actions/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
218 Commits 1 Branch 30 Tags
v3.2.0
Commit Graph

36 Commits

Author SHA1 Message Date
Meredith Lancaster
20eb46ce7a Validate repository org-ownership before storage record creation (#328) 
* check if the repository is owned by org before attempting storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* linter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* generate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add fixtures for repoOwnerIsOrg function

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up fixtures

Signed-off-by: Meredith Lancaster <malancas@github.com>

* more clean up

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix function declaration

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up fixtures

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add test when repo is not owned by org

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more expect statements, clean up mock calls

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more spy expect statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2026-01-26 08:31:21 -08:00
Meredith Lancaster
7667f588f2 Create Artifact Metadata Storage Record on registry push (#313) 
* first pass at creating storage record

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include storage record param in action config

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use latest actions/attest version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update storage record params

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include storage record id in result

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add documentation on storage records

Signed-off-by: Meredith Lancaster <malancas@github.com>

* log storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add storage record output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add new param

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add storage record id output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix linter errors

Signed-off-by: Meredith Lancaster <malancas@github.com>

* return all storage record ids

Signed-off-by: Meredith Lancaster <malancas@github.com>

* bump minor version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use expect string match function

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add try catch block for storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix table column spacing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for protocol

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for artifact url protocol

Signed-off-by: Meredith Lancaster <malancas@github.com>

* only fill registry_url for now

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup protocol handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* handle subject name correctly

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add back assert statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add back output assert statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* use url for subject name parsing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add missing test setpu

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix storage record fail test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-18 11:30:45 -08:00
Brian DeHamer
daf44fb950 improved checksum parsing (#280) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-08-26 16:07:15 -07:00
dependabot[bot]
03074e1180 Bump jest and @types/jest (#255) 
* Bump jest and @types/jest

Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest). These dependencies needed to be updated together.

Updates `jest` from 29.7.0 to 30.0.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.0.0/packages/jest)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: jest
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* test coverage hints

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* enable ts isolated modules

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-06-17 09:51:59 -07:00
Fredrik Skogman
6a89e12864 Add path to created attestation in a well-known summary file (#252) 
* Added a new output file, where the path on local disk to each created
attestation is stored. One attestation per line.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

* Added a section to the readme about the paths file

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

* store the file in RUNNER_TEMP

* Ignore writing summary file for created attestations if runner_temp is not set.

* prettier updates

---------

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
 2025-06-11 15:53:32 +02:00
Brian DeHamer
38bcf9b1c5 New subject-checksums input param (#198) 
* new subject-checksums input param

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* check for valid hex string for digest

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-01-21 10:32:02 -08:00
Brian DeHamer
bfa7e6911b Update eslint from 8.x to 9.x (#185) 
* remove eslint prettier plugins

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* eslint upgrade

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* source fixup

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-13 15:25:52 -08:00
Brian DeHamer
94d0d43131 add attestation-id and attestation-url outputs (#181) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-09 09:56:33 -08:00
Brian DeHamer
65e34a8aa7 deduplicate subjects before adding to statement (#180) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-06 07:14:14 -08:00
Brian DeHamer
a2d6fee37e readme updates for v2 release (#173) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-11-21 12:53:27 -08:00
Brian DeHamer
85e94cb741 support multi-subject attestations (#164) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-11-05 09:16:07 -08:00
Brian DeHamer
97f7cf8914 add show-summary input (#108) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-07-30 11:27:18 -07:00
Brian DeHamer
f1338058bc format summary output as list (#105) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-07-24 14:31:01 -07:00
Brian DeHamer
68a047fd01 bugfix for glob exclude patterns (#100) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-07-09 07:55:19 -07:00
Brian DeHamer
8afbcf6e5e increase timeout for OCI operations (#92) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-17 06:51:46 -07:00
Brian DeHamer
4fa34e85c5 enforce 16MB limit on predicate size (#80) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-03 09:41:25 -07:00
Brian DeHamer
9e752e3d76 batch processing w/ exponential backoff (#79) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-06-03 07:56:25 -07:00
Brian DeHamer
5b17eb7cb0 fix bug w/ private-signing input (#77) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-28 13:26:14 -07:00
Brian DeHamer
faa6467995 refactor core attestation logic (#73) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-28 11:00:03 -07:00
Brian DeHamer
3ff4eb4c69 centralize collection of action inputs (#72) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-24 11:01:44 -07:00
Brian DeHamer
80d9f23382 process subjects in batches (#67) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-22 07:55:00 -07:00
Brian DeHamer
38ff958ab6 downcase subject name for OCI images (#63) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-14 08:11:10 -07:00
Brian DeHamer
3f67a24e31 bump @sigstore/oci from 0.3.0 to 0.3.2 (#61) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-10 08:10:56 -07:00
Brian DeHamer
58fa41a101 send api errors to gha debug log (#59) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-09 12:34:14 -07:00
Brian DeHamer
b0d8b47eb7 include more detail in error logging (#58) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-09 12:34:01 -07:00
Brian DeHamer
d442d85e12 ensure subject globs match only files (#54) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-06 11:52:03 -07:00
Brian DeHamer
c58d52c41d limit attestation subject count (#53) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-06 11:51:42 -07:00
Brian DeHamer
94082a9d2e add list support for subjectPath input (#51) 
* add list support for subjectPath input

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* bump package version to 1.1.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-05-06 08:32:02 -07:00
Brian DeHamer
495f094150 tweak summary output (#43) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-04-26 13:23:19 -07:00
Brian DeHamer
a6dded75c9 bump @actions/attest from 1.1.0 to 1.2.1 (#41) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-04-25 11:03:54 -07:00
Brian DeHamer
fe2f1fbc42 update annotation scheme for OCI bundles (#29) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-04-22 09:41:18 -07:00
Brian DeHamer
3b95763d7e more test coverage (#18) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-29 17:02:56 -08:00
Brian DeHamer
525454b125 choose proper sigstore instance when attesting (#11) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-02-27 16:47:20 -08:00
ejahnGithub
d83c83490f fixed pr 2024-02-23 08:41:44 -08:00
ejahnGithub
e3c685d193 init attest action 2024-02-22 07:53:51 -08:00
Brian DeHamer
aaaeb08d4e Initial commit 2024-02-20 11:22:22 -08:00