAA;IACJ,CAAC;CAAA;AATD,4CASC"}
|
package/lib/store.d.ts
CHANGED
package/lib/store.js
CHANGED
|
@@ -52,6 +52,7 @@ const writeAttestation = (attestation, token, options = {}) => __awaiter(void 0,
|
|
|
52
52
|
const response = yield octokit.request(CREATE_ATTESTATION_REQUEST, {
|
|
53
53
|
owner: github.context.repo.owner,
|
|
54
54
|
repo: github.context.repo.repo,
|
|
55
|
+
headers: options.headers,
|
|
55
56
|
data: { bundle: attestation }
|
|
56
57
|
});
|
|
57
58
|
const data = typeof response.data == 'string'
|
package/lib/store.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AACzC,wDAA2C;
|
|
1
|
+
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AACzC,wDAA2C;AAG3C,MAAM,0BAA0B,GAAG,yCAAyC,CAAA;AAC5E,MAAM,mBAAmB,GAAG,CAAC,CAAA;AAM7B;;;;;;GAMG;AACI,MAAM,gBAAgB,GAAG,CAC9B,WAAoB,EACpB,KAAa,EACb,UAAwB,EAAE,EACT,EAAE;;IACnB,MAAM,OAAO,GAAG,MAAA,OAAO,CAAC,KAAK,mCAAI,mBAAmB,CAAA;IACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,EAAC,OAAO,EAAC,EAAC,EAAE,oBAAK,CAAC,CAAA;IAEnE,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;YAChC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,EAAC,MAAM,EAAE,WAAW,EAAC;SAC5B,CAAC,CAAA;QAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;YAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;QACnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE,CAAA;KAChB;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;QACxD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAA;KAC7D;AACH,CAAC,CAAA,CAAA;AAzBY,QAAA,gBAAgB,oBAyB5B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@actions/attest",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0",
|
|
4
4
|
"description": "Actions attestation lib",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"github",
|
|
@@ -38,7 +38,6 @@
|
|
|
38
38
|
"@sigstore/mock": "^0.7.4",
|
|
39
39
|
"@sigstore/rekor-types": "^2.0.0",
|
|
40
40
|
"@types/jsonwebtoken": "^9.0.6",
|
|
41
|
-
"jose": "^5.2.3",
|
|
42
41
|
"nock": "^13.5.1",
|
|
43
42
|
"undici": "^5.28.4"
|
|
44
43
|
},
|
|
@@ -49,8 +48,7 @@
|
|
|
49
48
|
"@octokit/plugin-retry": "^6.0.1",
|
|
50
49
|
"@sigstore/bundle": "^2.3.2",
|
|
51
50
|
"@sigstore/sign": "^2.3.2",
|
|
52
|
-
"
|
|
53
|
-
"jwks-rsa": "^3.1.0"
|
|
51
|
+
"jose": "^5.2.3"
|
|
54
52
|
},
|
|
55
53
|
"overrides": {
|
|
56
54
|
"@octokit/plugin-retry": {
|