actions/attest-sbom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
198 Commits 1 Branch 28 Tags
v4
Commit Graph

43 Commits

Author SHA1 Message Date
Brian DeHamer
07e74fc4e7 perpare v4 release (#253) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2026-02-25 15:03:50 -08:00
dependabot[bot]
b74e95116c Bump the actions-minor group with 2 updates (#247) 
Bumps the actions-minor group with 2 updates: [actions/attest](https://github.com/actions/attest) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/attest` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](7667f588f2...e59cbc1ad1)

Updates `github/codeql-action` from 4.31.11 to 4.32.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](19b2f06db2...b20883b0cd)

---
updated-dependencies:
- dependency-name: actions/attest
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-02 10:23:54 -08:00
dependabot[bot]
876bb5fef3 Bump the actions-minor group across 1 directory with 3 updates (#246) 
Bumps the actions-minor group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e8c483db8...de0fac2e45)

Updates `actions/setup-node` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](395ad32622...6044e13b5d)

Updates `github/codeql-action` from 4.31.9 to 4.31.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5d4e8d1aca...19b2f06db2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
- dependency-name: actions/setup-node
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.31.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-27 14:44:30 -08:00
dependabot[bot]
e395115c2b Bump the actions-minor group with 2 updates (#239) 
Bumps the actions-minor group with 2 updates: [actions/attest](https://github.com/actions/attest) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/attest` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](daf44fb950...7667f588f2)

Updates `github/codeql-action` from 4.31.8 to 4.31.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1b168cd394...5d4e8d1aca)

---
updated-dependencies:
- dependency-name: actions/attest
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.31.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 07:57:04 -08:00
dependabot[bot]
532af8af79 Bump github/codeql-action in the actions-minor group (#233) 
Bumps the actions-minor group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.7 to 4.31.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cf1bb45a27...1b168cd394)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-15 11:38:04 -08:00
dependabot[bot]
3867ba47a1 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#234) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](330a01c490...b7c566a772)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-15 11:22:47 -08:00
dependabot[bot]
95613fb241 Bump the actions-minor group with 3 updates (#231) 
Bumps the actions-minor group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1af3b93b68...8e8c483db8)

Updates `actions/setup-node` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](2028fbc5c2...395ad32622)

Updates `github/codeql-action` from 4.31.5 to 4.31.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](fdbfb4d275...cf1bb45a27)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
- dependency-name: actions/setup-node
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.31.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-08 10:22:32 -08:00
dependabot[bot]
9dc6831a72 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#217) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](ea165f8d65...330a01c490)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-01 10:45:18 -08:00
dependabot[bot]
b8f802ae8b Bump github/codeql-action in the actions-minor group (#227) 
Bumps the actions-minor group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.4 to 4.31.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e12f017898...fdbfb4d275)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-01 10:44:39 -08:00
dependabot[bot]
fd7a65e0c0 Bump actions/setup-node from 4.4.0 to 6.0.0 (#215) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](49933ea528...2028fbc5c2)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 08:41:41 -08:00
dependabot[bot]
e24c2a9074 Bump actions/checkout from 5.0.0 to 6.0.0 (#224) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 07:55:39 -08:00
dependabot[bot]
9e5a1e06d2 Bump github/codeql-action from 3.29.11 to 4.31.4 (#223) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.11 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3c3833e0f8...e12f017898)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 07:55:11 -08:00
dependabot[bot]
def7784df6 Bump github/codeql-action in the actions-minor group (#207) 
Bumps the actions-minor group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.29.9 to 3.29.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](df559355d5...3c3833e0f8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 10:21:09 -07:00
Brian DeHamer
484c81f0bd refactor eslint config (#200) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-08-28 15:21:40 -07:00
Brian DeHamer
eec1ec9904 pin workflow deps (#195) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-08-14 15:29:10 -07:00
dependabot[bot]
57a8b1e21b Bump super-linter/super-linter from 7.4.0 to 8.0.0 (#190) 
---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 10:48:52 -04:00
dependabot[bot]
9d8c9cae4a Bump super-linter/super-linter in the actions-minor group (#173) 
Bumps the actions-minor group with 1 update: [super-linter/super-linter](https://github.com/super-linter/super-linter).


Updates `super-linter/super-linter` from 7.3.0 to 7.4.0
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](4e8a7c2bf1...12150456a7)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-19 19:31:54 -07:00
Brian DeHamer
32cff21fdd offboard from eslint in superlinter (#167) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-04-28 11:28:20 -07:00
Brian DeHamer
20d6de2969 pin super-linter action to v7.2.1 (#158) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-03-24 14:37:00 -07:00
Brian DeHamer
ae2702efaf bump eslint from 8.57.1 to 9.16.0 (#139) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-16 07:18:21 -08:00
dependabot[bot]
635d710917 Bump actions/publish-immutable-action in the actions-minor group (#119) 
Bumps the actions-minor group with 1 update: [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action).


Updates `actions/publish-immutable-action` from 0.0.3 to 0.0.4
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-28 09:57:50 -07:00
Joel Ambass
8d422c6606 Add workflow file for publishing releases to immutable action package (#112) 
* Add workflow file for publishing releases to immutable action package

This workflow file publishes new action releases to the immutable action package of the same name as this repo.

This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.

* linter fix for workflow permissions

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>
 2024-10-14 16:59:52 -07:00
dependabot[bot]
dd4b089aa5 Bump super-linter/super-linter from 6 to 7 (#93) 
* Bump super-linter/super-linter from 6 to 7

Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 6 to 7.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix json-prettier error

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* fix markdown-prettier error

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* fix yaml-prettier errors

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-08-20 13:11:34 -05:00
Brian DeHamer
9e75edd833 disable typescript-standard super linter (#90) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-08-06 09:08:06 -07:00
Brian DeHamer
ba663bc478 Revert "disable github action linting (#54)" (#68) 
This reverts commit d00b213255.
 2024-06-05 10:37:33 -07:00
Brian DeHamer
d00b213255 disable github action linting (#54) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-01 14:01:58 -07:00
Phill MV
2f5f68fcc3 Update README.md to refer to attestations permission (#41) 
* Update README.md to refer to `attestations` permission

* Update ci.yml

* Update ci.yml

* Update ci.yml

* Update README.md

* Update README.md

* update README

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-04-23 09:33:57 -07:00
Brian DeHamer
36d21cdc72 remove anchore/sbom-action (#45) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-04-22 09:22:27 -07:00
Brian DeHamer
ab147f15c3 disable dependabot updates for predicate (#36) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-04-02 06:51:11 -07:00
Brian DeHamer
5a5a50bfea for signing w/ private Sigstore instance (#16) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-29 16:30:33 -08:00
Brian DeHamer
3eb264bd7e input refactor and readme updates (#13) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-29 11:59:05 -08:00
Eugene
69180bebd9 Unit Test (#12) 
* annoying tests..

* update test

* udpate

* update the tests
 2024-02-28 17:22:13 -08:00
Eugene
57dd0cd8d8 update the readme (#11) 
* update the readme

* fixing lint

* fixing lint
 2024-02-28 12:43:56 -08:00
Brian DeHamer
3f55024f1e workflow fixup 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-23 17:28:11 -08:00
Brian DeHamer
6722a1e353 use .node-version in ci workflow 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-23 15:52:36 -08:00
Brian DeHamer
425504667a fix permissions in codeql workflow 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-23 15:45:41 -08:00
Brian DeHamer
2c2f9f2e7f update fetch-depth for linter checkout 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-23 15:39:02 -08:00
dependabot[bot]
fd71f88930 Bump super-linter/super-linter from 5 to 6 
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 5 to 6.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v5...v6)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-23 23:15:09 +00:00
ejahnGithub
5e05628c2a remove attest lib 2024-02-23 14:56:17 -08:00
ejahnGithub
169a8ea839 ci update 2024-02-23 12:43:18 -08:00
ejahnGithub
dbe6e39e22 ci update 2024-02-23 12:33:59 -08:00
ejahnGithub
21c8450480 init attest sbom 2024-02-22 08:46:34 -08:00
Brian DeHamer
622dcc06e2 Initial commit 2024-02-20 11:28:19 -08:00