@actions/attest 1.4.2 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -13
- package/lib/attest.d.ts +10 -3
- package/lib/attest.js +11 -5
- package/lib/attest.js.map +1 -1
- package/lib/intoto.d.ts +1 -1
- package/lib/intoto.js +2 -2
- package/lib/intoto.js.map +1 -1
- package/lib/provenance.js +2 -2
- package/lib/provenance.js.map +1 -1
- package/lib/sign.js +1 -2
- package/lib/sign.js.map +1 -1
- package/package.json +7 -7
package/README.md
CHANGED
|
@@ -32,8 +32,7 @@ async function run() {
|
|
|
32
32
|
const ghToken = core.getInput('gh-token');
|
|
33
33
|
|
|
34
34
|
const attestation = await attest({
|
|
35
|
-
|
|
36
|
-
subjectDigest: { 'sha256': '36ab4667...'},
|
|
35
|
+
subjects: [{name: 'my-artifact-name', digest: { 'sha256': '36ab4667...'}}],
|
|
37
36
|
predicateType: 'https://in-toto.io/attestation/release',
|
|
38
37
|
predicate: { . . . },
|
|
39
38
|
token: ghToken
|
|
@@ -49,11 +48,12 @@ The `attest` function supports the following options:
|
|
|
49
48
|
|
|
50
49
|
```typescript
|
|
51
50
|
export type AttestOptions = {
|
|
52
|
-
//
|
|
53
|
-
subjectName
|
|
54
|
-
//
|
|
55
|
-
|
|
56
|
-
|
|
51
|
+
// Deprecated. Use 'subjects' instead.
|
|
52
|
+
subjectName?: string
|
|
53
|
+
// Deprecated. Use 'subjects' instead.
|
|
54
|
+
subjectDigest?: Record<string, string>
|
|
55
|
+
// Collection of subjects to be attested
|
|
56
|
+
subjects?: Subject[]
|
|
57
57
|
// URI identifying the content type of the predicate being attested.
|
|
58
58
|
predicateType: string
|
|
59
59
|
// Predicate to be attested.
|
|
@@ -68,6 +68,13 @@ export type AttestOptions = {
|
|
|
68
68
|
// Whether to skip writing the attestation to the GH attestations API.
|
|
69
69
|
skipWrite?: boolean
|
|
70
70
|
}
|
|
71
|
+
|
|
72
|
+
export type Subject = {
|
|
73
|
+
// Name of the subject.
|
|
74
|
+
name: string
|
|
75
|
+
// Digests of the subject. Should be a map of digest algorithms to their hex-encoded values.
|
|
76
|
+
digest: Record<string, string>
|
|
77
|
+
}
|
|
71
78
|
```
|
|
72
79
|
|
|
73
80
|
### `attestProvenance`
|
|
@@ -105,12 +112,13 @@ The `attestProvenance` function supports the following options:
|
|
|
105
112
|
|
|
106
113
|
```typescript
|
|
107
114
|
export type AttestProvenanceOptions = {
|
|
108
|
-
//
|
|
109
|
-
subjectName
|
|
110
|
-
//
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
115
|
+
// Deprecated. Use 'subjects' instead.
|
|
116
|
+
subjectName?: string
|
|
117
|
+
// Deprecated. Use 'subjects' instead.
|
|
118
|
+
subjectDigest?: Record<string, string>
|
|
119
|
+
// Collection of subjects to be attested
|
|
120
|
+
subjects?: Subject[]
|
|
121
|
+
// URI identifying the content type of the predicate being attested.
|
|
114
122
|
token: string
|
|
115
123
|
// Sigstore instance to use for signing. Must be one of "public-good" or
|
|
116
124
|
// "github".
|
package/lib/attest.d.ts
CHANGED
|
@@ -1,11 +1,18 @@
|
|
|
1
1
|
import { SigstoreInstance } from './endpoints';
|
|
2
|
-
import type { Attestation } from './shared.types';
|
|
2
|
+
import type { Attestation, Subject } from './shared.types';
|
|
3
3
|
/**
|
|
4
4
|
* Options for attesting a subject / predicate.
|
|
5
5
|
*/
|
|
6
6
|
export type AttestOptions = {
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
/**
|
|
8
|
+
* @deprecated Use `subjects` instead.
|
|
9
|
+
**/
|
|
10
|
+
subjectName?: string;
|
|
11
|
+
/**
|
|
12
|
+
* @deprecated Use `subjects` instead.
|
|
13
|
+
**/
|
|
14
|
+
subjectDigest?: Record<string, string>;
|
|
15
|
+
subjects?: Subject[];
|
|
9
16
|
predicateType: string;
|
|
10
17
|
predicate: object;
|
|
11
18
|
token: string;
|
package/lib/attest.js
CHANGED
|
@@ -26,15 +26,21 @@ const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json';
|
|
|
26
26
|
*/
|
|
27
27
|
function attest(options) {
|
|
28
28
|
return __awaiter(this, void 0, void 0, function* () {
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
}
|
|
29
|
+
let subjects;
|
|
30
|
+
if (options.subjects) {
|
|
31
|
+
subjects = options.subjects;
|
|
32
|
+
}
|
|
33
|
+
else if (options.subjectName && options.subjectDigest) {
|
|
34
|
+
subjects = [{ name: options.subjectName, digest: options.subjectDigest }];
|
|
35
|
+
}
|
|
36
|
+
else {
|
|
37
|
+
throw new Error('Must provide either subjectName and subjectDigest or subjects');
|
|
38
|
+
}
|
|
33
39
|
const predicate = {
|
|
34
40
|
type: options.predicateType,
|
|
35
41
|
params: options.predicate
|
|
36
42
|
};
|
|
37
|
-
const statement = (0, intoto_1.buildIntotoStatement)(
|
|
43
|
+
const statement = (0, intoto_1.buildIntotoStatement)(subjects, predicate);
|
|
38
44
|
// Sign the provenance statement
|
|
39
45
|
const payload = {
|
|
40
46
|
body: Buffer.from(JSON.stringify(statement)),
|
package/lib/attest.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA6C;AAC7C,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAKxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;
|
|
1
|
+
{"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA6C;AAC7C,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAKxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;AA+B1D;;;;;;GAMG;AACH,SAAsB,MAAM,CAAC,OAAsB;;QACjD,IAAI,QAAmB,CAAA;QAEvB,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;SAC5B;aAAM,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,aAAa,EAAE;YACvD,QAAQ,GAAG,CAAC,EAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,aAAa,EAAC,CAAC,CAAA;SACxE;aAAM;YACL,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAA;SACF;QAED,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,OAAO,CAAC,aAAa;YAC3B,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAA;QAED,MAAM,SAAS,GAAG,IAAA,6BAAoB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAE3D,gCAAgC;QAChC,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,EAAE,mBAAmB;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,4BAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAW,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAEpD,wBAAwB;QACxB,IAAI,aAAiC,CAAA;QACrC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE;YAC9B,aAAa,GAAG,MAAM,IAAA,wBAAgB,EACpC,IAAA,qBAAY,EAAC,MAAM,CAAC,EACpB,OAAO,CAAC,KAAK,EACb,EAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAC,CAC3B,CAAA;SACF;QAED,OAAO,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC7C,CAAC;CAAA;AAvCD,wBAuCC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,aAAsB;IAC3D,IAAI,SAAiB,CAAA;IACrB,QAAQ,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAK,EAAE;QACjD,KAAK,sBAAsB;YACzB,SAAS;gBACP,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC;qBACrE,QAAQ,CAAA;YACb,MAAK;QACP,KAAK,aAAa;YAChB,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAA;YACpE,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;KAC7D;IAED,MAAM,WAAW,GAAG,IAAI,wBAAe,CAAC,SAAS,CAAC,CAAA;IAElD,2CAA2C;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAA;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,OAAO;QACL,MAAM,EAAE,IAAA,qBAAY,EAAC,MAAM,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE;QACnC,MAAM;QACN,aAAa;KACd,CAAA;AACH,CAAC"}
|
package/lib/intoto.d.ts
CHANGED
|
@@ -15,4 +15,4 @@ export type InTotoStatement = {
|
|
|
15
15
|
* @param predicate - The predicate of the statement.
|
|
16
16
|
* @returns The constructed in-toto statement.
|
|
17
17
|
*/
|
|
18
|
-
export declare const buildIntotoStatement: (
|
|
18
|
+
export declare const buildIntotoStatement: (subjects: Subject[], predicate: Predicate) => InTotoStatement;
|
package/lib/intoto.js
CHANGED
|
@@ -8,10 +8,10 @@ const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1';
|
|
|
8
8
|
* @param predicate - The predicate of the statement.
|
|
9
9
|
* @returns The constructed in-toto statement.
|
|
10
10
|
*/
|
|
11
|
-
const buildIntotoStatement = (
|
|
11
|
+
const buildIntotoStatement = (subjects, predicate) => {
|
|
12
12
|
return {
|
|
13
13
|
_type: INTOTO_STATEMENT_V1_TYPE,
|
|
14
|
-
subject:
|
|
14
|
+
subject: subjects,
|
|
15
15
|
predicateType: predicate.type,
|
|
16
16
|
predicate: predicate.params
|
|
17
17
|
};
|
package/lib/intoto.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"intoto.js","sourceRoot":"","sources":["../src/intoto.ts"],"names":[],"mappings":";;;AAEA,MAAM,wBAAwB,GAAG,iCAAiC,CAAA;AAalE;;;;;GAKG;AACI,MAAM,oBAAoB,GAAG,CAClC,
|
|
1
|
+
{"version":3,"file":"intoto.js","sourceRoot":"","sources":["../src/intoto.ts"],"names":[],"mappings":";;;AAEA,MAAM,wBAAwB,GAAG,iCAAiC,CAAA;AAalE;;;;;GAKG;AACI,MAAM,oBAAoB,GAAG,CAClC,QAAmB,EACnB,SAAoB,EACH,EAAE;IACnB,OAAO;QACL,KAAK,EAAE,wBAAwB;QAC/B,OAAO,EAAE,QAAQ;QACjB,aAAa,EAAE,SAAS,CAAC,IAAI;QAC7B,SAAS,EAAE,SAAS,CAAC,MAAM;KAC5B,CAAA;AACH,CAAC,CAAA;AAVY,QAAA,oBAAoB,wBAUhC"}
|
package/lib/provenance.js
CHANGED
|
@@ -29,7 +29,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
|
|
|
29
29
|
// Split just the path and ref from the workflow string.
|
|
30
30
|
// owner/repo/.github/workflows/main.yml@main =>
|
|
31
31
|
// .github/workflows/main.yml, main
|
|
32
|
-
const [workflowPath
|
|
32
|
+
const [workflowPath] = claims.workflow_ref
|
|
33
33
|
.replace(`${claims.repository}/`, '')
|
|
34
34
|
.split('@');
|
|
35
35
|
return {
|
|
@@ -39,7 +39,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
|
|
|
39
39
|
buildType: GITHUB_BUILD_TYPE,
|
|
40
40
|
externalParameters: {
|
|
41
41
|
workflow: {
|
|
42
|
-
ref:
|
|
42
|
+
ref: claims.ref,
|
|
43
43
|
repository: `${serverURL}/${claims.repository}`,
|
|
44
44
|
path: workflowPath
|
|
45
45
|
}
|
package/lib/provenance.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAS5E;;;;;;;;GAQG;AACI,MAAM,4BAA4B,GAAG,CAC1C,MAAe,EACK,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,
|
|
1
|
+
{"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAS5E;;;;;;;;GAQG;AACI,MAAM,4BAA4B,GAAG,CAC1C,MAAe,EACK,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC,YAAY;SACvC,OAAO,CAAC,GAAG,MAAM,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;SACpC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEb,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE;YACN,eAAe,EAAE;gBACf,SAAS,EAAE,iBAAiB;gBAC5B,kBAAkB,EAAE;oBAClB,QAAQ,EAAE;wBACR,GAAG,EAAE,MAAM,CAAC,GAAG;wBACf,UAAU,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;wBAC/C,IAAI,EAAE,YAAY;qBACnB;iBACF;gBACD,kBAAkB,EAAE;oBAClB,MAAM,EAAE;wBACN,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;wBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;wBAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;qBAC9C;iBACF;gBACD,oBAAoB,EAAE;oBACpB;wBACE,GAAG,EAAE,OAAO,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG,EAAE;wBAC1D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,GAAG;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,EAAE,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,gBAAgB,EAAE;iBAC9C;gBACD,QAAQ,EAAE;oBACR,YAAY,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,iBAAiB,MAAM,CAAC,MAAM,aAAa,MAAM,CAAC,WAAW,EAAE;iBAC/G;aACF;SACF;KACF,CAAA;AACH,CAAC,CAAA,CAAA;AApDY,QAAA,4BAA4B,gCAoDxC;AAED;;;;;;;GAOG;AACH,SAAsB,gBAAgB,CACpC,OAAgC;;QAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,oCAA4B,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpE,OAAO,IAAA,eAAM,kCACR,OAAO,KACV,aAAa,EAAE,SAAS,CAAC,IAAI,EAC7B,SAAS,EAAE,SAAS,CAAC,MAAM,IAC3B,CAAA;IACJ,CAAC;CAAA;AATD,4CASC"}
|
package/lib/sign.js
CHANGED
|
@@ -45,7 +45,6 @@ const initBundleBuilder = (opts) => {
|
|
|
45
45
|
if (opts.rekorURL) {
|
|
46
46
|
witnesses.push(new sign_1.RekorWitness({
|
|
47
47
|
rekorBaseURL: opts.rekorURL,
|
|
48
|
-
entryType: 'dsse',
|
|
49
48
|
fetchOnConflict: true,
|
|
50
49
|
timeout,
|
|
51
50
|
retry
|
|
@@ -60,6 +59,6 @@ const initBundleBuilder = (opts) => {
|
|
|
60
59
|
}
|
|
61
60
|
// Build the bundle with the singleCertificate option which will
|
|
62
61
|
// trigger the creation of v0.3 DSSE bundles
|
|
63
|
-
return new sign_1.DSSEBundleBuilder({ signer, witnesses
|
|
62
|
+
return new sign_1.DSSEBundleBuilder({ signer, witnesses });
|
|
64
63
|
};
|
|
65
64
|
//# sourceMappingURL=sign.js.map
|
package/lib/sign.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,
|
|
1
|
+
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE;QACjB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,eAAe,EAAE,IAAI;YACrB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,IAAI,IAAI,CAAC,YAAY,EAAE;QACrB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;KACF;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAC,CAAC,CAAA;AACnD,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@actions/attest",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.6.0",
|
|
4
4
|
"description": "Actions attestation lib",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"github",
|
|
@@ -35,19 +35,19 @@
|
|
|
35
35
|
"url": "https://github.com/actions/toolkit/issues"
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
|
-
"@sigstore/mock": "^0.
|
|
39
|
-
"@sigstore/rekor-types": "^
|
|
38
|
+
"@sigstore/mock": "^0.8.0",
|
|
39
|
+
"@sigstore/rekor-types": "^3.0.0",
|
|
40
40
|
"@types/jsonwebtoken": "^9.0.6",
|
|
41
41
|
"nock": "^13.5.1",
|
|
42
|
-
"undici": "^5.28.
|
|
42
|
+
"undici": "^5.28.5"
|
|
43
43
|
},
|
|
44
44
|
"dependencies": {
|
|
45
|
-
"@actions/core": "^1.
|
|
45
|
+
"@actions/core": "^1.11.1",
|
|
46
46
|
"@actions/github": "^6.0.0",
|
|
47
47
|
"@actions/http-client": "^2.2.3",
|
|
48
48
|
"@octokit/plugin-retry": "^6.0.1",
|
|
49
|
-
"@sigstore/bundle": "^
|
|
50
|
-
"@sigstore/sign": "^
|
|
49
|
+
"@sigstore/bundle": "^3.0.0",
|
|
50
|
+
"@sigstore/sign": "^3.0.0",
|
|
51
51
|
"jose": "^5.2.3"
|
|
52
52
|
},
|
|
53
53
|
"overrides": {
|