actions/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:v0.1.0
Branches Tags
actions:main
actions:v4 actions:v4.1.0 actions:v4.0.0 actions:v3.2.0 actions:v3.1.0 actions:v3 actions:v3.0.0 actions:v2 actions:v2.4.0 actions:v2.3.0 actions:v2.2.1 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v1 actions:v1.4.1 actions:v1.4.0 actions:v1.3.3 actions:v1.3.2 actions:v1.3.1 actions:v1.3.0 actions:v1.2.1 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.0 actions:v0.1.1 actions:v0.1.0
..
compare: actions:v0.1.1
Branches Tags
actions:main
actions:v4 actions:v4.1.0 actions:v4.0.0 actions:v3.2.0 actions:v3.1.0 actions:v3 actions:v3.0.0 actions:v2 actions:v2.4.0 actions:v2.3.0 actions:v2.2.1 actions:v2.2.0 actions:v2.1.0 actions:v2.0.1 actions:v2.0.0 actions:v1 actions:v1.4.1 actions:v1.4.0 actions:v1.3.3 actions:v1.3.2 actions:v1.3.1 actions:v1.3.0 actions:v1.2.1 actions:v1.2.0 actions:v1.1.2 actions:v1.1.1 actions:v1.1.0 actions:v1.0.0 actions:v0.1.1 actions:v0.1.0

3 Commits
v0.1.0 ... v0.1.1

Author SHA1 Message Date
dependabot[bot]
082274a94f Bump the npm-development group with 3 updates (#22) 
* Bump the npm-development group with 3 updates

Bumps the npm-development group with 3 updates: [@sigstore/mock](https://github.com/sigstore/sigstore-js), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [typescript](https://github.com/Microsoft/TypeScript).


Updates `@sigstore/mock` from 0.6.5 to 0.7.0
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/mock@0.6.5...@sigstore/mock@0.7.0)

Updates `@types/node` from 20.11.24 to 20.11.26
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript` from 5.3.3 to 5.4.2
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.3.3...v5.4.2)

---
updated-dependencies:
- dependency-name: "@sigstore/mock"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix-up dev dep interactions

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-03-13 09:06:37 -07:00
Brian DeHamer
0f48753020 bump @sigstore/oci from 0.1.0 to 0.2.0 (#25) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-03-12 15:14:50 -07:00
Brian DeHamer
96830cdd3b add release instructions (#21) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-03-06 19:31:28 -05:00
5 changed files with 1838 additions and 1043 deletions
Expand all files Collapse all files

16
RELEASE.md Normal file
View File

@@ -0,0 +1,16 @@
# Release Instructions
Follow the steps below to tag a new release for the `actions/attest` action.
1. Merge the latest changes to the `main` branch.
1. Create a new release using a tag of the form `vX.X.X` following SemVer
conventions:
```shell
gh release create vX.X.X
```
1. As appropriate, update any actions like
[`actions/attest-build-provenance`](https://github.com/actions/attest-build-provenance)
and [`actions/attest-sbom`](https://github.com/actions/attest-sbom) which
have a dependency on `actions/attest`

34
dist/index.js generated vendored
View File

@@ -11349,7 +11349,7 @@ const constants_1 = __nccwpck_require__(1319);
const error_1 = __nccwpck_require__(64);
const registry_1 = __nccwpck_require__(7464);
const EMPTY_BLOB = Buffer.from('{}');
const DOWNGRADE_REGISTRIES = ['docker.io', 'amazonaws.com'];
const DOWNGRADE_REGISTRIES = ['amazonaws.com'];
class OCIImage {
constructor(image, creds, opts) {
_OCIImage_instances.add(this);
@@ -11389,15 +11389,12 @@ class OCIImage {
});
/* istanbul ignore if */
if (__classPrivateFieldGet(this, _OCIImage_downgrade, "f")) {
delete manifest.subject;
delete manifest.artifactType;
// ECR can't handle media types with parameters, so we need to strip the
// version parameter from the Sigstore bundle media type.
manifest.artifactType = manifest.artifactType
? manifest.artifactType.replace(/;.*/, '')
: undefined;
manifest.layers[0].mediaType = manifest.layers[0].mediaType.replace(/;.*/, '');
// ECR can't handle the "application/vnd.oci.empty.v1+json" media type
// for the config blob defined in OCI 1.1, so we need to use the Docker
// V2 API media type
manifest.config.mediaType = 'application/vnd.oci.image.config.v1+json';
}
// Upload artifact manifest
artifactDescriptor = await __classPrivateFieldGet(this, _OCIImage_client, "f").uploadManifest(JSON.stringify(manifest));
@@ -11423,6 +11420,21 @@ class OCIImage {
}
return artifactDescriptor;
}
async getDigest(tag) {
try {
if (__classPrivateFieldGet(this, _OCIImage_credentials, "f")) {
await __classPrivateFieldGet(this, _OCIImage_client, "f").signIn(__classPrivateFieldGet(this, _OCIImage_credentials, "f"));
}
const imageDescriptor = await __classPrivateFieldGet(this, _OCIImage_client, "f").checkManifest(tag);
return imageDescriptor.digest;
}
catch (err) {
throw new error_1.OCIError({
message: `Error retrieving image digest from container registry`,
cause: err,
});
}
}
}
exports.OCIImage = OCIImage;
_OCIImage_client = new WeakMap(), _OCIImage_credentials = new WeakMap(), _OCIImage_downgrade = new WeakMap(), _OCIImage_instances = new WeakSet(), _OCIImage_createReferrersIndexByTag =
@@ -11495,7 +11507,7 @@ const digestToTag = (digest) => {
"use strict";
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.attachArtifactToImage = exports.OCIError = exports.getRegistryCredentials = void 0;
exports.getImageDigest = exports.attachArtifactToImage = exports.OCIError = exports.getRegistryCredentials = void 0;
const image_1 = __nccwpck_require__(9539);
const name_1 = __nccwpck_require__(4520);
var credentials_1 = __nccwpck_require__(5475);
@@ -11510,6 +11522,12 @@ const attachArtifactToImage = async (opts) => {
return new image_1.OCIImage(image, opts.credentials, opts.fetchOpts).addArtifact(opts);
};
exports.attachArtifactToImage = attachArtifactToImage;
// Returns the digest of the given image tag in the remote registry.
const getImageDigest = async (opts) => {
const image = (0, name_1.parseImageName)(opts.imageName);
return new image_1.OCIImage(image, opts.credentials, opts.fetchOpts).getDigest(opts.imageTag);
};
exports.getImageDigest = getImageDigest;
/***/ }),

2759
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

13
package.json
View File

@@ -73,18 +73,19 @@
"@actions/attest": "^1.0.0",
"@actions/core": "^1.10.1",
"@actions/glob": "^0.4.0",
"@sigstore/oci": "^0.1.0"
"@sigstore/oci": "^0.2.0"
},
"devDependencies": {
"@sigstore/mock": "^0.6.5",
"@sigstore/mock": "^0.7.0",
"@types/jest": "^29.5.12",
"@types/make-fetch-happen": "^10.0.4",
"@types/node": "^20.11.24",
"@typescript-eslint/parser": "^6.21.0",
"@types/node": "^20.11.26",
"@typescript-eslint/eslint-plugin": "^7.2.0",
"@typescript-eslint/parser": "^7.2.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-plugin-github": "^4.10.2",
"eslint-plugin-jest": "^27.8.0",
"eslint-plugin-jest": "^27.9.0",
"eslint-plugin-jsonc": "^2.13.0",
"eslint-plugin-prettier": "^5.1.3",
"jest": "^29.7.0",
@@ -94,6 +95,6 @@
"prettier": "^3.2.5",
"prettier-eslint": "^16.3.0",
"ts-jest": "^29.1.2",
"typescript": "^5.3.3"
"typescript": "^5.4.2"
}
}

59
script/release
View File

@@ -1,59 +0,0 @@
#!/bin/bash
# About:
#
# This is a helper script to tag and push a new release. GitHub Actions use
# release tags to allow users to select a specific version of the action to use.
#
# See: https://github.com/actions/typescript-action#publishing-a-new-release
#
# This script will do the following:
#
# 1. Get the latest release tag
# 2. Prompt the user for a new release tag
# 3. Tag the new release
# 4. Push the new tag to the remote
#
# Usage:
#
# script/release
# Terminal colors
OFF='\033[0m'
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
# Get the latest release tag
latest_tag=$(git describe --tags "$(git rev-list --tags --max-count=1)")
if [[ -z "$latest_tag" ]]; then
# There are no existing release tags
echo -e "No tags found (yet) - Continue to create and push your first tag"
latest_tag="[unknown]"
fi
# Display the latest release tag
echo -e "The latest release tag is: ${BLUE}${latest_tag}${OFF}"
# Prompt the user for the new release tag
read -r -p 'Enter a new release tag (vX.X.X format): ' new_tag
# Validate the new release tag
tag_regex='v[0-9]+\.[0-9]+\.[0-9]+$'
if echo "$new_tag" | grep -q -E "$tag_regex"; then
echo -e "Tag: ${BLUE}$new_tag${OFF} is valid"
else
# Release tag is not `vX.X.X` format
echo -e "Tag: ${BLUE}$new_tag${OFF} is ${RED}not valid${OFF} (must be in vX.X.X format)"
exit 1
fi
# Tag the new release
git tag -a "$new_tag" -m "$new_tag Release"
echo -e "${GREEN}Tagged: $new_tag${OFF}"
# Push the new tag to the remote
git push --tags
echo -e "${GREEN}Release tag pushed to remote${OFF}"
echo -e "${GREEN}Done!${OFF}"