bump @sigstore/oci to 0.3.6 (#88)
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Brian DeHamer
23
dist/index.js
generated
vendored
23
dist/index.js
generated
vendored
@@ -11744,13 +11744,20 @@ class OCIImage {
|
||||
});
|
||||
// Upload artifact manifest
|
||||
artifactDescriptor = await __classPrivateFieldGet(this, _OCIImage_client, "f").uploadManifest(JSON.stringify(manifest));
|
||||
// Check to see if registry supports the referrers API. For most
|
||||
// registries the presence of a subjectDigest response header when
|
||||
// uploading the artifact manifest indicates that the referrers API IS
|
||||
// supported -- however, this is not a guarantee (AWS ECR does NOT support
|
||||
// the referrers API but still reports a subjectDigest).
|
||||
const referrersSupported = await __classPrivateFieldGet(this, _OCIImage_client, "f").pingReferrers();
|
||||
// Manually update the referrers list if the referrers API is not supported.
|
||||
// The lack of a subjectDigest indicates that the referrers API is not
|
||||
// supported.
|
||||
if (artifactDescriptor.subjectDigest === undefined) {
|
||||
if (!referrersSupported) {
|
||||
// Strip subjectDigest from the artifact descriptor (in case it was returned)
|
||||
/* eslint-disable-next-line @typescript-eslint/no-unused-vars */
|
||||
const { subjectDigest, ...descriptor } = artifactDescriptor;
|
||||
await __classPrivateFieldGet(this, _OCIImage_instances, "m", _OCIImage_createReferrersIndexByTag).call(this, {
|
||||
artifact: {
|
||||
...artifactDescriptor,
|
||||
...descriptor,
|
||||
artifactType: opts.mediaType,
|
||||
annotations,
|
||||
},
|
||||
@@ -11953,7 +11960,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
};
|
||||
var _RegistryClient_instances, _RegistryClient_baseURL, _RegistryClient_repository, _RegistryClient_fetch, _RegistryClient_fetchDistributionToken, _RegistryClient_fetchOAuth2Token;
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.RegistryClient = void 0;
|
||||
exports.RegistryClient = exports.ZERO_DIGEST = void 0;
|
||||
/*
|
||||
Copyright 2023 The Sigstore Authors.
|
||||
|
||||
@@ -11980,6 +11987,7 @@ const ALL_MANIFEST_MEDIA_TYPES = [
|
||||
constants_1.CONTENT_TYPE_DOCKER_MANIFEST,
|
||||
constants_1.CONTENT_TYPE_DOCKER_MANIFEST_LIST,
|
||||
].join(',');
|
||||
exports.ZERO_DIGEST = 'sha256:0000000000000000000000000000000000000000000000000000000000000000';
|
||||
class RegistryClient {
|
||||
constructor(registry, repository, opts) {
|
||||
_RegistryClient_instances.add(this);
|
||||
@@ -12115,6 +12123,11 @@ class RegistryClient {
|
||||
subjectDigest,
|
||||
};
|
||||
}
|
||||
// Returns true if the registry supports the referrers API
|
||||
async pingReferrers() {
|
||||
const response = await __classPrivateFieldGet(this, _RegistryClient_fetch, "f").call(this, `${__classPrivateFieldGet(this, _RegistryClient_baseURL, "f")}/v2/${__classPrivateFieldGet(this, _RegistryClient_repository, "f")}/referrers/${exports.ZERO_DIGEST}`);
|
||||
return response.status === 200;
|
||||
}
|
||||
static digest(blob) {
|
||||
const hash = node_crypto_1.default.createHash('sha256');
|
||||
hash.update(blob);
|
||||
|
||||
18
package-lock.json
generated
18
package-lock.json
generated
@@ -1,18 +1,18 @@
|
||||
{
|
||||
"name": "actions/attest",
|
||||
"version": "1.2.0",
|
||||
"version": "1.2.1",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "actions/attest",
|
||||
"version": "1.2.0",
|
||||
"version": "1.2.1",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/attest": "^1.2.1",
|
||||
"@actions/core": "^1.10.1",
|
||||
"@actions/glob": "^0.4.0",
|
||||
"@sigstore/oci": "^0.3.4",
|
||||
"@sigstore/oci": "^0.3.6",
|
||||
"csv-parse": "^5.5.6"
|
||||
},
|
||||
"devDependencies": {
|
||||
@@ -1729,9 +1729,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@sigstore/oci": {
|
||||
"version": "0.3.4",
|
||||
"resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.4.tgz",
|
||||
"integrity": "sha512-ydRTsvHOmLWnlR2BTtG1pHYvLkHG/oaqVyd2WDkfLU7B3dIWfqavE80VCzidNWuZpXN7m8+uBNatus2Qva1ktA==",
|
||||
"version": "0.3.6",
|
||||
"resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.6.tgz",
|
||||
"integrity": "sha512-nv/uHEHj6AbzGcBg1Cs7EsetB0M+N8GW1wYA26KQT6ymirv5UWUtqx9L1hbJjClpQ6/8R0vYXCpunvic2O1jfg==",
|
||||
"dependencies": {
|
||||
"make-fetch-happen": "^13.0.1",
|
||||
"proc-log": "^4.2.0"
|
||||
@@ -9838,9 +9838,9 @@
|
||||
}
|
||||
},
|
||||
"@sigstore/oci": {
|
||||
"version": "0.3.4",
|
||||
"resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.4.tgz",
|
||||
"integrity": "sha512-ydRTsvHOmLWnlR2BTtG1pHYvLkHG/oaqVyd2WDkfLU7B3dIWfqavE80VCzidNWuZpXN7m8+uBNatus2Qva1ktA==",
|
||||
"version": "0.3.6",
|
||||
"resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.6.tgz",
|
||||
"integrity": "sha512-nv/uHEHj6AbzGcBg1Cs7EsetB0M+N8GW1wYA26KQT6ymirv5UWUtqx9L1hbJjClpQ6/8R0vYXCpunvic2O1jfg==",
|
||||
"requires": {
|
||||
"make-fetch-happen": "^13.0.1",
|
||||
"proc-log": "^4.2.0"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "actions/attest",
|
||||
"description": "Generate signed attestations for workflow artifacts",
|
||||
"version": "1.2.0",
|
||||
"version": "1.2.1",
|
||||
"author": "",
|
||||
"private": true,
|
||||
"homepage": "https://github.com/actions/attest",
|
||||
@@ -72,7 +72,7 @@
|
||||
"@actions/attest": "^1.2.1",
|
||||
"@actions/core": "^1.10.1",
|
||||
"@actions/glob": "^0.4.0",
|
||||
"@sigstore/oci": "^0.3.4",
|
||||
"@sigstore/oci": "^0.3.6",
|
||||
"csv-parse": "^5.5.6"
|
||||
},
|
||||
"devDependencies": {
|
||||
|
||||
Reference in New Issue
Block a user