npm - pepr - Versions diffs - 0.46.2 → 0.46.3-nightly.1 - Mend

pepr 0.46.2 → 0.46.3-nightly.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (286) hide show

package/dist/cli/banner.d.ts.map +1 -0
package/dist/cli/build.d.ts.map +1 -0
package/dist/cli/build.helpers.d.ts.map +1 -0
package/dist/cli/deploy.d.ts.map +1 -0
package/dist/cli/dev.d.ts.map +1 -0
package/dist/cli/format.d.ts.map +1 -0
package/dist/cli/format.helpers.d.ts.map +1 -0
package/dist/cli/init/enums.d.ts.map +1 -0
package/dist/cli/init/index.d.ts.map +1 -0
package/dist/{src/cli → cli}/init/templates.d.ts +2 -6
package/dist/cli/init/templates.d.ts.map +1 -0
package/dist/cli/init/utils.d.ts.map +1 -0
package/dist/cli/init/walkthrough.d.ts.map +1 -0
package/dist/cli/kfc.d.ts.map +1 -0
package/dist/cli/monitor.d.ts.map +1 -0
package/dist/cli/root.d.ts.map +1 -0
package/dist/cli/types.d.ts.map +1 -0
package/dist/cli/update.d.ts.map +1 -0
package/dist/cli/uuid.d.ts.map +1 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +79 -23
package/dist/controller.js +1 -1
package/dist/fixtures/loader.d.ts.map +1 -0
package/dist/lib/assets/assets.d.ts.map +1 -0
package/dist/lib/assets/defaultTestObjects.d.ts.map +1 -0
package/dist/lib/assets/deploy.d.ts.map +1 -0
package/dist/lib/assets/destroy.d.ts.map +1 -0
package/dist/lib/assets/helm.d.ts.map +1 -0
package/dist/lib/assets/index.d.ts.map +1 -0
package/dist/lib/assets/loader.d.ts.map +1 -0
package/dist/lib/assets/networking.d.ts.map +1 -0
package/dist/lib/assets/pods.d.ts.map +1 -0
package/dist/lib/assets/rbac.d.ts.map +1 -0
package/dist/lib/assets/store.d.ts.map +1 -0
package/dist/lib/assets/webhooks.d.ts.map +1 -0
package/dist/lib/assets/yaml/generateAllYaml.d.ts.map +1 -0
package/dist/lib/assets/yaml/generateZarfYaml.d.ts.map +1 -0
package/dist/lib/assets/yaml/overridesFile.d.ts.map +1 -0
package/dist/lib/common-types.d.ts.map +1 -0
package/dist/lib/controller/index.d.ts.map +1 -0
package/dist/lib/controller/index.util.d.ts.map +1 -0
package/dist/lib/controller/store.d.ts.map +1 -0
package/dist/lib/controller/storeCache.d.ts.map +1 -0
package/dist/lib/core/capability.d.ts.map +1 -0
package/dist/lib/core/envChecks.d.ts.map +1 -0
package/dist/lib/core/module.d.ts.map +1 -0
package/dist/lib/core/queue.d.ts.map +1 -0
package/dist/lib/core/schedule.d.ts.map +1 -0
package/dist/lib/core/storage.d.ts.map +1 -0
package/dist/lib/deploymentChecks.d.ts.map +1 -0
package/dist/lib/enums.d.ts.map +1 -0
package/dist/lib/errors.d.ts.map +1 -0
package/dist/lib/filesystemService.d.ts.map +1 -0
package/dist/lib/filter/adjudicators/admissionRequest.d.ts.map +1 -0
package/dist/lib/filter/adjudicators/binding.d.ts.map +1 -0
package/dist/lib/filter/adjudicators/defaultTestObjects.d.ts.map +1 -0
package/dist/lib/filter/adjudicators/kubernetesObject.d.ts.map +1 -0
package/dist/lib/filter/adjudicators/mismatch.d.ts.map +1 -0
package/dist/lib/filter/adjudicators/postCollection.d.ts.map +1 -0
package/dist/lib/filter/filter.d.ts.map +1 -0
package/dist/lib/finalizer.d.ts.map +1 -0
package/dist/lib/helpers.d.ts.map +1 -0
package/dist/lib/included-files.d.ts.map +1 -0
package/dist/lib/k8s.d.ts.map +1 -0
package/dist/lib/mutate-request.d.ts.map +1 -0
package/dist/lib/processors/decode-utils.d.ts.map +1 -0
package/dist/lib/processors/mutate-processor.d.ts.map +1 -0
package/dist/lib/processors/validate-processor.d.ts.map +1 -0
package/dist/lib/processors/watch-processor.d.ts.map +1 -0
package/dist/lib/telemetry/logger.d.ts.map +1 -0
package/dist/lib/telemetry/metrics.d.ts.map +1 -0
package/dist/lib/telemetry/timeUtils.d.ts.map +1 -0
package/dist/lib/telemetry/webhookTimeouts.d.ts.map +1 -0
package/dist/lib/tls.d.ts.map +1 -0
package/dist/lib/types.d.ts.map +1 -0
package/dist/lib/utils.d.ts.map +1 -0
package/dist/lib/validate-request.d.ts.map +1 -0
package/dist/lib.d.ts.map +1 -0
package/dist/lib.js +124 -38
package/dist/lib.js.map +2 -2
package/dist/{src/runtime → runtime}/controller.d.ts.map +1 -1
package/dist/sdk/heredoc.d.ts.map +1 -0
package/dist/sdk/sdk.d.ts.map +1 -0
package/package.json +8 -13
package/src/lib/assets/assets.ts +46 -11
package/src/lib/assets/defaultTestObjects.ts +13 -2
package/src/lib/assets/deploy.ts +25 -5
package/src/lib/assets/index.ts +8 -2
package/src/lib/assets/pods.ts +5 -1
package/src/lib/assets/webhooks.ts +12 -3
package/src/lib/assets/yaml/generateAllYaml.ts +12 -2
package/src/lib/controller/index.ts +9 -3
package/src/lib/core/capability.ts +32 -8
package/src/lib/core/module.ts +5 -1
package/src/lib/core/storage.ts +3 -1
package/src/lib/deploymentChecks.ts +3 -1
package/src/lib/filter/adjudicators/admissionRequest.ts +4 -1
package/src/lib/filter/adjudicators/binding.ts +17 -4
package/src/lib/filter/adjudicators/kubernetesObject.ts +4 -2
package/src/lib/filter/adjudicators/mismatch.ts +25 -6
package/src/lib/filter/adjudicators/postCollection.ts +15 -3
package/src/lib/filter/filter.ts +63 -15
package/src/lib/helpers.ts +36 -10
package/src/lib/included-files.ts +5 -1
package/src/lib/processors/decode-utils.ts +4 -1
package/src/lib/processors/mutate-processor.ts +4 -1
package/src/lib/processors/validate-processor.ts +4 -1
package/src/lib/processors/watch-processor.ts +49 -19
package/src/lib/telemetry/metrics.ts +6 -2
package/src/lib/telemetry/webhookTimeouts.ts +4 -1
package/src/templates/.prettierrc.json +3 -2
package/src/templates/capabilities/hello-pepr.ts +2 -8
package/dist/.github/workflows/pepr-excellent-examples-matrix.d.ts +0 -2
package/dist/.github/workflows/pepr-excellent-examples-matrix.d.ts.map +0 -1
package/dist/commitlint.config.d.ts +0 -4
package/dist/commitlint.config.d.ts.map +0 -1
package/dist/integration/helpers/cmd.d.ts +0 -22
package/dist/integration/helpers/cmd.d.ts.map +0 -1
package/dist/integration/helpers/pepr.d.ts +0 -5
package/dist/integration/helpers/pepr.d.ts.map +0 -1
package/dist/integration/helpers/resource.d.ts +0 -18
package/dist/integration/helpers/resource.d.ts.map +0 -1
package/dist/integration/helpers/time.d.ts +0 -4
package/dist/integration/helpers/time.d.ts.map +0 -1
package/dist/integration/helpers/workdir.d.ts +0 -12
package/dist/integration/helpers/workdir.d.ts.map +0 -1
package/dist/scripts/set-version.d.ts +0 -2
package/dist/scripts/set-version.d.ts.map +0 -1
package/dist/src/cli/banner.d.ts.map +0 -1
package/dist/src/cli/build.d.ts.map +0 -1
package/dist/src/cli/build.helpers.d.ts.map +0 -1
package/dist/src/cli/deploy.d.ts.map +0 -1
package/dist/src/cli/dev.d.ts.map +0 -1
package/dist/src/cli/format.d.ts.map +0 -1
package/dist/src/cli/format.helpers.d.ts.map +0 -1
package/dist/src/cli/init/enums.d.ts.map +0 -1
package/dist/src/cli/init/index.d.ts.map +0 -1
package/dist/src/cli/init/templates.d.ts.map +0 -1
package/dist/src/cli/init/utils.d.ts.map +0 -1
package/dist/src/cli/init/walkthrough.d.ts.map +0 -1
package/dist/src/cli/kfc.d.ts.map +0 -1
package/dist/src/cli/monitor.d.ts.map +0 -1
package/dist/src/cli/root.d.ts.map +0 -1
package/dist/src/cli/types.d.ts.map +0 -1
package/dist/src/cli/update.d.ts.map +0 -1
package/dist/src/cli/uuid.d.ts.map +0 -1
package/dist/src/cli.d.ts.map +0 -1
package/dist/src/fixtures/loader.d.ts.map +0 -1
package/dist/src/lib/assets/assets.d.ts.map +0 -1
package/dist/src/lib/assets/defaultTestObjects.d.ts.map +0 -1
package/dist/src/lib/assets/deploy.d.ts.map +0 -1
package/dist/src/lib/assets/destroy.d.ts.map +0 -1
package/dist/src/lib/assets/helm.d.ts.map +0 -1
package/dist/src/lib/assets/index.d.ts.map +0 -1
package/dist/src/lib/assets/loader.d.ts.map +0 -1
package/dist/src/lib/assets/networking.d.ts.map +0 -1
package/dist/src/lib/assets/pods.d.ts.map +0 -1
package/dist/src/lib/assets/rbac.d.ts.map +0 -1
package/dist/src/lib/assets/store.d.ts.map +0 -1
package/dist/src/lib/assets/webhooks.d.ts.map +0 -1
package/dist/src/lib/assets/yaml/generateAllYaml.d.ts.map +0 -1
package/dist/src/lib/assets/yaml/generateZarfYaml.d.ts.map +0 -1
package/dist/src/lib/assets/yaml/overridesFile.d.ts.map +0 -1
package/dist/src/lib/common-types.d.ts.map +0 -1
package/dist/src/lib/controller/index.d.ts.map +0 -1
package/dist/src/lib/controller/index.util.d.ts.map +0 -1
package/dist/src/lib/controller/store.d.ts.map +0 -1
package/dist/src/lib/controller/storeCache.d.ts.map +0 -1
package/dist/src/lib/core/capability.d.ts.map +0 -1
package/dist/src/lib/core/envChecks.d.ts.map +0 -1
package/dist/src/lib/core/module.d.ts.map +0 -1
package/dist/src/lib/core/queue.d.ts.map +0 -1
package/dist/src/lib/core/schedule.d.ts.map +0 -1
package/dist/src/lib/core/storage.d.ts.map +0 -1
package/dist/src/lib/deploymentChecks.d.ts.map +0 -1
package/dist/src/lib/enums.d.ts.map +0 -1
package/dist/src/lib/errors.d.ts.map +0 -1
package/dist/src/lib/filesystemService.d.ts.map +0 -1
package/dist/src/lib/filter/adjudicators/admissionRequest.d.ts.map +0 -1
package/dist/src/lib/filter/adjudicators/binding.d.ts.map +0 -1
package/dist/src/lib/filter/adjudicators/defaultTestObjects.d.ts.map +0 -1
package/dist/src/lib/filter/adjudicators/kubernetesObject.d.ts.map +0 -1
package/dist/src/lib/filter/adjudicators/mismatch.d.ts.map +0 -1
package/dist/src/lib/filter/adjudicators/postCollection.d.ts.map +0 -1
package/dist/src/lib/filter/filter.d.ts.map +0 -1
package/dist/src/lib/finalizer.d.ts.map +0 -1
package/dist/src/lib/helpers.d.ts.map +0 -1
package/dist/src/lib/included-files.d.ts.map +0 -1
package/dist/src/lib/k8s.d.ts.map +0 -1
package/dist/src/lib/mutate-request.d.ts.map +0 -1
package/dist/src/lib/processors/decode-utils.d.ts.map +0 -1
package/dist/src/lib/processors/mutate-processor.d.ts.map +0 -1
package/dist/src/lib/processors/validate-processor.d.ts.map +0 -1
package/dist/src/lib/processors/watch-processor.d.ts.map +0 -1
package/dist/src/lib/telemetry/logger.d.ts.map +0 -1
package/dist/src/lib/telemetry/metrics.d.ts.map +0 -1
package/dist/src/lib/telemetry/timeUtils.d.ts.map +0 -1
package/dist/src/lib/telemetry/webhookTimeouts.d.ts.map +0 -1
package/dist/src/lib/tls.d.ts.map +0 -1
package/dist/src/lib/types.d.ts.map +0 -1
package/dist/src/lib/utils.d.ts.map +0 -1
package/dist/src/lib/validate-request.d.ts.map +0 -1
package/dist/src/lib.d.ts.map +0 -1
package/dist/src/sdk/cosign.d.ts +0 -18
package/dist/src/sdk/cosign.d.ts.map +0 -1
package/dist/src/sdk/heredoc.d.ts.map +0 -1
package/dist/src/sdk/sdk.d.ts.map +0 -1
package/src/lib/.prettierrc +0 -14
package/src/sdk/cosign.ts +0 -327
/package/dist/{src/cli → cli}/banner.d.ts +0 -0
/package/dist/{src/cli → cli}/build.d.ts +0 -0
/package/dist/{src/cli → cli}/build.helpers.d.ts +0 -0
/package/dist/{src/cli → cli}/deploy.d.ts +0 -0
/package/dist/{src/cli → cli}/dev.d.ts +0 -0
/package/dist/{src/cli → cli}/format.d.ts +0 -0
/package/dist/{src/cli → cli}/format.helpers.d.ts +0 -0
/package/dist/{src/cli → cli}/init/enums.d.ts +0 -0
/package/dist/{src/cli → cli}/init/index.d.ts +0 -0
/package/dist/{src/cli → cli}/init/utils.d.ts +0 -0
/package/dist/{src/cli → cli}/init/walkthrough.d.ts +0 -0
/package/dist/{src/cli → cli}/kfc.d.ts +0 -0
/package/dist/{src/cli → cli}/monitor.d.ts +0 -0
/package/dist/{src/cli → cli}/root.d.ts +0 -0
/package/dist/{src/cli → cli}/types.d.ts +0 -0
/package/dist/{src/cli → cli}/update.d.ts +0 -0
/package/dist/{src/cli → cli}/uuid.d.ts +0 -0
/package/dist/{src/cli.d.ts → cli.d.ts} +0 -0
/package/dist/{src/fixtures → fixtures}/loader.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/assets.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/defaultTestObjects.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/deploy.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/destroy.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/helm.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/index.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/loader.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/networking.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/pods.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/rbac.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/store.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/webhooks.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/yaml/generateAllYaml.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/yaml/generateZarfYaml.d.ts +0 -0
/package/dist/{src/lib → lib}/assets/yaml/overridesFile.d.ts +0 -0
/package/dist/{src/lib → lib}/common-types.d.ts +0 -0
/package/dist/{src/lib → lib}/controller/index.d.ts +0 -0
/package/dist/{src/lib → lib}/controller/index.util.d.ts +0 -0
/package/dist/{src/lib → lib}/controller/store.d.ts +0 -0
/package/dist/{src/lib → lib}/controller/storeCache.d.ts +0 -0
/package/dist/{src/lib → lib}/core/capability.d.ts +0 -0
/package/dist/{src/lib → lib}/core/envChecks.d.ts +0 -0
/package/dist/{src/lib → lib}/core/module.d.ts +0 -0
/package/dist/{src/lib → lib}/core/queue.d.ts +0 -0
/package/dist/{src/lib → lib}/core/schedule.d.ts +0 -0
/package/dist/{src/lib → lib}/core/storage.d.ts +0 -0
/package/dist/{src/lib → lib}/deploymentChecks.d.ts +0 -0
/package/dist/{src/lib → lib}/enums.d.ts +0 -0
/package/dist/{src/lib → lib}/errors.d.ts +0 -0
/package/dist/{src/lib → lib}/filesystemService.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/adjudicators/admissionRequest.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/adjudicators/binding.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/adjudicators/defaultTestObjects.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/adjudicators/kubernetesObject.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/adjudicators/mismatch.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/adjudicators/postCollection.d.ts +0 -0
/package/dist/{src/lib → lib}/filter/filter.d.ts +0 -0
/package/dist/{src/lib → lib}/finalizer.d.ts +0 -0
/package/dist/{src/lib → lib}/helpers.d.ts +0 -0
/package/dist/{src/lib → lib}/included-files.d.ts +0 -0
/package/dist/{src/lib → lib}/k8s.d.ts +0 -0
/package/dist/{src/lib → lib}/mutate-request.d.ts +0 -0
/package/dist/{src/lib → lib}/processors/decode-utils.d.ts +0 -0
/package/dist/{src/lib → lib}/processors/mutate-processor.d.ts +0 -0
/package/dist/{src/lib → lib}/processors/validate-processor.d.ts +0 -0
/package/dist/{src/lib → lib}/processors/watch-processor.d.ts +0 -0
/package/dist/{src/lib → lib}/telemetry/logger.d.ts +0 -0
/package/dist/{src/lib → lib}/telemetry/metrics.d.ts +0 -0
/package/dist/{src/lib → lib}/telemetry/timeUtils.d.ts +0 -0
/package/dist/{src/lib → lib}/telemetry/webhookTimeouts.d.ts +0 -0
/package/dist/{src/lib → lib}/tls.d.ts +0 -0
/package/dist/{src/lib → lib}/types.d.ts +0 -0
/package/dist/{src/lib → lib}/utils.d.ts +0 -0
/package/dist/{src/lib → lib}/validate-request.d.ts +0 -0
/package/dist/{src/lib.d.ts → lib.d.ts} +0 -0
/package/dist/{src/runtime → runtime}/controller.d.ts +0 -0
/package/dist/{src/sdk → sdk}/heredoc.d.ts +0 -0
/package/dist/{src/sdk → sdk}/sdk.d.ts +0 -0

package/src/sdk/cosign.ts DELETED Viewed

@@ -1,327 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
-import { https } from "follow-redirects";
-import { readFile, unlink } from "node:fs/promises";
-import { createWriteStream } from "node:fs";
-import * as crypto from "node:crypto";
-import { PublicKeyDetails, TrustedRoot } from "@sigstore/protobuf-specs";
-import { bundleFromJSON } from "@sigstore/bundle";
-import { toSignedEntity, toTrustMaterial, Verifier } from "@sigstore/verify";
-export enum MediaTypeDockerV2 {
-  Manifest = "application/vnd.docker.distribution.manifest.v2+json",
-}
-export enum MediaTypeOciV1 {
-  Manifest = "application/vnd.oci.image.manifest.v1+json",
-  Index = "application/vnd.oci.image.index.v1+json",
-}
-/* eslint-disable  @typescript-eslint/no-explicit-any */
-export async function head(
-  rawUrl: string,
-  mediaType: string,
-  optsParam: Record<string, any> = {},
-): Promise<any> {
-  const url = new URL(rawUrl);
-  return new Promise((resolve, reject) => {
-    const opts = {
-      protocol: url.protocol,
-      hostname: url.hostname,
-      port: url.port,
-      path: url.pathname,
-      method: "HEAD",
-      headers: { Accept: mediaType },
-      ...optsParam,
-    };
-    https
-      .request(opts, resp => {
-        const { statusCode } = resp;
-        let error;
-        if (!statusCode?.toString().startsWith("2") && !statusCode?.toString().startsWith("3")) {
-          reject(new Error(`err: status code: ${statusCode}: expected 2xx|3xx`));
-          error = true;
-        }
-        if (error) {
-          resp.resume();
-          return;
-        }
-        resp.setEncoding("utf8");
-        resp.on("data", () => {});
-        resp.on("end", () => {
-          resolve(resp.headers);
-        });
-      })
-      .on("error", e => reject(e))
-      .end();
-  });
-}
-/* eslint-disable  @typescript-eslint/no-explicit-any */
-export async function get(
-  rawUrl: string,
-  mediaType: string,
-  optsParam: Record<string, any> = {},
-): Promise<any> {
-  const url = new URL(rawUrl);
-  return new Promise((resolve, reject) => {
-    const opts = {
-      protocol: url.protocol,
-      hostname: url.hostname,
-      port: url.port,
-      path: url.pathname,
-      method: "GET",
-      headers: {
-        "User-Agent": "node",
-        Accept: mediaType,
-      },
-      ...optsParam,
-    };
-    https
-      .request(opts, resp => {
-        const { statusCode } = resp;
-        let error;
-        if (!statusCode?.toString().startsWith("2") && !statusCode?.toString().startsWith("3")) {
-          console.log(resp.headers);
-          reject(new Error(`err: status code: ${statusCode}: expected 2xx`));
-          error = true;
-        }
-        if (error) {
-          resp.resume();
-          return;
-        }
-        resp.setEncoding("utf8");
-        let raw = "";
-        resp.on("data", chunk => {
-          raw += chunk;
-        });
-        resp.on("end", () => {
-          try {
-            resolve({ head: resp.headers, body: raw });
-          } catch (e) {
-            reject(e);
-          }
-        });
-      })
-      .on("error", e => reject(e))
-      .end();
-  });
-}
-/* eslint-disable  @typescript-eslint/no-explicit-any */
-export async function download(
-  rawUrl: string,
-  localPath: string,
-  optsParam: Record<string, any> = {},
-): Promise<void> {
-  const url = new URL(rawUrl);
-  return new Promise((resolve, reject) => {
-    const opts = {
-      protocol: url.protocol,
-      hostname: url.hostname,
-      port: url.port,
-      path: url.pathname,
-      method: "GET",
-      headers: {
-        "User-Agent": "node",
-        Accept: "application/octet-stream",
-      },
-      ...optsParam,
-    };
-    https
-      .request(opts, resp => {
-        const { statusCode } = resp;
-        let error;
-        if (!statusCode?.toString().startsWith("2") && !statusCode?.toString().startsWith("3")) {
-          console.log(resp.headers);
-          reject(new Error(`err: status code: ${statusCode}: expected 2xx`));
-          error = true;
-        }
-        if (error) {
-          resp.resume();
-          return;
-        }
-        const ws = createWriteStream(localPath).on("finish", () => {
-          ws.close(() => resolve());
-        });
-        resp.pipe(ws);
-      })
-      .on("error", async err => {
-        await unlink(localPath);
-        reject(err);
-      })
-      .end();
-  });
-}
-//
-// TODO: should support using certs too
-//
-/**
- * Returns all containers in a pod
- * @param {string} iref image reference
- * @param {array} pubkeys list of paths to node crypto code signing pubkeys
- * @returns {boolean} whether the iref was signed by a key in the pubkeys
- */
-export async function verifyImage(
-  iref: string,
-  pubkeys: string[],
-  tlsCrts?: string[],
-): Promise<boolean> {
-  const X: Record<string, any> = {};
-  // <host---> / <image----------------------->
-  //           / <name---------------> : <tag->
-  // docker.io / library / hello-world : latest
-  //
-  // <host> / <image------------------------------------->
-  //        / <name------------------------------> : <tag>
-  // ttl.sh / 5dad3c9b-7ccc-4115-be27-c9244e7c0e06 : 2000m
-  X.iref = {};
-  X.iref.raw = iref;
-  X.iref.host = iref.split("/")[0];
-  X.iref.image = iref.replace(`${X.iref.host}/`, "");
-  X.iref.tag = X.iref.image.split(":").at(-1);
-  X.iref.name = X.iref.image.replace(`:${X.iref.tag}`, "");
-  X.manifest = {
-    url: `https://${X.iref.host}/v2/${X.iref.name}/manifests/${X.iref.tag}`,
-  };
-  const supportsMediaType = async (url: string, mediaType: string): Promise<boolean> => {
-    return (await head(url, mediaType, { ca: tlsCrts }))["content-type"] === mediaType;
-  };
-  const canOciV1Manifest = async (manifestUrl: string): Promise<boolean> => {
-    return supportsMediaType(manifestUrl, MediaTypeOciV1.Manifest);
-  };
-  const canDockerV2Manifest = async (manifestUrl: string): Promise<boolean> => {
-    return supportsMediaType(manifestUrl, MediaTypeDockerV2.Manifest);
-  };
-  // prettier-ignore
-  const manifestResp =
-    await canOciV1Manifest(X.manifest.url) ? await get(X.manifest.url, MediaTypeOciV1.Manifest, {ca: tlsCrts}) :
-    await canDockerV2Manifest(X.manifest.url) ? await get(X.manifest.url, MediaTypeDockerV2.Manifest, {ca: tlsCrts}) :
-    (():never => { throw "Can't pull image manifest with supported MediaType." })();
-  X.manifest.content = manifestResp.body;
-  X.manifest.digest = `sha256:${crypto
-    .createHash("sha256")
-    .update(X.manifest.content)
-    .digest("hex")
-    .toString()}`;
-  X.sig = {};
-  X.sig.tag = `${X.manifest.digest.replace(":", "-")}.sig`;
-  X.sig.triangulated = `${X.iref.host}/${X.iref.name}:${X.sig.tag}`;
-  X.sig.url = `https://${X.iref.host}/v2/${X.iref.name}/manifests/${X.sig.tag}`;
-  const sigManifestResp = await get(X.sig.url, MediaTypeOciV1.Manifest, { ca: tlsCrts });
-  X.sig.manifest = sigManifestResp.body;
-  const cosignSigLayer = JSON.parse(X.sig.manifest).layers.filter((f: any) =>
-    Object.hasOwn(f?.annotations, "dev.cosignproject.cosign/signature"),
-  )[0];
-  X.sig.blob = {};
-  X.sig.blob.digest = cosignSigLayer.digest;
-  X.sig.blob.signature = cosignSigLayer.annotations["dev.cosignproject.cosign/signature"];
-  X.sig.blob.url = `https://${X.iref.host}/v2/${X.iref.name}/blobs/${X.sig.blob.digest}`;
-  const sigBlobResp = await get(X.sig.blob.url, "application/octet-stream", { ca: tlsCrts });
-  X.sig.blob.content = sigBlobResp.body;
-  let verified = false;
-  for (const pubkey of pubkeys) {
-    // https://github.com/sigstore/sigstore-js/blob/main/packages/verify/src/__tests__/verifier.test.ts
-    const pubKeyRaw = await readFile(`${pubkey}`, { encoding: "utf8" });
-    const pubKey = crypto.createPublicKey({
-      key: pubKeyRaw,
-      format: "pem",
-      encoding: "utf-8",
-    });
-    const trustedRoot = {
-      tlogs: [],
-      ctlogs: [],
-      timestampAuthorities: [],
-      certificateAuthorities: [],
-    } as unknown as TrustedRoot;
-    const keys = {
-      hint: {
-        rawBytes: pubKey.export({ type: "spki", format: "der" }),
-        keyDetails: PublicKeyDetails.PKIX_ECDSA_P256_SHA_256,
-      },
-    };
-    const trustMaterial = toTrustMaterial(trustedRoot, keys);
-    const subject = new Verifier(trustMaterial, {
-      ctlogThreshold: 0,
-      tlogThreshold: 0,
-      tsaThreshold: 0,
-    });
-    const bundle = bundleFromJSON({
-      mediaType: "application/vnd.dev.sigstore.bundle+json;version=0.1",
-      verificationMaterial: {
-        publicKey: {
-          hint: "hint",
-        },
-        tlogEntries: [],
-        timestampVerificationData: {
-          rfc3161Timestamps: [],
-        },
-      },
-      messageSignature: {
-        messageDigest: {
-          algorithm: "SHA2_256",
-          digest: crypto.createHash("sha256").update(X.sig.blob.content).digest().toString(),
-        },
-        signature: X.sig.blob.signature,
-      },
-    });
-    const signedEntity = toSignedEntity(bundle, Buffer.from(X.sig.blob.content));
-    try {
-      subject.verify(signedEntity);
-      verified = true;
-      break;
-    } catch (e) {
-      if (e.message.includes("signature verification failed")) {
-        continue;
-      }
-      throw e;
-    }
-  }
-  return verified;
-}