name: Continuous Integration on: pull_request: branches: - main push: branches: - main - 'releases/*' permissions: {} jobs: test-typescript: name: TypeScript Tests runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout id: checkout uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1 - name: Setup Node.js id: setup-node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: .node-version cache: npm - name: Install Dependencies id: npm-ci run: npm ci - name: Check Format id: npm-format-check run: npm run format:check - name: Lint id: npm-lint run: npm run lint - name: Test id: npm-ci-test run: npm run ci-test test-attest: name: Test attest action runs-on: ubuntu-latest permissions: contents: read attestations: write id-token: write env: SUBJECT: /repos/${{ github.repository }}/tarball/${{ github.sha }} steps: - name: Checkout id: checkout uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1 - name: Calculate subject digest id: subject env: GH_TOKEN: ${{ github.token }} run: | SHA_256=$(gh api "${{ env.SUBJECT }}" | shasum -a 256 | cut -d " " -f 1) echo "sha-256=${SHA_256}" >> "$GITHUB_OUTPUT" - name: Run attest id: attest env: INPUT_PRIVATE-SIGNING: 'true' uses: ./ with: subject-name: 'https://api.github.com${{ env.SUBJECT }}' subject-digest: 'sha256:${{ steps.subject.outputs.sha-256 }}' predicate-type: 'https://in-toto.io/attestation/release/v0.1' predicate: '{"purl":"pkg:github/${{ github.repository }}@${{ github.sha }}"}' - name: Dump output run: jq < ${{ steps.attest.outputs.bundle-path }}