actions/attest-build-provenance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:predicate@1.1.0
Branches Tags
actions:main
actions:v4 actions:v4.1.0 actions:v4.0.0 actions:v3.2.0 actions:v3.1.0 actions:v3 actions:v3.0.0 actions:predicate@2.0.0 actions:v2 actions:v2.4.0 actions:v2.3.0 actions:v2.2.3 actions:v2.2.2 actions:predicate@1.1.5 actions:v2.2.1 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v1 actions:v1.4.4 actions:predicate@1.1.4 actions:v1.4.3 actions:predicate@1.1.3 actions:v1.4.2 actions:v1.4.1 actions:predicate@1.1.2 actions:fa actions:v1.4.0 actions:predicate@1.1.1 actions:v1.3.3 actions:v1.3.2 actions:v1.3.1 actions:v1.3.0 actions:predicate@1.1.0 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.0 actions:predicate@1.0.0 actions:v0.2.0 actions:predicate@0.2.0 actions:v0.1.1 actions:v0.1.0 actions:predicate@0.1.0
..
compare: actions:v1.3.2
Branches Tags
actions:main
actions:v4 actions:v4.1.0 actions:v4.0.0 actions:v3.2.0 actions:v3.1.0 actions:v3 actions:v3.0.0 actions:predicate@2.0.0 actions:v2 actions:v2.4.0 actions:v2.3.0 actions:v2.2.3 actions:v2.2.2 actions:predicate@1.1.5 actions:v2.2.1 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v1 actions:v1.4.4 actions:predicate@1.1.4 actions:v1.4.3 actions:predicate@1.1.3 actions:v1.4.2 actions:v1.4.1 actions:predicate@1.1.2 actions:fa actions:v1.4.0 actions:predicate@1.1.1 actions:v1.3.3 actions:v1.3.2 actions:v1.3.1 actions:v1.3.0 actions:predicate@1.1.0 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.0 actions:predicate@1.0.0 actions:v0.2.0 actions:predicate@0.2.0 actions:v0.1.1 actions:v0.1.0 actions:predicate@0.1.0

6 Commits
predicate@ ... v1.3.2

Author SHA1 Message Date
Brian DeHamer
bdd51370e0 bump actions/attest from 1.3.1 to 1.3.2 (#123) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-17 10:34:13 -07:00
dependabot[bot]
cd2e38c225 Bump the npm-development group with 4 updates (#122) 
Bumps the npm-development group with 4 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser), [prettier](https://github.com/prettier/prettier) and [ts-jest](https://github.com/kulshekhar/ts-jest).


Updates `@typescript-eslint/eslint-plugin` from 7.12.0 to 7.13.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.13.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 7.12.0 to 7.13.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.13.0/packages/parser)

Updates `prettier` from 3.3.1 to 3.3.2
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.3.1...3.3.2)

Updates `ts-jest` from 29.1.4 to 29.1.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.4...v29.1.5)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-06-17 06:56:13 -07:00
Brian DeHamer
995dfa6a20 add multi-subject examples to docs (#118) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-17 06:50:59 -07:00
Brian DeHamer
534b352d65 bump actions/attest from 1.3.0 to 1.3.1 (#117) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-13 14:58:35 -07:00
Brian DeHamer
3119152b59 bump predicate and actions/attest (#116) 
* actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0
* actions/attest from 1.2.0 to 1.3.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-12 16:28:09 -07:00
dependabot[bot]
52bfabd97f Bump braces from 3.0.2 to 3.0.3 (#115) 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-12 14:09:40 -07:00
4 changed files with 88 additions and 67 deletions
Expand all files Collapse all files

21
README.md
View File

@@ -36,7 +36,7 @@ attest:
```
The `id-token` permission gives the action the ability to mint the OIDC token
permission is necessary to persist the attestation. The `attestations`
necessary to request a Sigstore signing certificate. The `attestations`
permission is necessary to persist the attestation.
1. Add the following to your workflow after your artifact has been built:
@@ -139,7 +139,7 @@ jobs:
subject-path: '${{ github.workspace }}/my-app'
```
### Identify Subjects by Wildcard
### Identify Multiple Subjects
If you are generating multiple artifacts, you can generate a provenance
attestation for each by using a wildcard in the `subject-path` input.
@@ -153,6 +153,23 @@ attestation for each by using a wildcard in the `subject-path` input.
For supported wildcards along with behavior and documentation, see
[@actions/glob][8] which is used internally to search for files.
Alternatively, you can explicitly list multiple subjects with either a comma or
newline delimited list:
```yaml
- uses: actions/attest-build-provenance@v1
with:
subject-path: 'dist/foo, dist/bar'
```
```yaml
- uses: actions/attest-build-provenance@v1
with:
subject-path: |
dist/foo
dist/bar
```
### Container Image
When working with container images you can invoke the action with the

4
action.yml
View File

@@ -44,9 +44,9 @@ outputs:
runs:
using: 'composite'
steps:
- uses: actions/attest-build-provenance/predicate@db1dde0f270afe12073070ac7aa802958ae3ec04 # predicate@1.0.0
- uses: actions/attest-build-provenance/predicate@46e4ff8b824dc6ae13c8f92c8ba69907e2d39b4e # predicate@1.1.0
id: generate-build-provenance-predicate
- uses: actions/attest@32795ed9174327efe1734fa6d09c9223658ef225 # v1.2.0
- uses: actions/attest@8afbcf6e5e31a04f9ef7ca7ee40a0d91e263da5a # v1.3.2
id: attest
with:
subject-path: ${{ inputs.subject-path }}

122
package-lock.json generated
View File

@@ -15,8 +15,8 @@
"devDependencies": {
"@types/jest": "^29.5.12",
"@types/node": "^20.14.2",
"@typescript-eslint/eslint-plugin": "^7.12.0",
"@typescript-eslint/parser": "^7.12.0",
"@typescript-eslint/eslint-plugin": "^7.13.0",
"@typescript-eslint/parser": "^7.13.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-plugin-github": "^5.0.1",
@@ -27,9 +27,9 @@
"jose": "^5.4.0",
"markdownlint-cli": "^0.41.0",
"nock": "^13.5.4",
"prettier": "^3.3.1",
"prettier": "^3.3.2",
"prettier-eslint": "^16.3.0",
"ts-jest": "^29.1.4",
"ts-jest": "^29.1.5",
"typescript": "^5.4.5"
},
"engines": {
@@ -1783,16 +1783,16 @@
"license": "MIT"
},
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz",
"integrity": "sha512-7F91fcbuDf/d3S8o21+r3ZncGIke/+eWk0EpO21LXhDfLahriZF9CGj4fbAetEjlaBdjdSm9a6VeXbpbT6Z40Q==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.13.0.tgz",
"integrity": "sha512-FX1X6AF0w8MdVFLSdqwqN/me2hyhuQg4ykN6ZpVhh1ij/80pTvDKclX1sZB9iqex8SjQfVhwMKs3JtnnMLzG9w==",
"dev": true,
"dependencies": {
"@eslint-community/regexpp": "^4.10.0",
"@typescript-eslint/scope-manager": "7.12.0",
"@typescript-eslint/type-utils": "7.12.0",
"@typescript-eslint/utils": "7.12.0",
"@typescript-eslint/visitor-keys": "7.12.0",
"@typescript-eslint/scope-manager": "7.13.0",
"@typescript-eslint/type-utils": "7.13.0",
"@typescript-eslint/utils": "7.13.0",
"@typescript-eslint/visitor-keys": "7.13.0",
"graphemer": "^1.4.0",
"ignore": "^5.3.1",
"natural-compare": "^1.4.0",
@@ -1816,15 +1816,15 @@
}
},
"node_modules/@typescript-eslint/parser": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.12.0.tgz",
"integrity": "sha512-dm/J2UDY3oV3TKius2OUZIFHsomQmpHtsV0FTh1WO8EKgHLQ1QCADUqscPgTpU+ih1e21FQSRjXckHn3txn6kQ==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.13.0.tgz",
"integrity": "sha512-EjMfl69KOS9awXXe83iRN7oIEXy9yYdqWfqdrFAYAAr6syP8eLEFI7ZE4939antx2mNgPRW/o1ybm2SFYkbTVA==",
"dev": true,
"dependencies": {
"@typescript-eslint/scope-manager": "7.12.0",
"@typescript-eslint/types": "7.12.0",
"@typescript-eslint/typescript-estree": "7.12.0",
"@typescript-eslint/visitor-keys": "7.12.0",
"@typescript-eslint/scope-manager": "7.13.0",
"@typescript-eslint/types": "7.13.0",
"@typescript-eslint/typescript-estree": "7.13.0",
"@typescript-eslint/visitor-keys": "7.13.0",
"debug": "^4.3.4"
},
"engines": {
@@ -1844,13 +1844,13 @@
}
},
"node_modules/@typescript-eslint/scope-manager": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz",
"integrity": "sha512-itF1pTnN6F3unPak+kutH9raIkL3lhH1YRPGgt7QQOh43DQKVJXmWkpb+vpc/TiDHs6RSd9CTbDsc/Y+Ygq7kg==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.13.0.tgz",
"integrity": "sha512-ZrMCe1R6a01T94ilV13egvcnvVJ1pxShkE0+NDjDzH4nvG1wXpwsVI5bZCvE7AEDH1mXEx5tJSVR68bLgG7Dng==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "7.12.0",
"@typescript-eslint/visitor-keys": "7.12.0"
"@typescript-eslint/types": "7.13.0",
"@typescript-eslint/visitor-keys": "7.13.0"
},
"engines": {
"node": "^18.18.0 || >=20.0.0"
@@ -1861,13 +1861,13 @@
}
},
"node_modules/@typescript-eslint/type-utils": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz",
"integrity": "sha512-lib96tyRtMhLxwauDWUp/uW3FMhLA6D0rJ8T7HmH7x23Gk1Gwwu8UZ94NMXBvOELn6flSPiBrCKlehkiXyaqwA==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.13.0.tgz",
"integrity": "sha512-xMEtMzxq9eRkZy48XuxlBFzpVMDurUAfDu5Rz16GouAtXm0TaAoTFzqWUFPPuQYXI/CDaH/Bgx/fk/84t/Bc9A==",
"dev": true,
"dependencies": {
"@typescript-eslint/typescript-estree": "7.12.0",
"@typescript-eslint/utils": "7.12.0",
"@typescript-eslint/typescript-estree": "7.13.0",
"@typescript-eslint/utils": "7.13.0",
"debug": "^4.3.4",
"ts-api-utils": "^1.3.0"
},
@@ -1888,9 +1888,9 @@
}
},
"node_modules/@typescript-eslint/types": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz",
"integrity": "sha512-o+0Te6eWp2ppKY3mLCU+YA9pVJxhUJE15FV7kxuD9jgwIAa+w/ycGJBMrYDTpVGUM/tgpa9SeMOugSabWFq7bg==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.13.0.tgz",
"integrity": "sha512-QWuwm9wcGMAuTsxP+qz6LBBd3Uq8I5Nv8xb0mk54jmNoCyDspnMvVsOxI6IsMmway5d1S9Su2+sCKv1st2l6eA==",
"dev": true,
"engines": {
"node": "^18.18.0 || >=20.0.0"
@@ -1901,13 +1901,13 @@
}
},
"node_modules/@typescript-eslint/typescript-estree": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz",
"integrity": "sha512-5bwqLsWBULv1h6pn7cMW5dXX/Y2amRqLaKqsASVwbBHMZSnHqE/HN4vT4fE0aFsiwxYvr98kqOWh1a8ZKXalCQ==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.13.0.tgz",
"integrity": "sha512-cAvBvUoobaoIcoqox1YatXOnSl3gx92rCZoMRPzMNisDiM12siGilSM4+dJAekuuHTibI2hVC2fYK79iSFvWjw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "7.12.0",
"@typescript-eslint/visitor-keys": "7.12.0",
"@typescript-eslint/types": "7.13.0",
"@typescript-eslint/visitor-keys": "7.13.0",
"debug": "^4.3.4",
"globby": "^11.1.0",
"is-glob": "^4.0.3",
@@ -1953,15 +1953,15 @@
}
},
"node_modules/@typescript-eslint/utils": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz",
"integrity": "sha512-Y6hhwxwDx41HNpjuYswYp6gDbkiZ8Hin9Bf5aJQn1bpTs3afYY4GX+MPYxma8jtoIV2GRwTM/UJm/2uGCVv+DQ==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.13.0.tgz",
"integrity": "sha512-jceD8RgdKORVnB4Y6BqasfIkFhl4pajB1wVxrF4akxD2QPM8GNYjgGwEzYS+437ewlqqrg7Dw+6dhdpjMpeBFQ==",
"dev": true,
"dependencies": {
"@eslint-community/eslint-utils": "^4.4.0",
"@typescript-eslint/scope-manager": "7.12.0",
"@typescript-eslint/types": "7.12.0",
"@typescript-eslint/typescript-estree": "7.12.0"
"@typescript-eslint/scope-manager": "7.13.0",
"@typescript-eslint/types": "7.13.0",
"@typescript-eslint/typescript-estree": "7.13.0"
},
"engines": {
"node": "^18.18.0 || >=20.0.0"
@@ -1975,12 +1975,12 @@
}
},
"node_modules/@typescript-eslint/visitor-keys": {
"version": "7.12.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz",
"integrity": "sha512-uZk7DevrQLL3vSnfFl5bj4sL75qC9D6EdjemIdbtkuUmIheWpuiiylSY01JxJE7+zGrOWDZrp1WxOuDntvKrHQ==",
"version": "7.13.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.13.0.tgz",
"integrity": "sha512-nxn+dozQx+MK61nn/JP+M4eCkHDSxSLDpgE3WcQo0+fkjEolnaB5jswvIKC4K56By8MMgIho7f1PVxERHEo8rw==",
"dev": true,
"dependencies": {
"@typescript-eslint/types": "7.12.0",
"@typescript-eslint/types": "7.13.0",
"eslint-visitor-keys": "^3.4.3"
},
"engines": {
@@ -2451,11 +2451,12 @@
}
},
"node_modules/braces": {
"version": "3.0.2",
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
"integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"license": "MIT",
"dependencies": {
"fill-range": "^7.0.1"
"fill-range": "^7.1.1"
},
"engines": {
"node": ">=8"
@@ -3814,9 +3815,10 @@
}
},
"node_modules/fill-range": {
"version": "7.0.1",
"version": "7.1.1",
"resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
"integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"license": "MIT",
"dependencies": {
"to-regex-range": "^5.0.1"
},
@@ -4595,8 +4597,9 @@
},
"node_modules/is-number": {
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
"integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=0.12.0"
}
@@ -6665,9 +6668,9 @@
}
},
"node_modules/prettier": {
"version": "3.3.1",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.1.tgz",
"integrity": "sha512-7CAwy5dRsxs8PHXT3twixW9/OEll8MLE0VRPCJyl7CkS6VHGPSlsVaWTiASPTyGyYRyApxlaWTzwUxVNrhcwDg==",
"version": "3.3.2",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.2.tgz",
"integrity": "sha512-rAVeHYMcv8ATV5d508CFdn+8/pHPpXeIid1DdrPwXnaAdH7cqjVbpJaT5eq4yRAFU/lsbwYwSF/n5iNrdJHPQA==",
"dev": true,
"bin": {
"prettier": "bin/prettier.cjs"
@@ -7693,8 +7696,9 @@
},
"node_modules/to-regex-range": {
"version": "5.0.1",
"resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
"integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"is-number": "^7.0.0"
},
@@ -7715,9 +7719,9 @@
}
},
"node_modules/ts-jest": {
"version": "29.1.4",
"resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz",
"integrity": "sha512-YiHwDhSvCiItoAgsKtoLFCuakDzDsJ1DLDnSouTaTmdOcOwIkSzbLXduaQ6M5DRVhuZC/NYaaZ/mtHbWMv/S6Q==",
"version": "29.1.5",
"resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.5.tgz",
"integrity": "sha512-UuClSYxM7byvvYfyWdFI+/2UxMmwNyJb0NPkZPQE2hew3RurV7l7zURgOHAd/1I1ZdPpe3GUsXNXAcN8TFKSIg==",
"dev": true,
"dependencies": {
"bs-logger": "0.x",

8
package.json
View File

@@ -76,8 +76,8 @@
"devDependencies": {
"@types/jest": "^29.5.12",
"@types/node": "^20.14.2",
"@typescript-eslint/eslint-plugin": "^7.12.0",
"@typescript-eslint/parser": "^7.12.0",
"@typescript-eslint/eslint-plugin": "^7.13.0",
"@typescript-eslint/parser": "^7.13.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-plugin-github": "^5.0.1",
@@ -88,9 +88,9 @@
"jose": "^5.4.0",
"markdownlint-cli": "^0.41.0",
"nock": "^13.5.4",
"prettier": "^3.3.1",
"prettier": "^3.3.2",
"prettier-eslint": "^16.3.0",
"ts-jest": "^29.1.4",
"ts-jest": "^29.1.5",
"typescript": "^5.4.5"
}
}