From 36cc95143cb536d52430a97ab61c5cf1ee9fef06 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 29 Oct 2025 10:27:42 +0100 Subject: [PATCH] sigstore class to sign buildkit provenance blobs Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/test.yml | 3 + .../multi/linux_amd64/provenance.json | 725 ++++++++++++++++++ .../multi/linux_arm64/provenance.json | 725 ++++++++++++++++++ .../.fixtures/sigstore/single/provenance.json | 725 ++++++++++++++++++ __tests__/sigstore/sigstore.test.itg.ts | 59 ++ package.json | 5 + src/sigstore/sigstore.ts | 156 ++++ src/types/intoto/intoto.ts | 6 + yarn.lock | 707 ++++++++++++++++- 9 files changed, 3102 insertions(+), 9 deletions(-) create mode 100644 __tests__/.fixtures/sigstore/multi/linux_amd64/provenance.json create mode 100644 __tests__/.fixtures/sigstore/multi/linux_arm64/provenance.json create mode 100644 __tests__/.fixtures/sigstore/single/provenance.json create mode 100644 __tests__/sigstore/sigstore.test.itg.ts create mode 100644 src/sigstore/sigstore.ts diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 608a87f..7d86bbc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -146,6 +146,9 @@ jobs: fail-fast: false matrix: include: ${{ fromJson(needs.prepare-itg.outputs.includes) }} + permissions: + contents: read + id-token: write # needed for signing with GitHub OIDC Token steps: - name: Checkout diff --git a/__tests__/.fixtures/sigstore/multi/linux_amd64/provenance.json b/__tests__/.fixtures/sigstore/multi/linux_amd64/provenance.json new file mode 100644 index 0000000..ca7bf82 --- /dev/null +++ b/__tests__/.fixtures/sigstore/multi/linux_amd64/provenance.json @@ -0,0 +1,725 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v1", + "subject": [ + { + "name": "myapp", + "digest": { + "sha256": "2a941bf575c9d943145d990615782173a81214447bb106af5d98456d378530de" + } + } + ], + "predicate": { + "buildDefinition": { + "buildType": "https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-definitions.md", + "resolvedDependencies": [ + { + "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1", + "digest": { + "sha256": "e930c2697be77cb7271d316ecfa78768b5eac73de3b16018ed38eb0ea0b5a7cb" + } + }, + { + "uri": "pkg:docker/docker/dockerfile@1", + "digest": { + "sha256": "b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6" + } + }, + { + "uri": "pkg:docker/golang@1.25-alpine?platform=linux%2Famd64", + "digest": { + "sha256": "aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34" + } + }, + { + "uri": "pkg:docker/tonistiigi/xx@1.7.0?platform=linux%2Famd64", + "digest": { + "sha256": "010d4b66aed389848b0694f91c7aaee9df59a6f20be7f5d12e53663a37bd14e2" + } + }, + { + "uri": "https://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "digest": { + "sha1": "f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + } + } + ], + "externalParameters": { + "configSource": { + "uri": "https://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "digest": { + "sha1": "f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + }, + "path": "Dockerfile" + }, + "request": { + "frontend": "gateway.v0", + "args": { + "cmdline": "docker/dockerfile:1", + "source": "docker/dockerfile:1" + }, + "secrets": [ + { + "id": "GIT_AUTH_HEADER", + "optional": true + }, + { + "id": "GIT_AUTH_TOKEN", + "optional": true + } + ] + } + }, + "internalParameters": { + "buildConfig": { + "digestMapping": { + "sha256:0c051f8b602965c35bbb5fc740b4d16ced9b5ec91141bfc82414ea4ebac8f389": "step6", + "sha256:1b79692851a53ae526c956b915846f7ffb95edf257cc082548e64cfc886f3eb8": "step7", + "sha256:1f4a4008f77e0fd66e5e405280ee9b3f1968beac6a3f28c110b31d15b8cd472a": "step2", + "sha256:2030d53ec35fa99af0f54fca7548a9665ec96f2514ba3cbc1b19c9f5c7cec173": "step0", + "sha256:4fcabdc8e56358c8b9a740d0bf712ef67bc33786112213b9071132a6d595b56f": "step5", + "sha256:60898748e8b2996ff10a3ba158e0e8f52b8f285ff74d92657a43cf02bccc118a": "step8", + "sha256:717558c6da2ccb95acf2519318ee6f40d7ffbb1f63b0a9d211ffbc1a1d0e345f": "step4", + "sha256:d4b5a8c2437dc07cb5a1884896309711c899ee3557268d10b66818dd93f13784": "step1", + "sha256:dc0d490768523aa0ed6c1a7c68c5884e1a18e9b7a8c36a0a983edbe17a9bb89e": "step3" + }, + "llbDefinition": [ + { + "id": "step0", + "op": { + "Op": { + "source": { + "identifier": "docker-image://docker.io/library/golang:1.25-alpine@sha256:aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34" + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step1", + "op": { + "Op": { + "source": { + "identifier": "docker-image://docker.io/tonistiigi/xx:1.7.0@sha256:010d4b66aed389848b0694f91c7aaee9df59a6f20be7f5d12e53663a37bd14e2" + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step2", + "inputs": [ + "step0:0", + "step1:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "copy": { + "allowEmptyWildcard": true, + "allowWildcard": true, + "createDestPath": true, + "dest": "/", + "dirCopyContents": true, + "followSymlink": true, + "mode": -1, + "src": "/", + "timestamp": -1 + } + }, + "input": 0, + "output": 0, + "secondaryInput": 1 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step3", + "inputs": [ + "step2:0" + ], + "op": { + "Op": { + "exec": { + "meta": { + "args": [ + "/bin/sh", + "-c", + "apk add --no-cache file git" + ], + "cwd": "/go", + "env": [ + "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOLANG_VERSION=1.25.3", + "GOTOOLCHAIN=local", + "GOPATH=/go" + ], + "removeMountStubsRecursive": true + }, + "mounts": [ + { + "dest": "/" + } + ] + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step4", + "inputs": [ + "step3:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "mkdir": { + "makeParents": true, + "mode": 493, + "path": "/src", + "timestamp": -1 + } + }, + "input": 0, + "output": 0, + "secondaryInput": -1 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step5", + "op": { + "Op": { + "source": { + "attrs": { + "git.authheadersecret": "GIT_AUTH_HEADER", + "git.authtokensecret": "GIT_AUTH_TOKEN", + "git.fullurl": "https://github.com/docker/github-builder-test.git" + }, + "identifier": "git://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + } + }, + "constraints": {} + } + }, + { + "id": "step6", + "inputs": [ + "step4:0", + "step5:0" + ], + "op": { + "Op": { + "exec": { + "meta": { + "args": [ + "/bin/sh", + "-c", + "xx-go build -trimpath -o /out/myapp . \u0026\u0026 xx-verify --static /out/myapp" + ], + "cwd": "/src", + "env": [ + "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOLANG_VERSION=1.25.3", + "GOTOOLCHAIN=local", + "GOPATH=/go", + "CGO_ENABLED=0", + "TARGETPLATFORM=linux/amd64" + ], + "removeMountStubsRecursive": true + }, + "mounts": [ + { + "dest": "/" + }, + { + "cacheOpt": { + "ID": "//root/.cache" + }, + "dest": "/root/.cache", + "input": -1, + "mountType": 3, + "output": -1 + }, + { + "dest": "/src", + "input": 1, + "output": -1, + "readonly": true + } + ] + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step7", + "inputs": [ + "step6:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "copy": { + "allowEmptyWildcard": true, + "allowWildcard": true, + "createDestPath": true, + "dest": "/", + "dirCopyContents": true, + "followSymlink": true, + "mode": -1, + "src": "/out", + "timestamp": -1 + } + }, + "input": -1, + "output": 0, + "secondaryInput": 0 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step8", + "inputs": [ + "step7:0" + ], + "op": { + "Op": {} + } + } + ] + }, + "builderPlatform": "linux/amd64", + "github_event_name": "workflow_dispatch", + "github_event_payload": { + "enterprise": { + "avatar_url": "https://avatars.githubusercontent.com/b/19176?v=4", + "created_at": "2022-12-30T23:53:17Z", + "description": null, + "html_url": "https://github.com/enterprises/docker", + "id": 19176, + "name": "Docker", + "node_id": "E_kgDNSug", + "slug": "docker", + "updated_at": "2025-10-20T20:39:05Z", + "website_url": null + }, + "inputs": null, + "organization": { + "avatar_url": "https://avatars.githubusercontent.com/u/5429470?v=4", + "description": "Docker helps developers bring their ideas to life by conquering the complexity of app development.", + "events_url": "https://api.github.com/orgs/docker/events", + "hooks_url": "https://api.github.com/orgs/docker/hooks", + "id": 5429470, + "issues_url": "https://api.github.com/orgs/docker/issues", + "login": "docker", + "members_url": "https://api.github.com/orgs/docker/members{/member}", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=", + "public_members_url": "https://api.github.com/orgs/docker/public_members{/member}", + "repos_url": "https://api.github.com/orgs/docker/repos", + "url": "https://api.github.com/orgs/docker" + }, + "ref": "refs/heads/main", + "repository": { + "allow_forking": true, + "archive_url": "https://api.github.com/repos/docker/github-builder-test/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/docker/github-builder-test/assignees{/user}", + "blobs_url": "https://api.github.com/repos/docker/github-builder-test/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/docker/github-builder-test/branches{/branch}", + "clone_url": "https://github.com/docker/github-builder-test.git", + "collaborators_url": "https://api.github.com/repos/docker/github-builder-test/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/docker/github-builder-test/comments{/number}", + "commits_url": "https://api.github.com/repos/docker/github-builder-test/commits{/sha}", + "compare_url": "https://api.github.com/repos/docker/github-builder-test/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/docker/github-builder-test/contents/{+path}", + "contributors_url": "https://api.github.com/repos/docker/github-builder-test/contributors", + "created_at": "2025-08-19T08:08:29Z", + "custom_properties": {}, + "default_branch": "main", + "deployments_url": "https://api.github.com/repos/docker/github-builder-test/deployments", + "description": "Test repo for https://github.com/docker/github-builder-experimental", + "disabled": false, + "downloads_url": "https://api.github.com/repos/docker/github-builder-test/downloads", + "events_url": "https://api.github.com/repos/docker/github-builder-test/events", + "fork": false, + "forks": 0, + "forks_count": 0, + "forks_url": "https://api.github.com/repos/docker/github-builder-test/forks", + "full_name": "docker/github-builder-test", + "git_commits_url": "https://api.github.com/repos/docker/github-builder-test/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/docker/github-builder-test/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/docker/github-builder-test/git/tags{/sha}", + "git_url": "git://github.com/docker/github-builder-test.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": false, + "has_pages": false, + "has_projects": false, + "has_wiki": false, + "homepage": null, + "hooks_url": "https://api.github.com/repos/docker/github-builder-test/hooks", + "html_url": "https://github.com/docker/github-builder-test", + "id": 1040594287, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/docker/github-builder-test/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/docker/github-builder-test/issues/events{/number}", + "issues_url": "https://api.github.com/repos/docker/github-builder-test/issues{/number}", + "keys_url": "https://api.github.com/repos/docker/github-builder-test/keys{/key_id}", + "labels_url": "https://api.github.com/repos/docker/github-builder-test/labels{/name}", + "language": "Dockerfile", + "languages_url": "https://api.github.com/repos/docker/github-builder-test/languages", + "license": null, + "merges_url": "https://api.github.com/repos/docker/github-builder-test/merges", + "milestones_url": "https://api.github.com/repos/docker/github-builder-test/milestones{/number}", + "mirror_url": null, + "name": "github-builder-test", + "node_id": "R_kgDOPgY1bw", + "notifications_url": "https://api.github.com/repos/docker/github-builder-test/notifications{?since,all,participating}", + "open_issues": 0, + "open_issues_count": 0, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/5429470?v=4", + "events_url": "https://api.github.com/users/docker/events{/privacy}", + "followers_url": "https://api.github.com/users/docker/followers", + "following_url": "https://api.github.com/users/docker/following{/other_user}", + "gists_url": "https://api.github.com/users/docker/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/docker", + "id": 5429470, + "login": "docker", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=", + "organizations_url": "https://api.github.com/users/docker/orgs", + "received_events_url": "https://api.github.com/users/docker/received_events", + "repos_url": "https://api.github.com/users/docker/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/docker/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/docker/subscriptions", + "type": "Organization", + "url": "https://api.github.com/users/docker", + "user_view_type": "public" + }, + "private": true, + "pulls_url": "https://api.github.com/repos/docker/github-builder-test/pulls{/number}", + "pushed_at": "2025-10-22T14:08:38Z", + "releases_url": "https://api.github.com/repos/docker/github-builder-test/releases{/id}", + "size": 24, + "ssh_url": "git@github.com:docker/github-builder-test.git", + "stargazers_count": 0, + "stargazers_url": "https://api.github.com/repos/docker/github-builder-test/stargazers", + "statuses_url": "https://api.github.com/repos/docker/github-builder-test/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/docker/github-builder-test/subscribers", + "subscription_url": "https://api.github.com/repos/docker/github-builder-test/subscription", + "svn_url": "https://github.com/docker/github-builder-test", + "tags_url": "https://api.github.com/repos/docker/github-builder-test/tags", + "teams_url": "https://api.github.com/repos/docker/github-builder-test/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/docker/github-builder-test/git/trees{/sha}", + "updated_at": "2025-10-22T14:08:42Z", + "url": "https://api.github.com/repos/docker/github-builder-test", + "visibility": "internal", + "watchers": 0, + "watchers_count": 0, + "web_commit_signoff_required": false + }, + "sender": { + "avatar_url": "https://avatars.githubusercontent.com/u/1951866?v=4", + "events_url": "https://api.github.com/users/crazy-max/events{/privacy}", + "followers_url": "https://api.github.com/users/crazy-max/followers", + "following_url": "https://api.github.com/users/crazy-max/following{/other_user}", + "gists_url": "https://api.github.com/users/crazy-max/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/crazy-max", + "id": 1951866, + "login": "crazy-max", + "node_id": "MDQ6VXNlcjE5NTE4NjY=", + "organizations_url": "https://api.github.com/users/crazy-max/orgs", + "received_events_url": "https://api.github.com/users/crazy-max/received_events", + "repos_url": "https://api.github.com/users/crazy-max/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/crazy-max/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/crazy-max/subscriptions", + "type": "User", + "url": "https://api.github.com/users/crazy-max", + "user_view_type": "public" + }, + "workflow": ".github/workflows/ci.yml" + } + } + }, + "runDetails": { + "builder": { + "id": "https://github.com/docker/github-builder-test/actions/runs/18720329526/attempts/1" + }, + "metadata": { + "invocationID": "3lb9gejzb3ondafiy8szq6pza", + "startedOn": "2025-10-22T14:53:42.019047245Z", + "finishedOn": "2025-10-22T14:54:12.811607358Z", + "buildkit_metadata": { + "source": { + "locations": { + "step0": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 8 + }, + "end": { + "line": 8 + } + } + ] + } + ] + }, + "step1": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 6 + }, + "end": { + "line": 6 + } + } + ] + } + ] + }, + "step2": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 9 + }, + "end": { + "line": 9 + } + } + ] + } + ] + }, + "step3": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 10 + }, + "end": { + "line": 10 + } + } + ] + } + ] + }, + "step4": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 12 + }, + "end": { + "line": 12 + } + } + ] + } + ] + }, + "step5": {}, + "step6": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 16 + }, + "end": { + "line": 16 + } + }, + { + "start": { + "line": 17 + }, + "end": { + "line": 17 + } + }, + { + "start": { + "line": 18 + }, + "end": { + "line": 18 + } + }, + { + "start": { + "line": 19 + }, + "end": { + "line": 19 + } + } + ] + } + ] + }, + "step7": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 23 + }, + "end": { + "line": 23 + } + } + ] + } + ] + } + }, + "infos": [ + { + "filename": "Dockerfile", + "language": "Dockerfile", + "data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGU6MQoKQVJHIEdPX1ZFUlNJT049IjEuMjUiCgojIHh4IGlzIGEgaGVscGVyIGZvciBjcm9zcy1jb21waWxhdGlvbgpGUk9NIC0tcGxhdGZvcm09JEJVSUxEUExBVEZPUk0gdG9uaXN0aWlnaS94eDoxLjcuMCBBUyB4eAoKRlJPTSAtLXBsYXRmb3JtPSRCVUlMRFBMQVRGT1JNIGdvbGFuZzoke0dPX1ZFUlNJT059LWFscGluZSBBUyBiYXNlCkNPUFkgLS1mcm9tPXh4IC8gLwpSVU4gYXBrIGFkZCAtLW5vLWNhY2hlIGZpbGUgZ2l0CkVOViBDR09fRU5BQkxFRD0wCldPUktESVIgL3NyYwoKRlJPTSBiYXNlIEFTIGJ1aWxkCkFSRyBUQVJHRVRQTEFURk9STQpSVU4gLS1tb3VudD10eXBlPWJpbmQsdGFyZ2V0PS4gXAogICAgLS1tb3VudD10YXJnZXQ9L3Jvb3QvLmNhY2hlLHR5cGU9Y2FjaGUgXAogIHh4LWdvIGJ1aWxkIC10cmltcGF0aCAtbyAvb3V0L215YXBwIC4gXAogICYmIHh4LXZlcmlmeSAtLXN0YXRpYyAvb3V0L215YXBwCkFSRyBCVUlMREtJVF9TQk9NX1NDQU5fU1RBR0U9dHJ1ZQoKRlJPTSBzY3JhdGNoCkNPUFkgLS1mcm9tPWJ1aWxkIC9vdXQgLwo=", + "llbDefinition": [ + { + "id": "step0", + "op": { + "Op": { + "source": { + "identifier": "git://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "attrs": { + "git.authheadersecret": "GIT_AUTH_HEADER", + "git.authtokensecret": "GIT_AUTH_TOKEN", + "git.fullurl": "https://github.com/docker/github-builder-test.git" + } + } + }, + "constraints": {} + } + }, + { + "id": "step1", + "op": { + "Op": {} + }, + "inputs": [ + "step0:0" + ] + } + ], + "digestMapping": { + "sha256:4fcabdc8e56358c8b9a740d0bf712ef67bc33786112213b9071132a6d595b56f": "step0", + "sha256:bc50cc258c6043da1edc694266872a90e37fe4d9dd4b4a6f29715b79a0778011": "step1" + } + } + ] + }, + "layers": { + "step0:0": [ + [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2d35ebdb57d9971fea0cac1582aa78935adf8058b2cc32db163c98822e5dfa1b", + "size": 3802452 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:85e8836fcdb2966cd3e43a5440ccddffd1828d2d186a49fa7c17b605db8b3bb3", + "size": 291155 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:91631faa732ae651543f888b70295cbfe29a433d3c8da02b9966f67f238d3603", + "size": 60150352 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:f3f5ae8826faeb0e0415f8f29afbc9550ae5d655f3982b2924949c93d5efd5c8", + "size": 126 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "size": 32 + } + ] + ], + "step1:0": [ + [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:15db0d88ae4923276807d48a05fc8a7208dfbec142770f2fce52af9fee6cd287", + "size": 17084 + } + ] + ] + } + }, + "buildkit_completeness": { + "request": true, + "resolvedDependencies": true + } + } + } + } +} \ No newline at end of file diff --git a/__tests__/.fixtures/sigstore/multi/linux_arm64/provenance.json b/__tests__/.fixtures/sigstore/multi/linux_arm64/provenance.json new file mode 100644 index 0000000..aa062af --- /dev/null +++ b/__tests__/.fixtures/sigstore/multi/linux_arm64/provenance.json @@ -0,0 +1,725 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v1", + "subject": [ + { + "name": "myapp", + "digest": { + "sha256": "4b667c986650394031c49aa325f905d0f9dde27ea57d7b4ab3e43d48f0f9140b" + } + } + ], + "predicate": { + "buildDefinition": { + "buildType": "https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-definitions.md", + "resolvedDependencies": [ + { + "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1", + "digest": { + "sha256": "e930c2697be77cb7271d316ecfa78768b5eac73de3b16018ed38eb0ea0b5a7cb" + } + }, + { + "uri": "pkg:docker/docker/dockerfile@1", + "digest": { + "sha256": "b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6" + } + }, + { + "uri": "pkg:docker/golang@1.25-alpine?platform=linux%2Famd64", + "digest": { + "sha256": "aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34" + } + }, + { + "uri": "pkg:docker/tonistiigi/xx@1.7.0?platform=linux%2Famd64", + "digest": { + "sha256": "010d4b66aed389848b0694f91c7aaee9df59a6f20be7f5d12e53663a37bd14e2" + } + }, + { + "uri": "https://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "digest": { + "sha1": "f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + } + } + ], + "externalParameters": { + "configSource": { + "uri": "https://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "digest": { + "sha1": "f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + }, + "path": "Dockerfile" + }, + "request": { + "frontend": "gateway.v0", + "args": { + "cmdline": "docker/dockerfile:1", + "source": "docker/dockerfile:1" + }, + "secrets": [ + { + "id": "GIT_AUTH_HEADER", + "optional": true + }, + { + "id": "GIT_AUTH_TOKEN", + "optional": true + } + ] + } + }, + "internalParameters": { + "buildConfig": { + "digestMapping": { + "sha256:1f4a4008f77e0fd66e5e405280ee9b3f1968beac6a3f28c110b31d15b8cd472a": "step2", + "sha256:2030d53ec35fa99af0f54fca7548a9665ec96f2514ba3cbc1b19c9f5c7cec173": "step0", + "sha256:368b1bc65dc4d0861c183479a82ba1d9792be1ec2a72aaa7d01c079683d737ff": "step8", + "sha256:4fcabdc8e56358c8b9a740d0bf712ef67bc33786112213b9071132a6d595b56f": "step5", + "sha256:6a2df8f51e15d0173d4785a6ef59a3c267ab89e42ebb4684a384c03a7ad05147": "step7", + "sha256:6ebefcdf46d57291371b70b4c09dbd29559df2b73ef100296cffb93ea6b083bb": "step6", + "sha256:717558c6da2ccb95acf2519318ee6f40d7ffbb1f63b0a9d211ffbc1a1d0e345f": "step4", + "sha256:d4b5a8c2437dc07cb5a1884896309711c899ee3557268d10b66818dd93f13784": "step1", + "sha256:dc0d490768523aa0ed6c1a7c68c5884e1a18e9b7a8c36a0a983edbe17a9bb89e": "step3" + }, + "llbDefinition": [ + { + "id": "step0", + "op": { + "Op": { + "source": { + "identifier": "docker-image://docker.io/library/golang:1.25-alpine@sha256:aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34" + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step1", + "op": { + "Op": { + "source": { + "identifier": "docker-image://docker.io/tonistiigi/xx:1.7.0@sha256:010d4b66aed389848b0694f91c7aaee9df59a6f20be7f5d12e53663a37bd14e2" + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step2", + "inputs": [ + "step0:0", + "step1:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "copy": { + "allowEmptyWildcard": true, + "allowWildcard": true, + "createDestPath": true, + "dest": "/", + "dirCopyContents": true, + "followSymlink": true, + "mode": -1, + "src": "/", + "timestamp": -1 + } + }, + "input": 0, + "output": 0, + "secondaryInput": 1 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step3", + "inputs": [ + "step2:0" + ], + "op": { + "Op": { + "exec": { + "meta": { + "args": [ + "/bin/sh", + "-c", + "apk add --no-cache file git" + ], + "cwd": "/go", + "env": [ + "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOLANG_VERSION=1.25.3", + "GOTOOLCHAIN=local", + "GOPATH=/go" + ], + "removeMountStubsRecursive": true + }, + "mounts": [ + { + "dest": "/" + } + ] + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step4", + "inputs": [ + "step3:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "mkdir": { + "makeParents": true, + "mode": 493, + "path": "/src", + "timestamp": -1 + } + }, + "input": 0, + "output": 0, + "secondaryInput": -1 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step5", + "op": { + "Op": { + "source": { + "attrs": { + "git.authheadersecret": "GIT_AUTH_HEADER", + "git.authtokensecret": "GIT_AUTH_TOKEN", + "git.fullurl": "https://github.com/docker/github-builder-test.git" + }, + "identifier": "git://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + } + }, + "constraints": {} + } + }, + { + "id": "step6", + "inputs": [ + "step4:0", + "step5:0" + ], + "op": { + "Op": { + "exec": { + "meta": { + "args": [ + "/bin/sh", + "-c", + "xx-go build -trimpath -o /out/myapp . \u0026\u0026 xx-verify --static /out/myapp" + ], + "cwd": "/src", + "env": [ + "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOLANG_VERSION=1.25.3", + "GOTOOLCHAIN=local", + "GOPATH=/go", + "CGO_ENABLED=0", + "TARGETPLATFORM=linux/arm64" + ], + "removeMountStubsRecursive": true + }, + "mounts": [ + { + "dest": "/" + }, + { + "cacheOpt": { + "ID": "//root/.cache" + }, + "dest": "/root/.cache", + "input": -1, + "mountType": 3, + "output": -1 + }, + { + "dest": "/src", + "input": 1, + "output": -1, + "readonly": true + } + ] + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step7", + "inputs": [ + "step6:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "copy": { + "allowEmptyWildcard": true, + "allowWildcard": true, + "createDestPath": true, + "dest": "/", + "dirCopyContents": true, + "followSymlink": true, + "mode": -1, + "src": "/out", + "timestamp": -1 + } + }, + "input": -1, + "output": 0, + "secondaryInput": 0 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step8", + "inputs": [ + "step7:0" + ], + "op": { + "Op": {} + } + } + ] + }, + "builderPlatform": "linux/amd64", + "github_event_name": "workflow_dispatch", + "github_event_payload": { + "enterprise": { + "avatar_url": "https://avatars.githubusercontent.com/b/19176?v=4", + "created_at": "2022-12-30T23:53:17Z", + "description": null, + "html_url": "https://github.com/enterprises/docker", + "id": 19176, + "name": "Docker", + "node_id": "E_kgDNSug", + "slug": "docker", + "updated_at": "2025-10-20T20:39:05Z", + "website_url": null + }, + "inputs": null, + "organization": { + "avatar_url": "https://avatars.githubusercontent.com/u/5429470?v=4", + "description": "Docker helps developers bring their ideas to life by conquering the complexity of app development.", + "events_url": "https://api.github.com/orgs/docker/events", + "hooks_url": "https://api.github.com/orgs/docker/hooks", + "id": 5429470, + "issues_url": "https://api.github.com/orgs/docker/issues", + "login": "docker", + "members_url": "https://api.github.com/orgs/docker/members{/member}", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=", + "public_members_url": "https://api.github.com/orgs/docker/public_members{/member}", + "repos_url": "https://api.github.com/orgs/docker/repos", + "url": "https://api.github.com/orgs/docker" + }, + "ref": "refs/heads/main", + "repository": { + "allow_forking": true, + "archive_url": "https://api.github.com/repos/docker/github-builder-test/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/docker/github-builder-test/assignees{/user}", + "blobs_url": "https://api.github.com/repos/docker/github-builder-test/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/docker/github-builder-test/branches{/branch}", + "clone_url": "https://github.com/docker/github-builder-test.git", + "collaborators_url": "https://api.github.com/repos/docker/github-builder-test/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/docker/github-builder-test/comments{/number}", + "commits_url": "https://api.github.com/repos/docker/github-builder-test/commits{/sha}", + "compare_url": "https://api.github.com/repos/docker/github-builder-test/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/docker/github-builder-test/contents/{+path}", + "contributors_url": "https://api.github.com/repos/docker/github-builder-test/contributors", + "created_at": "2025-08-19T08:08:29Z", + "custom_properties": {}, + "default_branch": "main", + "deployments_url": "https://api.github.com/repos/docker/github-builder-test/deployments", + "description": "Test repo for https://github.com/docker/github-builder-experimental", + "disabled": false, + "downloads_url": "https://api.github.com/repos/docker/github-builder-test/downloads", + "events_url": "https://api.github.com/repos/docker/github-builder-test/events", + "fork": false, + "forks": 0, + "forks_count": 0, + "forks_url": "https://api.github.com/repos/docker/github-builder-test/forks", + "full_name": "docker/github-builder-test", + "git_commits_url": "https://api.github.com/repos/docker/github-builder-test/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/docker/github-builder-test/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/docker/github-builder-test/git/tags{/sha}", + "git_url": "git://github.com/docker/github-builder-test.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": false, + "has_pages": false, + "has_projects": false, + "has_wiki": false, + "homepage": null, + "hooks_url": "https://api.github.com/repos/docker/github-builder-test/hooks", + "html_url": "https://github.com/docker/github-builder-test", + "id": 1040594287, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/docker/github-builder-test/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/docker/github-builder-test/issues/events{/number}", + "issues_url": "https://api.github.com/repos/docker/github-builder-test/issues{/number}", + "keys_url": "https://api.github.com/repos/docker/github-builder-test/keys{/key_id}", + "labels_url": "https://api.github.com/repos/docker/github-builder-test/labels{/name}", + "language": "Dockerfile", + "languages_url": "https://api.github.com/repos/docker/github-builder-test/languages", + "license": null, + "merges_url": "https://api.github.com/repos/docker/github-builder-test/merges", + "milestones_url": "https://api.github.com/repos/docker/github-builder-test/milestones{/number}", + "mirror_url": null, + "name": "github-builder-test", + "node_id": "R_kgDOPgY1bw", + "notifications_url": "https://api.github.com/repos/docker/github-builder-test/notifications{?since,all,participating}", + "open_issues": 0, + "open_issues_count": 0, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/5429470?v=4", + "events_url": "https://api.github.com/users/docker/events{/privacy}", + "followers_url": "https://api.github.com/users/docker/followers", + "following_url": "https://api.github.com/users/docker/following{/other_user}", + "gists_url": "https://api.github.com/users/docker/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/docker", + "id": 5429470, + "login": "docker", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=", + "organizations_url": "https://api.github.com/users/docker/orgs", + "received_events_url": "https://api.github.com/users/docker/received_events", + "repos_url": "https://api.github.com/users/docker/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/docker/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/docker/subscriptions", + "type": "Organization", + "url": "https://api.github.com/users/docker", + "user_view_type": "public" + }, + "private": true, + "pulls_url": "https://api.github.com/repos/docker/github-builder-test/pulls{/number}", + "pushed_at": "2025-10-22T14:08:38Z", + "releases_url": "https://api.github.com/repos/docker/github-builder-test/releases{/id}", + "size": 24, + "ssh_url": "git@github.com:docker/github-builder-test.git", + "stargazers_count": 0, + "stargazers_url": "https://api.github.com/repos/docker/github-builder-test/stargazers", + "statuses_url": "https://api.github.com/repos/docker/github-builder-test/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/docker/github-builder-test/subscribers", + "subscription_url": "https://api.github.com/repos/docker/github-builder-test/subscription", + "svn_url": "https://github.com/docker/github-builder-test", + "tags_url": "https://api.github.com/repos/docker/github-builder-test/tags", + "teams_url": "https://api.github.com/repos/docker/github-builder-test/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/docker/github-builder-test/git/trees{/sha}", + "updated_at": "2025-10-22T14:08:42Z", + "url": "https://api.github.com/repos/docker/github-builder-test", + "visibility": "internal", + "watchers": 0, + "watchers_count": 0, + "web_commit_signoff_required": false + }, + "sender": { + "avatar_url": "https://avatars.githubusercontent.com/u/1951866?v=4", + "events_url": "https://api.github.com/users/crazy-max/events{/privacy}", + "followers_url": "https://api.github.com/users/crazy-max/followers", + "following_url": "https://api.github.com/users/crazy-max/following{/other_user}", + "gists_url": "https://api.github.com/users/crazy-max/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/crazy-max", + "id": 1951866, + "login": "crazy-max", + "node_id": "MDQ6VXNlcjE5NTE4NjY=", + "organizations_url": "https://api.github.com/users/crazy-max/orgs", + "received_events_url": "https://api.github.com/users/crazy-max/received_events", + "repos_url": "https://api.github.com/users/crazy-max/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/crazy-max/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/crazy-max/subscriptions", + "type": "User", + "url": "https://api.github.com/users/crazy-max", + "user_view_type": "public" + }, + "workflow": ".github/workflows/ci.yml" + } + } + }, + "runDetails": { + "builder": { + "id": "https://github.com/docker/github-builder-test/actions/runs/18720329526/attempts/1" + }, + "metadata": { + "invocationID": "3lb9gejzb3ondafiy8szq6pza", + "startedOn": "2025-10-22T14:53:42.019047245Z", + "finishedOn": "2025-10-22T14:54:12.811607358Z", + "buildkit_metadata": { + "source": { + "locations": { + "step0": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 8 + }, + "end": { + "line": 8 + } + } + ] + } + ] + }, + "step1": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 6 + }, + "end": { + "line": 6 + } + } + ] + } + ] + }, + "step2": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 9 + }, + "end": { + "line": 9 + } + } + ] + } + ] + }, + "step3": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 10 + }, + "end": { + "line": 10 + } + } + ] + } + ] + }, + "step4": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 12 + }, + "end": { + "line": 12 + } + } + ] + } + ] + }, + "step5": {}, + "step6": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 16 + }, + "end": { + "line": 16 + } + }, + { + "start": { + "line": 17 + }, + "end": { + "line": 17 + } + }, + { + "start": { + "line": 18 + }, + "end": { + "line": 18 + } + }, + { + "start": { + "line": 19 + }, + "end": { + "line": 19 + } + } + ] + } + ] + }, + "step7": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 23 + }, + "end": { + "line": 23 + } + } + ] + } + ] + } + }, + "infos": [ + { + "filename": "Dockerfile", + "language": "Dockerfile", + "data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGU6MQoKQVJHIEdPX1ZFUlNJT049IjEuMjUiCgojIHh4IGlzIGEgaGVscGVyIGZvciBjcm9zcy1jb21waWxhdGlvbgpGUk9NIC0tcGxhdGZvcm09JEJVSUxEUExBVEZPUk0gdG9uaXN0aWlnaS94eDoxLjcuMCBBUyB4eAoKRlJPTSAtLXBsYXRmb3JtPSRCVUlMRFBMQVRGT1JNIGdvbGFuZzoke0dPX1ZFUlNJT059LWFscGluZSBBUyBiYXNlCkNPUFkgLS1mcm9tPXh4IC8gLwpSVU4gYXBrIGFkZCAtLW5vLWNhY2hlIGZpbGUgZ2l0CkVOViBDR09fRU5BQkxFRD0wCldPUktESVIgL3NyYwoKRlJPTSBiYXNlIEFTIGJ1aWxkCkFSRyBUQVJHRVRQTEFURk9STQpSVU4gLS1tb3VudD10eXBlPWJpbmQsdGFyZ2V0PS4gXAogICAgLS1tb3VudD10YXJnZXQ9L3Jvb3QvLmNhY2hlLHR5cGU9Y2FjaGUgXAogIHh4LWdvIGJ1aWxkIC10cmltcGF0aCAtbyAvb3V0L215YXBwIC4gXAogICYmIHh4LXZlcmlmeSAtLXN0YXRpYyAvb3V0L215YXBwCkFSRyBCVUlMREtJVF9TQk9NX1NDQU5fU1RBR0U9dHJ1ZQoKRlJPTSBzY3JhdGNoCkNPUFkgLS1mcm9tPWJ1aWxkIC9vdXQgLwo=", + "llbDefinition": [ + { + "id": "step0", + "op": { + "Op": { + "source": { + "identifier": "git://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "attrs": { + "git.authheadersecret": "GIT_AUTH_HEADER", + "git.authtokensecret": "GIT_AUTH_TOKEN", + "git.fullurl": "https://github.com/docker/github-builder-test.git" + } + } + }, + "constraints": {} + } + }, + { + "id": "step1", + "op": { + "Op": {} + }, + "inputs": [ + "step0:0" + ] + } + ], + "digestMapping": { + "sha256:4fcabdc8e56358c8b9a740d0bf712ef67bc33786112213b9071132a6d595b56f": "step0", + "sha256:bc50cc258c6043da1edc694266872a90e37fe4d9dd4b4a6f29715b79a0778011": "step1" + } + } + ] + }, + "layers": { + "step0:0": [ + [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2d35ebdb57d9971fea0cac1582aa78935adf8058b2cc32db163c98822e5dfa1b", + "size": 3802452 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:85e8836fcdb2966cd3e43a5440ccddffd1828d2d186a49fa7c17b605db8b3bb3", + "size": 291155 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:91631faa732ae651543f888b70295cbfe29a433d3c8da02b9966f67f238d3603", + "size": 60150352 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:f3f5ae8826faeb0e0415f8f29afbc9550ae5d655f3982b2924949c93d5efd5c8", + "size": 126 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "size": 32 + } + ] + ], + "step1:0": [ + [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:15db0d88ae4923276807d48a05fc8a7208dfbec142770f2fce52af9fee6cd287", + "size": 17084 + } + ] + ] + } + }, + "buildkit_completeness": { + "request": true, + "resolvedDependencies": true + } + } + } + } +} \ No newline at end of file diff --git a/__tests__/.fixtures/sigstore/single/provenance.json b/__tests__/.fixtures/sigstore/single/provenance.json new file mode 100644 index 0000000..2bf12be --- /dev/null +++ b/__tests__/.fixtures/sigstore/single/provenance.json @@ -0,0 +1,725 @@ +{ + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v1", + "subject": [ + { + "name": "myapp", + "digest": { + "sha256": "4b667c986650394031c49aa325f905d0f9dde27ea57d7b4ab3e43d48f0f9140b" + } + } + ], + "predicate": { + "buildDefinition": { + "buildType": "https://github.com/moby/buildkit/blob/master/docs/attestations/slsa-definitions.md", + "resolvedDependencies": [ + { + "uri": "pkg:docker/docker/buildkit-syft-scanner@stable-1", + "digest": { + "sha256": "e930c2697be77cb7271d316ecfa78768b5eac73de3b16018ed38eb0ea0b5a7cb" + } + }, + { + "uri": "pkg:docker/docker/dockerfile@1", + "digest": { + "sha256": "b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6" + } + }, + { + "uri": "pkg:docker/golang@1.25-alpine?platform=linux%2Famd64", + "digest": { + "sha256": "aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34" + } + }, + { + "uri": "pkg:docker/tonistiigi/xx@1.7.0?platform=linux%2Famd64", + "digest": { + "sha256": "010d4b66aed389848b0694f91c7aaee9df59a6f20be7f5d12e53663a37bd14e2" + } + }, + { + "uri": "https://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "digest": { + "sha1": "f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + } + } + ], + "externalParameters": { + "configSource": { + "uri": "https://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "digest": { + "sha1": "f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + }, + "path": "Dockerfile" + }, + "request": { + "frontend": "gateway.v0", + "args": { + "cmdline": "docker/dockerfile:1", + "source": "docker/dockerfile:1" + }, + "secrets": [ + { + "id": "GIT_AUTH_HEADER", + "optional": true + }, + { + "id": "GIT_AUTH_TOKEN", + "optional": true + } + ] + } + }, + "internalParameters": { + "buildConfig": { + "digestMapping": { + "sha256:1f4a4008f77e0fd66e5e405280ee9b3f1968beac6a3f28c110b31d15b8cd472a": "step2", + "sha256:2030d53ec35fa99af0f54fca7548a9665ec96f2514ba3cbc1b19c9f5c7cec173": "step0", + "sha256:368b1bc65dc4d0861c183479a82ba1d9792be1ec2a72aaa7d01c079683d737ff": "step8", + "sha256:4fcabdc8e56358c8b9a740d0bf712ef67bc33786112213b9071132a6d595b56f": "step5", + "sha256:6a2df8f51e15d0173d4785a6ef59a3c267ab89e42ebb4684a384c03a7ad05147": "step7", + "sha256:6ebefcdf46d57291371b70b4c09dbd29559df2b73ef100296cffb93ea6b083bb": "step6", + "sha256:717558c6da2ccb95acf2519318ee6f40d7ffbb1f63b0a9d211ffbc1a1d0e345f": "step4", + "sha256:d4b5a8c2437dc07cb5a1884896309711c899ee3557268d10b66818dd93f13784": "step1", + "sha256:dc0d490768523aa0ed6c1a7c68c5884e1a18e9b7a8c36a0a983edbe17a9bb89e": "step3" + }, + "llbDefinition": [ + { + "id": "step0", + "op": { + "Op": { + "source": { + "identifier": "docker-image://docker.io/library/golang:1.25-alpine@sha256:aee43c3ccbf24fdffb7295693b6e33b21e01baec1b2a55acc351fde345e9ec34" + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step1", + "op": { + "Op": { + "source": { + "identifier": "docker-image://docker.io/tonistiigi/xx:1.7.0@sha256:010d4b66aed389848b0694f91c7aaee9df59a6f20be7f5d12e53663a37bd14e2" + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step2", + "inputs": [ + "step0:0", + "step1:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "copy": { + "allowEmptyWildcard": true, + "allowWildcard": true, + "createDestPath": true, + "dest": "/", + "dirCopyContents": true, + "followSymlink": true, + "mode": -1, + "src": "/", + "timestamp": -1 + } + }, + "input": 0, + "output": 0, + "secondaryInput": 1 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step3", + "inputs": [ + "step2:0" + ], + "op": { + "Op": { + "exec": { + "meta": { + "args": [ + "/bin/sh", + "-c", + "apk add --no-cache file git" + ], + "cwd": "/go", + "env": [ + "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOLANG_VERSION=1.25.3", + "GOTOOLCHAIN=local", + "GOPATH=/go" + ], + "removeMountStubsRecursive": true + }, + "mounts": [ + { + "dest": "/" + } + ] + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step4", + "inputs": [ + "step3:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "mkdir": { + "makeParents": true, + "mode": 493, + "path": "/src", + "timestamp": -1 + } + }, + "input": 0, + "output": 0, + "secondaryInput": -1 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step5", + "op": { + "Op": { + "source": { + "attrs": { + "git.authheadersecret": "GIT_AUTH_HEADER", + "git.authtokensecret": "GIT_AUTH_TOKEN", + "git.fullurl": "https://github.com/docker/github-builder-test.git" + }, + "identifier": "git://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd" + } + }, + "constraints": {} + } + }, + { + "id": "step6", + "inputs": [ + "step4:0", + "step5:0" + ], + "op": { + "Op": { + "exec": { + "meta": { + "args": [ + "/bin/sh", + "-c", + "xx-go build -trimpath -o /out/myapp . \u0026\u0026 xx-verify --static /out/myapp" + ], + "cwd": "/src", + "env": [ + "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOLANG_VERSION=1.25.3", + "GOTOOLCHAIN=local", + "GOPATH=/go", + "CGO_ENABLED=0", + "TARGETPLATFORM=linux/arm64" + ], + "removeMountStubsRecursive": true + }, + "mounts": [ + { + "dest": "/" + }, + { + "cacheOpt": { + "ID": "//root/.cache" + }, + "dest": "/root/.cache", + "input": -1, + "mountType": 3, + "output": -1 + }, + { + "dest": "/src", + "input": 1, + "output": -1, + "readonly": true + } + ] + } + }, + "constraints": {}, + "platform": { + "Architecture": "amd64", + "OS": "linux" + } + } + }, + { + "id": "step7", + "inputs": [ + "step6:0" + ], + "op": { + "Op": { + "file": { + "actions": [ + { + "Action": { + "copy": { + "allowEmptyWildcard": true, + "allowWildcard": true, + "createDestPath": true, + "dest": "/", + "dirCopyContents": true, + "followSymlink": true, + "mode": -1, + "src": "/out", + "timestamp": -1 + } + }, + "input": -1, + "output": 0, + "secondaryInput": 0 + } + ] + } + }, + "constraints": {} + } + }, + { + "id": "step8", + "inputs": [ + "step7:0" + ], + "op": { + "Op": {} + } + } + ] + }, + "builderPlatform": "linux/amd64", + "github_event_name": "workflow_dispatch", + "github_event_payload": { + "enterprise": { + "avatar_url": "https://avatars.githubusercontent.com/b/19176?v=4", + "created_at": "2022-12-30T23:53:17Z", + "description": null, + "html_url": "https://github.com/enterprises/docker", + "id": 19176, + "name": "Docker", + "node_id": "E_kgDNSug", + "slug": "docker", + "updated_at": "2025-10-20T20:39:05Z", + "website_url": null + }, + "inputs": null, + "organization": { + "avatar_url": "https://avatars.githubusercontent.com/u/5429470?v=4", + "description": "Docker helps developers bring their ideas to life by conquering the complexity of app development.", + "events_url": "https://api.github.com/orgs/docker/events", + "hooks_url": "https://api.github.com/orgs/docker/hooks", + "id": 5429470, + "issues_url": "https://api.github.com/orgs/docker/issues", + "login": "docker", + "members_url": "https://api.github.com/orgs/docker/members{/member}", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=", + "public_members_url": "https://api.github.com/orgs/docker/public_members{/member}", + "repos_url": "https://api.github.com/orgs/docker/repos", + "url": "https://api.github.com/orgs/docker" + }, + "ref": "refs/heads/main", + "repository": { + "allow_forking": true, + "archive_url": "https://api.github.com/repos/docker/github-builder-test/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/docker/github-builder-test/assignees{/user}", + "blobs_url": "https://api.github.com/repos/docker/github-builder-test/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/docker/github-builder-test/branches{/branch}", + "clone_url": "https://github.com/docker/github-builder-test.git", + "collaborators_url": "https://api.github.com/repos/docker/github-builder-test/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/docker/github-builder-test/comments{/number}", + "commits_url": "https://api.github.com/repos/docker/github-builder-test/commits{/sha}", + "compare_url": "https://api.github.com/repos/docker/github-builder-test/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/docker/github-builder-test/contents/{+path}", + "contributors_url": "https://api.github.com/repos/docker/github-builder-test/contributors", + "created_at": "2025-08-19T08:08:29Z", + "custom_properties": {}, + "default_branch": "main", + "deployments_url": "https://api.github.com/repos/docker/github-builder-test/deployments", + "description": "Test repo for https://github.com/docker/github-builder-experimental", + "disabled": false, + "downloads_url": "https://api.github.com/repos/docker/github-builder-test/downloads", + "events_url": "https://api.github.com/repos/docker/github-builder-test/events", + "fork": false, + "forks": 0, + "forks_count": 0, + "forks_url": "https://api.github.com/repos/docker/github-builder-test/forks", + "full_name": "docker/github-builder-test", + "git_commits_url": "https://api.github.com/repos/docker/github-builder-test/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/docker/github-builder-test/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/docker/github-builder-test/git/tags{/sha}", + "git_url": "git://github.com/docker/github-builder-test.git", + "has_discussions": false, + "has_downloads": true, + "has_issues": false, + "has_pages": false, + "has_projects": false, + "has_wiki": false, + "homepage": null, + "hooks_url": "https://api.github.com/repos/docker/github-builder-test/hooks", + "html_url": "https://github.com/docker/github-builder-test", + "id": 1040594287, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/docker/github-builder-test/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/docker/github-builder-test/issues/events{/number}", + "issues_url": "https://api.github.com/repos/docker/github-builder-test/issues{/number}", + "keys_url": "https://api.github.com/repos/docker/github-builder-test/keys{/key_id}", + "labels_url": "https://api.github.com/repos/docker/github-builder-test/labels{/name}", + "language": "Dockerfile", + "languages_url": "https://api.github.com/repos/docker/github-builder-test/languages", + "license": null, + "merges_url": "https://api.github.com/repos/docker/github-builder-test/merges", + "milestones_url": "https://api.github.com/repos/docker/github-builder-test/milestones{/number}", + "mirror_url": null, + "name": "github-builder-test", + "node_id": "R_kgDOPgY1bw", + "notifications_url": "https://api.github.com/repos/docker/github-builder-test/notifications{?since,all,participating}", + "open_issues": 0, + "open_issues_count": 0, + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/5429470?v=4", + "events_url": "https://api.github.com/users/docker/events{/privacy}", + "followers_url": "https://api.github.com/users/docker/followers", + "following_url": "https://api.github.com/users/docker/following{/other_user}", + "gists_url": "https://api.github.com/users/docker/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/docker", + "id": 5429470, + "login": "docker", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjU0Mjk0NzA=", + "organizations_url": "https://api.github.com/users/docker/orgs", + "received_events_url": "https://api.github.com/users/docker/received_events", + "repos_url": "https://api.github.com/users/docker/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/docker/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/docker/subscriptions", + "type": "Organization", + "url": "https://api.github.com/users/docker", + "user_view_type": "public" + }, + "private": true, + "pulls_url": "https://api.github.com/repos/docker/github-builder-test/pulls{/number}", + "pushed_at": "2025-10-22T14:08:38Z", + "releases_url": "https://api.github.com/repos/docker/github-builder-test/releases{/id}", + "size": 24, + "ssh_url": "git@github.com:docker/github-builder-test.git", + "stargazers_count": 0, + "stargazers_url": "https://api.github.com/repos/docker/github-builder-test/stargazers", + "statuses_url": "https://api.github.com/repos/docker/github-builder-test/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/docker/github-builder-test/subscribers", + "subscription_url": "https://api.github.com/repos/docker/github-builder-test/subscription", + "svn_url": "https://github.com/docker/github-builder-test", + "tags_url": "https://api.github.com/repos/docker/github-builder-test/tags", + "teams_url": "https://api.github.com/repos/docker/github-builder-test/teams", + "topics": [], + "trees_url": "https://api.github.com/repos/docker/github-builder-test/git/trees{/sha}", + "updated_at": "2025-10-22T14:08:42Z", + "url": "https://api.github.com/repos/docker/github-builder-test", + "visibility": "internal", + "watchers": 0, + "watchers_count": 0, + "web_commit_signoff_required": false + }, + "sender": { + "avatar_url": "https://avatars.githubusercontent.com/u/1951866?v=4", + "events_url": "https://api.github.com/users/crazy-max/events{/privacy}", + "followers_url": "https://api.github.com/users/crazy-max/followers", + "following_url": "https://api.github.com/users/crazy-max/following{/other_user}", + "gists_url": "https://api.github.com/users/crazy-max/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/crazy-max", + "id": 1951866, + "login": "crazy-max", + "node_id": "MDQ6VXNlcjE5NTE4NjY=", + "organizations_url": "https://api.github.com/users/crazy-max/orgs", + "received_events_url": "https://api.github.com/users/crazy-max/received_events", + "repos_url": "https://api.github.com/users/crazy-max/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/crazy-max/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/crazy-max/subscriptions", + "type": "User", + "url": "https://api.github.com/users/crazy-max", + "user_view_type": "public" + }, + "workflow": ".github/workflows/ci.yml" + } + } + }, + "runDetails": { + "builder": { + "id": "https://github.com/docker/github-builder-test/actions/runs/18720329526/attempts/1" + }, + "metadata": { + "invocationID": "3lb9gejzb3ondafiy8szq6pza", + "startedOn": "2025-10-22T14:53:42.019047245Z", + "finishedOn": "2025-10-22T14:54:12.811607358Z", + "buildkit_metadata": { + "source": { + "locations": { + "step0": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 8 + }, + "end": { + "line": 8 + } + } + ] + } + ] + }, + "step1": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 6 + }, + "end": { + "line": 6 + } + } + ] + } + ] + }, + "step2": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 9 + }, + "end": { + "line": 9 + } + } + ] + } + ] + }, + "step3": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 10 + }, + "end": { + "line": 10 + } + } + ] + } + ] + }, + "step4": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 12 + }, + "end": { + "line": 12 + } + } + ] + } + ] + }, + "step5": {}, + "step6": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 16 + }, + "end": { + "line": 16 + } + }, + { + "start": { + "line": 17 + }, + "end": { + "line": 17 + } + }, + { + "start": { + "line": 18 + }, + "end": { + "line": 18 + } + }, + { + "start": { + "line": 19 + }, + "end": { + "line": 19 + } + } + ] + } + ] + }, + "step7": { + "locations": [ + { + "ranges": [ + { + "start": { + "line": 23 + }, + "end": { + "line": 23 + } + } + ] + } + ] + } + }, + "infos": [ + { + "filename": "Dockerfile", + "language": "Dockerfile", + "data": "IyBzeW50YXg9ZG9ja2VyL2RvY2tlcmZpbGU6MQoKQVJHIEdPX1ZFUlNJT049IjEuMjUiCgojIHh4IGlzIGEgaGVscGVyIGZvciBjcm9zcy1jb21waWxhdGlvbgpGUk9NIC0tcGxhdGZvcm09JEJVSUxEUExBVEZPUk0gdG9uaXN0aWlnaS94eDoxLjcuMCBBUyB4eAoKRlJPTSAtLXBsYXRmb3JtPSRCVUlMRFBMQVRGT1JNIGdvbGFuZzoke0dPX1ZFUlNJT059LWFscGluZSBBUyBiYXNlCkNPUFkgLS1mcm9tPXh4IC8gLwpSVU4gYXBrIGFkZCAtLW5vLWNhY2hlIGZpbGUgZ2l0CkVOViBDR09fRU5BQkxFRD0wCldPUktESVIgL3NyYwoKRlJPTSBiYXNlIEFTIGJ1aWxkCkFSRyBUQVJHRVRQTEFURk9STQpSVU4gLS1tb3VudD10eXBlPWJpbmQsdGFyZ2V0PS4gXAogICAgLS1tb3VudD10YXJnZXQ9L3Jvb3QvLmNhY2hlLHR5cGU9Y2FjaGUgXAogIHh4LWdvIGJ1aWxkIC10cmltcGF0aCAtbyAvb3V0L215YXBwIC4gXAogICYmIHh4LXZlcmlmeSAtLXN0YXRpYyAvb3V0L215YXBwCkFSRyBCVUlMREtJVF9TQk9NX1NDQU5fU1RBR0U9dHJ1ZQoKRlJPTSBzY3JhdGNoCkNPUFkgLS1mcm9tPWJ1aWxkIC9vdXQgLwo=", + "llbDefinition": [ + { + "id": "step0", + "op": { + "Op": { + "source": { + "identifier": "git://github.com/docker/github-builder-test.git#f1bd8fdfe4d417acd107b32d5749638ff1533bfd", + "attrs": { + "git.authheadersecret": "GIT_AUTH_HEADER", + "git.authtokensecret": "GIT_AUTH_TOKEN", + "git.fullurl": "https://github.com/docker/github-builder-test.git" + } + } + }, + "constraints": {} + } + }, + { + "id": "step1", + "op": { + "Op": {} + }, + "inputs": [ + "step0:0" + ] + } + ], + "digestMapping": { + "sha256:4fcabdc8e56358c8b9a740d0bf712ef67bc33786112213b9071132a6d595b56f": "step0", + "sha256:bc50cc258c6043da1edc694266872a90e37fe4d9dd4b4a6f29715b79a0778011": "step1" + } + } + ] + }, + "layers": { + "step0:0": [ + [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2d35ebdb57d9971fea0cac1582aa78935adf8058b2cc32db163c98822e5dfa1b", + "size": 3802452 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:85e8836fcdb2966cd3e43a5440ccddffd1828d2d186a49fa7c17b605db8b3bb3", + "size": 291155 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:91631faa732ae651543f888b70295cbfe29a433d3c8da02b9966f67f238d3603", + "size": 60150352 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:f3f5ae8826faeb0e0415f8f29afbc9550ae5d655f3982b2924949c93d5efd5c8", + "size": 126 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "size": 32 + } + ] + ], + "step1:0": [ + [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:15db0d88ae4923276807d48a05fc8a7208dfbec142770f2fce52af9fee6cd287", + "size": 17084 + } + ] + ] + } + }, + "buildkit_completeness": { + "request": true, + "resolvedDependencies": true + } + } + } + } +} diff --git a/__tests__/sigstore/sigstore.test.itg.ts b/__tests__/sigstore/sigstore.test.itg.ts new file mode 100644 index 0000000..28a4ba7 --- /dev/null +++ b/__tests__/sigstore/sigstore.test.itg.ts @@ -0,0 +1,59 @@ +/** + * Copyright 2025 actions-toolkit authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import {describe, expect, it} from '@jest/globals'; +import fs from 'fs'; +import * as path from 'path'; + +import {Sigstore} from '../../src/sigstore/sigstore'; + +const fixturesDir = path.join(__dirname, '..', '.fixtures'); + +const maybe = process.env.GITHUB_ACTIONS && process.env.GITHUB_ACTIONS === 'true' && process.env.ACTIONS_ID_TOKEN_REQUEST_URL && process.env.ImageOS && process.env.ImageOS.startsWith('ubuntu') ? describe : describe.skip; + +maybe('signProvenanceBlobs', () => { + it('single platform', async () => { + const sigstore = new Sigstore(); + const results = await sigstore.signProvenanceBlobs({ + localExportDir: path.join(fixturesDir, 'sigstore', 'single') + }); + expect(Object.keys(results).length).toEqual(1); + const provenancePath = Object.keys(results)[0]; + expect(provenancePath).toEqual(path.join(fixturesDir, 'sigstore', 'single', 'provenance.json')); + expect(fs.existsSync(results[provenancePath].bundlePath)).toBe(true); + expect(results[provenancePath].bundle).toBeDefined(); + expect(results[provenancePath].certificate).toBeDefined(); + expect(results[provenancePath].tlogID).toBeDefined(); + expect(results[provenancePath].attestationID).not.toBeDefined(); + console.log(provenancePath, JSON.stringify(results[provenancePath].bundle, null, 2)); + }); + it('multi-platform', async () => { + const sigstore = new Sigstore(); + const results = await sigstore.signProvenanceBlobs({ + localExportDir: path.join(fixturesDir, 'sigstore', 'multi') + }); + expect(Object.keys(results).length).toEqual(2); + for (const [provenancePath, res] of Object.entries(results)) { + expect(provenancePath).toMatch(/linux_(amd64|arm64)\/provenance.json/); + expect(fs.existsSync(res.bundlePath)).toBe(true); + expect(res.bundle).toBeDefined(); + expect(res.certificate).toBeDefined(); + expect(res.tlogID).toBeDefined(); + expect(res.attestationID).not.toBeDefined(); + console.log(provenancePath, JSON.stringify(res.bundle, null, 2)); + } + }); +}); diff --git a/package.json b/package.json index 9e70d35..e5482f2 100644 --- a/package.json +++ b/package.json @@ -46,6 +46,7 @@ }, "dependencies": { "@actions/artifact": "^4.0.0", + "@actions/attest": "^2.0.0", "@actions/cache": "^4.1.0", "@actions/core": "^1.11.1", "@actions/exec": "^1.1.1", @@ -56,6 +57,8 @@ "@azure/storage-blob": "^12.15.0", "@octokit/core": "^5.2.2", "@octokit/plugin-rest-endpoint-methods": "^10.4.1", + "@sigstore/bundle": "^3.1.0", + "@sigstore/sign": "^3.1.0", "async-retry": "^1.3.3", "csv-parse": "^6.1.0", "gunzip-maybe": "^1.4.2", @@ -68,6 +71,8 @@ "tmp": "^0.2.5" }, "devDependencies": { + "@sigstore/mock": "^0.10.0", + "@sigstore/rekor-types": "^3.0.0", "@types/gunzip-maybe": "^1.4.2", "@types/he": "^1.2.3", "@types/js-yaml": "^4.0.9", diff --git a/src/sigstore/sigstore.ts b/src/sigstore/sigstore.ts new file mode 100644 index 0000000..8d36d1b --- /dev/null +++ b/src/sigstore/sigstore.ts @@ -0,0 +1,156 @@ +/** + * Copyright 2025 actions-toolkit authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import {X509Certificate} from 'crypto'; +import fs from 'fs'; +import path from 'path'; + +import {signingEndpoints, SigstoreInstance} from '@actions/attest/lib/endpoints'; +import * as core from '@actions/core'; +import {signPayload} from '@actions/attest/lib/sign'; +import {bundleToJSON} from '@sigstore/bundle'; +import {Attestation} from '@actions/attest'; +import {Bundle} from '@sigstore/sign'; + +import {Subject} from '../types/intoto/intoto'; + +export interface SignProvenanceBlobsOpts { + localExportDir: string; + name?: string; +} + +export interface SignProvenanceBlobsResult extends Attestation { + bundlePath: string; + subjects: Array; +} + +export class Sigstore { + private intotoPayloadType = 'application/vnd.in-toto+json'; + private searchSigstoreURL = 'https://search.sigstore.dev'; + + public async signProvenanceBlobs(opts: SignProvenanceBlobsOpts): Promise> { + const result: Record = {}; + try { + if (!process.env.ACTIONS_ID_TOKEN_REQUEST_URL) { + throw new Error('missing "id-token" permission. Please add "permissions: id-token: write" to your workflow.'); + } + + const sigstoreInstance: SigstoreInstance = 'public-good'; + const endpoints = signingEndpoints(sigstoreInstance); + core.info(`Using Sigstore signing endpoint: ${endpoints.fulcioURL}`); + + const provenanceBlobs = Sigstore.getProvenanceBlobs(opts); + for (const p of Object.keys(provenanceBlobs)) { + await core.group(`Signing ${p}`, async () => { + const blob = provenanceBlobs[p]; + const bundlePath = path.join(path.dirname(p), `${opts.name ?? 'provenance'}.sigstore.json`); + const subjects = Sigstore.getProvenanceSubjects(blob); + if (subjects.length === 0) { + core.warning(`No subjects found in provenance ${p}, skip signing.`); + return; + } + const bundle = await signPayload( + { + body: blob, + type: this.intotoPayloadType + }, + endpoints + ); + const attest = Sigstore.toAttestation(bundle); + core.info(`Provenance blob signed for:`); + for (const subject of subjects) { + const [digestAlg, digestValue] = Object.entries(subject.digest)[0] || []; + core.info(` - ${subject.name} (${digestAlg}:${digestValue})`); + } + if (attest.tlogID) { + core.info(`Attestation signature uploaded to Rekor transparency log: ${this.searchSigstoreURL}?logIndex=${attest.tlogID}`); + } + core.info(`Writing Sigstore bundle to: ${bundlePath}`); + fs.writeFileSync(bundlePath, JSON.stringify(attest.bundle, null, 2), { + encoding: 'utf-8' + }); + result[p] = { + ...attest, + bundlePath: bundlePath, + subjects: subjects + }; + }); + } + } catch (err) { + throw new Error(`Signing BuildKit provenance blobs failed: ${(err as Error).message}`); + } + return result; + } + + private static getProvenanceBlobs(opts: SignProvenanceBlobsOpts): Record { + // For single platform build + const singleProvenance = path.join(opts.localExportDir, 'provenance.json'); + if (fs.existsSync(singleProvenance)) { + return {[singleProvenance]: fs.readFileSync(singleProvenance)}; + } + + // For multi-platform build + const dirents = fs.readdirSync(opts.localExportDir, {withFileTypes: true}); + const platformFolders = dirents.filter(dirent => dirent.isDirectory()); + if (platformFolders.length > 0 && platformFolders.length === dirents.length && platformFolders.every(platformFolder => fs.existsSync(path.join(opts.localExportDir, platformFolder.name, 'provenance.json')))) { + const result: Record = {}; + for (const platformFolder of platformFolders) { + const p = path.join(opts.localExportDir, platformFolder.name, 'provenance.json'); + result[p] = fs.readFileSync(p); + } + return result; + } + + throw new Error(`No valid provenance.json found in ${opts.localExportDir}`); + } + + private static getProvenanceSubjects(body: Buffer): Array { + const statement = JSON.parse(body.toString()) as { + subject: Array<{name: string; digest: Record}>; + }; + return statement.subject.map(s => ({ + name: s.name, + digest: s.digest + })); + } + + // https://github.com/actions/toolkit/blob/d3ab50471b4ff1d1274dffb90ef9c5d9949b4886/packages/attest/src/attest.ts#L90 + private static toAttestation(bundle: Bundle): Attestation { + let certBytes: Buffer; + switch (bundle.verificationMaterial.content.$case) { + case 'x509CertificateChain': + certBytes = bundle.verificationMaterial.content.x509CertificateChain.certificates[0].rawBytes; + break; + case 'certificate': + certBytes = bundle.verificationMaterial.content.certificate.rawBytes; + break; + default: + throw new Error('Bundle must contain an x509 certificate'); + } + + const signingCert = new X509Certificate(certBytes); + + // Collect transparency log ID if available + const tlogEntries = bundle.verificationMaterial.tlogEntries; + const tlogID = tlogEntries.length > 0 ? tlogEntries[0].logIndex : undefined; + + return { + bundle: bundleToJSON(bundle), + certificate: signingCert.toString(), + tlogID: tlogID + }; + } +} diff --git a/src/types/intoto/intoto.ts b/src/types/intoto/intoto.ts index 0bad854..ba77dea 100644 --- a/src/types/intoto/intoto.ts +++ b/src/types/intoto/intoto.ts @@ -18,3 +18,9 @@ export const MEDIATYPE_PAYLOAD = 'application/vnd.in-toto+json'; export const MEDIATYPE_PREDICATE = 'in-toto.io/predicate-type'; + +// https://github.com/in-toto/in-toto-golang/blob/0a34c087cedcc36de065b4fccb7cf7c9bc16e29f/in_toto/attestations.go#L30-L42 +export interface Subject { + name: string; + digest: Record; +} diff --git a/yarn.lock b/yarn.lock index 87e5755..d8adccd 100644 --- a/yarn.lock +++ b/yarn.lock @@ -34,6 +34,21 @@ __metadata: languageName: node linkType: hard +"@actions/attest@npm:^2.0.0": + version: 2.0.0 + resolution: "@actions/attest@npm:2.0.0" + dependencies: + "@actions/core": "npm:^1.11.1" + "@actions/github": "npm:^6.0.0" + "@actions/http-client": "npm:^2.2.3" + "@octokit/plugin-retry": "npm:^6.0.1" + "@sigstore/bundle": "npm:^3.1.0" + "@sigstore/sign": "npm:^3.1.0" + jose: "npm:^5.10.0" + checksum: 10/5bfcab46f2b6a9e7fe22f313e212e0fef8bea1f7a88e93d00c8ccecfaee51f4c74226732391a9f14c1875058955fc4a74ba76a54fb23b96e2c77392b538c0182 + languageName: node + linkType: hard + "@actions/cache@npm:^4.1.0": version: 4.1.0 resolution: "@actions/cache@npm:4.1.0" @@ -81,7 +96,7 @@ __metadata: languageName: node linkType: hard -"@actions/github@npm:^6.0.1": +"@actions/github@npm:^6.0.0, @actions/github@npm:^6.0.1": version: 6.0.1 resolution: "@actions/github@npm:6.0.1" dependencies: @@ -1122,6 +1137,7 @@ __metadata: resolution: "@docker/actions-toolkit@workspace:." dependencies: "@actions/artifact": "npm:^4.0.0" + "@actions/attest": "npm:^2.0.0" "@actions/cache": "npm:^4.1.0" "@actions/core": "npm:^1.11.1" "@actions/exec": "npm:^1.1.1" @@ -1132,6 +1148,10 @@ __metadata: "@azure/storage-blob": "npm:^12.15.0" "@octokit/core": "npm:^5.2.2" "@octokit/plugin-rest-endpoint-methods": "npm:^10.4.1" + "@sigstore/bundle": "npm:^3.1.0" + "@sigstore/mock": "npm:^0.10.0" + "@sigstore/rekor-types": "npm:^3.0.0" + "@sigstore/sign": "npm:^3.1.0" "@types/gunzip-maybe": "npm:^1.4.2" "@types/he": "npm:^1.2.3" "@types/js-yaml": "npm:^4.0.9" @@ -1295,6 +1315,15 @@ __metadata: languageName: node linkType: hard +"@isaacs/fs-minipass@npm:^4.0.0": + version: 4.0.1 + resolution: "@isaacs/fs-minipass@npm:4.0.1" + dependencies: + minipass: "npm:^7.0.4" + checksum: 10/4412e9e6713c89c1e66d80bb0bb5a2a93192f10477623a27d08f228ba0316bb880affabc5bfe7f838f58a34d26c2c190da726e576cdfc18c49a72e89adabdcf5 + languageName: node + linkType: hard + "@istanbuljs/load-nyc-config@npm:^1.0.0": version: 1.1.0 resolution: "@istanbuljs/load-nyc-config@npm:1.1.0" @@ -1655,6 +1684,13 @@ __metadata: languageName: node linkType: hard +"@noble/hashes@npm:1.4.0": + version: 1.4.0 + resolution: "@noble/hashes@npm:1.4.0" + checksum: 10/e156e65794c473794c52fa9d06baf1eb20903d0d96719530f523cc4450f6c721a957c544796e6efd0197b2296e7cd70efeb312f861465e17940a3e3c7e0febc6 + languageName: node + linkType: hard + "@nodelib/fs.scandir@npm:2.1.5": version: 2.1.5 resolution: "@nodelib/fs.scandir@npm:2.1.5" @@ -1682,6 +1718,19 @@ __metadata: languageName: node linkType: hard +"@npmcli/agent@npm:^3.0.0": + version: 3.0.0 + resolution: "@npmcli/agent@npm:3.0.0" + dependencies: + agent-base: "npm:^7.1.0" + http-proxy-agent: "npm:^7.0.0" + https-proxy-agent: "npm:^7.0.1" + lru-cache: "npm:^10.0.1" + socks-proxy-agent: "npm:^8.0.3" + checksum: 10/775c9a7eb1f88c195dfb3bce70c31d0fe2a12b28b754e25c08a3edb4bc4816bfedb7ac64ef1e730579d078ca19dacf11630e99f8f3c3e0fd7b23caa5fd6d30a6 + languageName: node + linkType: hard + "@npmcli/fs@npm:^2.1.0": version: 2.1.2 resolution: "@npmcli/fs@npm:2.1.2" @@ -1692,6 +1741,15 @@ __metadata: languageName: node linkType: hard +"@npmcli/fs@npm:^4.0.0": + version: 4.0.0 + resolution: "@npmcli/fs@npm:4.0.0" + dependencies: + semver: "npm:^7.3.5" + checksum: 10/405c4490e1ff11cf299775449a3c254a366a4b1ffc79d87159b0ee7d5558ac9f6a2f8c0735fd6ff3873cef014cb1a44a5f9127cb6a1b2dbc408718cca9365b5a + languageName: node + linkType: hard + "@npmcli/move-file@npm:^2.0.0": version: 2.0.1 resolution: "@npmcli/move-file@npm:2.0.1" @@ -1869,6 +1927,19 @@ __metadata: languageName: node linkType: hard +"@octokit/plugin-retry@npm:^6.0.1": + version: 6.1.0 + resolution: "@octokit/plugin-retry@npm:6.1.0" + dependencies: + "@octokit/request-error": "npm:^5.0.0" + "@octokit/types": "npm:^13.0.0" + bottleneck: "npm:^2.15.3" + peerDependencies: + "@octokit/core": 5 + checksum: 10/ae57d35864e647dc4b1308ad14cccb665134b54fa4e0f07e5fa504b7bc9f23f957913b135d55ef69038ba8c10a63ab1e4a83a5e8dcf13df4d3b727f446be7af1 + languageName: node + linkType: hard + "@octokit/request-error@npm:^5.0.0": version: 5.0.0 resolution: "@octokit/request-error@npm:5.0.0" @@ -1968,6 +2039,173 @@ __metadata: languageName: node linkType: hard +"@peculiar/asn1-cms@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-cms@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + "@peculiar/asn1-x509-attr": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/cb2f2efb26d324fd3732fac5296b48e7bb6e7d960c5d4d3a0240d1e323f06df2d37ffd9f90f5197172ff36433b92e805bcda82df8e42b34c4cfc2aa8de059e0b + languageName: node + linkType: hard + +"@peculiar/asn1-csr@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-csr@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/a08a278443626ac29fdd0bbfd76022f24f6f42b1e29a012f3436c6a13de4cffa89dd1fc09ea0d35960ff51e8daa8901603b2cf285d595ae7d605b4d6bdb36abe + languageName: node + linkType: hard + +"@peculiar/asn1-ecc@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-ecc@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/0d530f2c4011a38e74e08b5cdf0a8604ed5104e0a5c0cd9aca6df4e0bb350da9eb86e12e90e6b7e1baedc9297c9fce6753d069a864c7ad43f4518b0f8e5e0fee + languageName: node + linkType: hard + +"@peculiar/asn1-pfx@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-pfx@npm:2.5.0" + dependencies: + "@peculiar/asn1-cms": "npm:^2.5.0" + "@peculiar/asn1-pkcs8": "npm:^2.5.0" + "@peculiar/asn1-rsa": "npm:^2.5.0" + "@peculiar/asn1-schema": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/c5414ad96b4e16fef6c80ebf98f072207513e5f78d0a33df1389515c6f3356a0246d50dda01f8e291064acef57a254c5ec23d7d302ae744e2813bd8b6a2d0841 + languageName: node + linkType: hard + +"@peculiar/asn1-pkcs8@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-pkcs8@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/66c9524629410d504779e8432788794dc75419a0d1e7c420345a8bcc5d0eb36d9832a07c234d464d20a572ad5dd912bc5d1cd56b2e2787c2ca6315c728498a4f + languageName: node + linkType: hard + +"@peculiar/asn1-pkcs9@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-pkcs9@npm:2.5.0" + dependencies: + "@peculiar/asn1-cms": "npm:^2.5.0" + "@peculiar/asn1-pfx": "npm:^2.5.0" + "@peculiar/asn1-pkcs8": "npm:^2.5.0" + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + "@peculiar/asn1-x509-attr": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/a597a1eaa20fe2eac0ef2e5bda67245b4ffceb8f2e1009007477add655c1fae0faedc68a816de2aa2d5f3b5ec1d597b19b839e1eb0ef42281785cdff1d7927ed + languageName: node + linkType: hard + +"@peculiar/asn1-rsa@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-rsa@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/5a5db66832dadfee08df1c12a214ac82ec52a0f1bdd707fe4802d3204064671beb5c8fd748c299aad457190a73b0fd86aef9e1eb0f4778ce13957533b074c2a5 + languageName: node + linkType: hard + +"@peculiar/asn1-schema@npm:^2.3.13, @peculiar/asn1-schema@npm:^2.3.8, @peculiar/asn1-schema@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-schema@npm:2.5.0" + dependencies: + asn1js: "npm:^3.0.6" + pvtsutils: "npm:^1.3.6" + tslib: "npm:^2.8.1" + checksum: 10/6256d0ecd30a091df95dcecbd1c8fb4d0da355c84bf4306f1a2232d318d2fe6f398333f72e1f05c44eedfe9be807900ac87eeebda3276fbca5a0505d5435ce7a + languageName: node + linkType: hard + +"@peculiar/asn1-x509-attr@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-x509-attr@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + tslib: "npm:^2.8.1" + checksum: 10/f802d2a97cec844d833cd1e74030260aaeab937f0a787994ccfe86a66bece1a21fd69b0a4bab89ba92586569d9e764e939ad5b09e2c70af03102af707de155f4 + languageName: node + linkType: hard + +"@peculiar/asn1-x509@npm:^2.5.0": + version: 2.5.0 + resolution: "@peculiar/asn1-x509@npm:2.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.5.0" + asn1js: "npm:^3.0.6" + pvtsutils: "npm:^1.3.6" + tslib: "npm:^2.8.1" + checksum: 10/d9bcaec630ef2e378395b16cd30de5e8c0dba4ffbdd394d69a7cbc712693f9d87f6005194fa8dd32199f9b600f6b1a6d7ba1c7f4b6948a3ba8551c1daf95b4ea + languageName: node + linkType: hard + +"@peculiar/json-schema@npm:^1.1.12": + version: 1.1.12 + resolution: "@peculiar/json-schema@npm:1.1.12" + dependencies: + tslib: "npm:^2.0.0" + checksum: 10/dfec178afe63a02b6d45da8a18e51ef417e9f5412a8c2809c9a07b29b9376fadee1b4f2ea2d92d4e5a7b8eba76d9e99afbef6d7e9a27bd85257f69c4da228cbc + languageName: node + linkType: hard + +"@peculiar/webcrypto@npm:^1.5.0": + version: 1.5.0 + resolution: "@peculiar/webcrypto@npm:1.5.0" + dependencies: + "@peculiar/asn1-schema": "npm:^2.3.8" + "@peculiar/json-schema": "npm:^1.1.12" + pvtsutils: "npm:^1.3.5" + tslib: "npm:^2.6.2" + webcrypto-core: "npm:^1.8.0" + checksum: 10/a6658390c37b1d386f46066e796985eb56f6f86a772e1373c364ec9a8257adf8623f156596613d2828b489e2b5f32f9d2b0820289b4981646001cba7d21ae2f6 + languageName: node + linkType: hard + +"@peculiar/x509@npm:^1.12.3": + version: 1.14.0 + resolution: "@peculiar/x509@npm:1.14.0" + dependencies: + "@peculiar/asn1-cms": "npm:^2.5.0" + "@peculiar/asn1-csr": "npm:^2.5.0" + "@peculiar/asn1-ecc": "npm:^2.5.0" + "@peculiar/asn1-pkcs9": "npm:^2.5.0" + "@peculiar/asn1-rsa": "npm:^2.5.0" + "@peculiar/asn1-schema": "npm:^2.5.0" + "@peculiar/asn1-x509": "npm:^2.5.0" + pvtsutils: "npm:^1.3.6" + reflect-metadata: "npm:^0.2.2" + tslib: "npm:^2.8.1" + tsyringe: "npm:^4.10.0" + checksum: 10/c167a31cd66b1bda9ff0d0de225cf7b94ca50fa4186d6d8d02adfbe3035d9bf7df23ec38ff672f3c0ef890fd353f725f48d587f12ca6cd20c7edb10d7a67e280 + languageName: node + linkType: hard + "@pkgjs/parseargs@npm:^0.11.0": version: 0.11.0 resolution: "@pkgjs/parseargs@npm:0.11.0" @@ -2056,6 +2294,68 @@ __metadata: languageName: node linkType: hard +"@sigstore/bundle@npm:^3.1.0": + version: 3.1.0 + resolution: "@sigstore/bundle@npm:3.1.0" + dependencies: + "@sigstore/protobuf-specs": "npm:^0.4.0" + checksum: 10/21b246ec63462e8508a8d001ca5d7937f63b6e15d5f2947ee2726d1e4674fb3f7640faa47b165bfea1d5b09df93fbdf10d1556427bba7e005e7f3a65b87f89b2 + languageName: node + linkType: hard + +"@sigstore/core@npm:^2.0.0": + version: 2.0.0 + resolution: "@sigstore/core@npm:2.0.0" + checksum: 10/ec1deae9430eeff580ad0f4ef2328b4eb7252db04587474fe9423d97736134ad79ee83aa2dfbc1fccfb18420c249e26e6e72e7176b592d7013eae5379dcb124d + languageName: node + linkType: hard + +"@sigstore/mock@npm:^0.10.0": + version: 0.10.0 + resolution: "@sigstore/mock@npm:0.10.0" + dependencies: + "@peculiar/webcrypto": "npm:^1.5.0" + "@peculiar/x509": "npm:^1.12.3" + "@sigstore/protobuf-specs": "npm:^0.4.0" + asn1js: "npm:^3.0.5" + bytestreamjs: "npm:^2.0.1" + canonicalize: "npm:^2.0.0" + jose: "npm:^5.9.6" + nock: "npm:^13.5.5" + pkijs: "npm:^3.2.4" + pvutils: "npm:^1.1.3" + checksum: 10/f0fd63e2c879a94af1f3331f61d11589c3026a5215882721a36d70d7b4a935fc47afa5e971e8948cf845cb4b01c8ea62d2031334351deb5b8415a09e95b7aaab + languageName: node + linkType: hard + +"@sigstore/protobuf-specs@npm:^0.4.0": + version: 0.4.3 + resolution: "@sigstore/protobuf-specs@npm:0.4.3" + checksum: 10/05bcb534b6096c095185c74b1718af89666299444490d84d35610f590bc4e2bf1a6a29c2c4f18598ddbd3a8a43c95f0a89faa98c05b44ff0be1dcd8b39f7e323 + languageName: node + linkType: hard + +"@sigstore/rekor-types@npm:^3.0.0": + version: 3.0.0 + resolution: "@sigstore/rekor-types@npm:3.0.0" + checksum: 10/f17a274b230ccbafad9beda6c568a80eeadb0f0c01ae09436522dadfc87839607116ef2855e959a34c02e86785600ea67f0e323cdb01e8cd211c3f72153742e7 + languageName: node + linkType: hard + +"@sigstore/sign@npm:^3.1.0": + version: 3.1.0 + resolution: "@sigstore/sign@npm:3.1.0" + dependencies: + "@sigstore/bundle": "npm:^3.1.0" + "@sigstore/core": "npm:^2.0.0" + "@sigstore/protobuf-specs": "npm:^0.4.0" + make-fetch-happen: "npm:^14.0.2" + proc-log: "npm:^5.0.0" + promise-retry: "npm:^2.0.1" + checksum: 10/e0ce0aa52b572eefa06a8260a7329f349c56217f2bbb6f167259c6e02e148987073e0dddc5e3c40ea4aafc89b8b0176e2617fb16f9c8c50cf0c1437b6c90fca4 + languageName: node + linkType: hard + "@sinclair/typebox@npm:^0.27.8": version: 0.27.8 resolution: "@sinclair/typebox@npm:0.27.8" @@ -2570,6 +2870,13 @@ __metadata: languageName: node linkType: hard +"agent-base@npm:^7.1.0, agent-base@npm:^7.1.2": + version: 7.1.4 + resolution: "agent-base@npm:7.1.4" + checksum: 10/79bef167247789f955aaba113bae74bf64aa1e1acca4b1d6bb444bdf91d82c3e07e9451ef6a6e2e35e8f71a6f97ce33e3d855a5328eb9fad1bc3cc4cfd031ed8 + languageName: node + linkType: hard + "agentkeepalive@npm:^4.2.1": version: 4.2.1 resolution: "agentkeepalive@npm:4.2.1" @@ -2876,6 +3183,17 @@ __metadata: languageName: node linkType: hard +"asn1js@npm:^3.0.5, asn1js@npm:^3.0.6": + version: 3.0.6 + resolution: "asn1js@npm:3.0.6" + dependencies: + pvtsutils: "npm:^1.3.6" + pvutils: "npm:^1.1.3" + tslib: "npm:^2.8.1" + checksum: 10/2b283dd87662b3276ccc3e68db041c1062f629d9454b24fc2c141ad07c400ae50e02ee78f8c8a67043aa7d430e949d4616b8921178243932167bc2c9e861b972 + languageName: node + linkType: hard + "async-function@npm:^1.0.0": version: 1.0.0 resolution: "async-function@npm:1.0.0" @@ -3165,6 +3483,13 @@ __metadata: languageName: node linkType: hard +"bytestreamjs@npm:^2.0.1": + version: 2.0.1 + resolution: "bytestreamjs@npm:2.0.1" + checksum: 10/523b1024e3f887cdc0b3db7c4fc14b8563aaeb75e6642a41991b3208277fd0ae9cd66003c73473fe706c42797bf0c3f1f498fb9880b431d75b332e5709d56a0c + languageName: node + linkType: hard + "cacache@npm:^16.1.0": version: 16.1.3 resolution: "cacache@npm:16.1.3" @@ -3191,6 +3516,26 @@ __metadata: languageName: node linkType: hard +"cacache@npm:^19.0.1": + version: 19.0.1 + resolution: "cacache@npm:19.0.1" + dependencies: + "@npmcli/fs": "npm:^4.0.0" + fs-minipass: "npm:^3.0.0" + glob: "npm:^10.2.2" + lru-cache: "npm:^10.0.1" + minipass: "npm:^7.0.3" + minipass-collect: "npm:^2.0.1" + minipass-flush: "npm:^1.0.5" + minipass-pipeline: "npm:^1.2.4" + p-map: "npm:^7.0.2" + ssri: "npm:^12.0.0" + tar: "npm:^7.4.3" + unique-filename: "npm:^4.0.0" + checksum: 10/ea026b27b13656330c2bbaa462a88181dcaa0435c1c2e705db89b31d9bdf7126049d6d0445ba746dca21454a0cfdf1d6f47fd39d34c8c8435296b30bc5738a13 + languageName: node + linkType: hard + "call-bind-apply-helpers@npm:^1.0.0, call-bind-apply-helpers@npm:^1.0.1, call-bind-apply-helpers@npm:^1.0.2": version: 1.0.2 resolution: "call-bind-apply-helpers@npm:1.0.2" @@ -3281,6 +3626,15 @@ __metadata: languageName: node linkType: hard +"canonicalize@npm:^2.0.0": + version: 2.1.0 + resolution: "canonicalize@npm:2.1.0" + bin: + canonicalize: bin/canonicalize.js + checksum: 10/6ab9b9c2b84e6a210e1d55f9f1194d69c1b955512f38cc53b0529c654807f469e21b5099750c76e2b8464650d829c01234c923526450fac263a1d89cf2bb61df + languageName: node + linkType: hard + "chainsaw@npm:~0.1.0": version: 0.1.0 resolution: "chainsaw@npm:0.1.0" @@ -3325,6 +3679,13 @@ __metadata: languageName: node linkType: hard +"chownr@npm:^3.0.0": + version: 3.0.0 + resolution: "chownr@npm:3.0.0" + checksum: 10/b63cb1f73d171d140a2ed8154ee6566c8ab775d3196b0e03a2a94b5f6a0ce7777ee5685ca56849403c8d17bd457a6540672f9a60696a6137c7a409097495b82c + languageName: node + linkType: hard + "ci-info@npm:^3.2.0": version: 3.3.0 resolution: "ci-info@npm:3.3.0" @@ -4756,6 +5117,15 @@ __metadata: languageName: node linkType: hard +"fs-minipass@npm:^3.0.0": + version: 3.0.3 + resolution: "fs-minipass@npm:3.0.3" + dependencies: + minipass: "npm:^7.0.3" + checksum: 10/af143246cf6884fe26fa281621d45cfe111d34b30535a475bfa38dafe343dadb466c047a924ffc7d6b7b18265df4110224ce3803806dbb07173bf2087b648d7f + languageName: node + linkType: hard + "fs.realpath@npm:^1.0.0": version: 1.0.0 resolution: "fs.realpath@npm:1.0.0" @@ -5014,6 +5384,22 @@ __metadata: languageName: node linkType: hard +"glob@npm:^10.2.2": + version: 10.4.5 + resolution: "glob@npm:10.4.5" + dependencies: + foreground-child: "npm:^3.1.0" + jackspeak: "npm:^3.1.2" + minimatch: "npm:^9.0.4" + minipass: "npm:^7.1.2" + package-json-from-dist: "npm:^1.0.0" + path-scurry: "npm:^1.11.1" + bin: + glob: dist/esm/bin.mjs + checksum: 10/698dfe11828b7efd0514cd11e573eaed26b2dff611f0400907281ce3eab0c1e56143ef9b35adc7c77ecc71fba74717b510c7c223d34ca8a98ec81777b293d4ac + languageName: node + linkType: hard + "glob@npm:^11.0.0": version: 11.0.3 resolution: "glob@npm:11.0.3" @@ -5326,6 +5712,13 @@ __metadata: languageName: node linkType: hard +"http-cache-semantics@npm:^4.1.1": + version: 4.2.0 + resolution: "http-cache-semantics@npm:4.2.0" + checksum: 10/4efd2dfcfeea9d5e88c84af450b9980be8a43c2c8179508b1c57c7b4421c855f3e8efe92fa53e0b3f4a43c85824ada930eabbc306d1b3beab750b6dcc5187693 + languageName: node + linkType: hard + "http-proxy-agent@npm:^5.0.0": version: 5.0.0 resolution: "http-proxy-agent@npm:5.0.0" @@ -5337,6 +5730,16 @@ __metadata: languageName: node linkType: hard +"http-proxy-agent@npm:^7.0.0": + version: 7.0.2 + resolution: "http-proxy-agent@npm:7.0.2" + dependencies: + agent-base: "npm:^7.1.0" + debug: "npm:^4.3.4" + checksum: 10/d062acfa0cb82beeb558f1043c6ba770ea892b5fb7b28654dbc70ea2aeea55226dd34c02a294f6c1ca179a5aa483c4ea641846821b182edbd9cc5d89b54c6848 + languageName: node + linkType: hard + "https-proxy-agent@npm:^5.0.0": version: 5.0.0 resolution: "https-proxy-agent@npm:5.0.0" @@ -5347,6 +5750,16 @@ __metadata: languageName: node linkType: hard +"https-proxy-agent@npm:^7.0.1": + version: 7.0.6 + resolution: "https-proxy-agent@npm:7.0.6" + dependencies: + agent-base: "npm:^7.1.2" + debug: "npm:4" + checksum: 10/784b628cbd55b25542a9d85033bdfd03d4eda630fb8b3c9477959367f3be95dc476ed2ecbb9836c359c7c698027fc7b45723a302324433590f45d6c1706e8c13 + languageName: node + linkType: hard + "human-signals@npm:^2.1.0": version: 2.1.0 resolution: "human-signals@npm:2.1.0" @@ -5497,6 +5910,13 @@ __metadata: languageName: node linkType: hard +"ip-address@npm:^10.0.1": + version: 10.0.1 + resolution: "ip-address@npm:10.0.1" + checksum: 10/09731acda32cd8e14c46830c137e7e5940f47b36d63ffb87c737331270287d631cf25aa95570907a67d3f919fdb25f4470c404eda21e62f22e0a55927f4dd0fb + languageName: node + linkType: hard + "ip-regex@npm:^2.1.0": version: 2.1.0 resolution: "ip-regex@npm:2.1.0" @@ -6099,6 +6519,19 @@ __metadata: languageName: node linkType: hard +"jackspeak@npm:^3.1.2": + version: 3.4.3 + resolution: "jackspeak@npm:3.4.3" + dependencies: + "@isaacs/cliui": "npm:^8.0.2" + "@pkgjs/parseargs": "npm:^0.11.0" + dependenciesMeta: + "@pkgjs/parseargs": + optional: true + checksum: 10/96f8786eaab98e4bf5b2a5d6d9588ea46c4d06bbc4f2eb861fdd7b6b182b16f71d8a70e79820f335d52653b16d4843b29dd9cdcf38ae80406756db9199497cf3 + languageName: node + linkType: hard + "jackspeak@npm:^4.1.1": version: 4.1.1 resolution: "jackspeak@npm:4.1.1" @@ -6547,6 +6980,13 @@ __metadata: languageName: node linkType: hard +"jose@npm:^5.10.0, jose@npm:^5.9.6": + version: 5.10.0 + resolution: "jose@npm:5.10.0" + checksum: 10/03881d1dfb390dcf50926402edcfe233bf557b5a77321fcb1bdb53453bc1cdd26d2d0a9ab28c7445cbb826881f84fdf5074179700f10c2711ccb9880f51065d7 + languageName: node + linkType: hard + "js-tokens@npm:^4.0.0": version: 4.0.0 resolution: "js-tokens@npm:4.0.0" @@ -6614,6 +7054,13 @@ __metadata: languageName: node linkType: hard +"json-stringify-safe@npm:^5.0.1": + version: 5.0.1 + resolution: "json-stringify-safe@npm:5.0.1" + checksum: 10/59169a081e4eeb6f9559ae1f938f656191c000e0512aa6df9f3c8b2437a4ab1823819c6b9fd1818a4e39593ccfd72e9a051fdd3e2d1e340ed913679e888ded8c + languageName: node + linkType: hard + "json5@npm:^1.0.2": version: 1.0.2 resolution: "json5@npm:1.0.2" @@ -6736,6 +7183,13 @@ __metadata: languageName: node linkType: hard +"lru-cache@npm:^10.0.1": + version: 10.4.3 + resolution: "lru-cache@npm:10.4.3" + checksum: 10/e6e90267360476720fa8e83cc168aa2bf0311f3f2eea20a6ba78b90a885ae72071d9db132f40fda4129c803e7dcec3a6b6a6fbb44ca90b081630b810b5d6a41a + languageName: node + linkType: hard + "lru-cache@npm:^10.2.0": version: 10.2.0 resolution: "lru-cache@npm:10.2.0" @@ -6815,6 +7269,25 @@ __metadata: languageName: node linkType: hard +"make-fetch-happen@npm:^14.0.2": + version: 14.0.3 + resolution: "make-fetch-happen@npm:14.0.3" + dependencies: + "@npmcli/agent": "npm:^3.0.0" + cacache: "npm:^19.0.1" + http-cache-semantics: "npm:^4.1.1" + minipass: "npm:^7.0.2" + minipass-fetch: "npm:^4.0.0" + minipass-flush: "npm:^1.0.5" + minipass-pipeline: "npm:^1.2.4" + negotiator: "npm:^1.0.0" + proc-log: "npm:^5.0.0" + promise-retry: "npm:^2.0.1" + ssri: "npm:^12.0.0" + checksum: 10/fce0385840b6d86b735053dfe941edc2dd6468fda80fe74da1eeff10cbd82a75760f406194f2bc2fa85b99545b2bc1f84c08ddf994b21830775ba2d1a87e8bdf + languageName: node + linkType: hard + "makeerror@npm:1.0.12": version: 1.0.12 resolution: "makeerror@npm:1.0.12" @@ -6956,6 +7429,15 @@ __metadata: languageName: node linkType: hard +"minipass-collect@npm:^2.0.1": + version: 2.0.1 + resolution: "minipass-collect@npm:2.0.1" + dependencies: + minipass: "npm:^7.0.3" + checksum: 10/b251bceea62090f67a6cced7a446a36f4cd61ee2d5cea9aee7fff79ba8030e416327a1c5aa2908dc22629d06214b46d88fdab8c51ac76bacbf5703851b5ad342 + languageName: node + linkType: hard + "minipass-fetch@npm:^2.0.3": version: 2.1.2 resolution: "minipass-fetch@npm:2.1.2" @@ -6971,6 +7453,21 @@ __metadata: languageName: node linkType: hard +"minipass-fetch@npm:^4.0.0": + version: 4.0.1 + resolution: "minipass-fetch@npm:4.0.1" + dependencies: + encoding: "npm:^0.1.13" + minipass: "npm:^7.0.3" + minipass-sized: "npm:^1.0.3" + minizlib: "npm:^3.0.1" + dependenciesMeta: + encoding: + optional: true + checksum: 10/7ddfebdbb87d9866e7b5f7eead5a9e3d9d507992af932a11d275551f60006cf7d9178e66d586dbb910894f3e3458d27c0ddf93c76e94d49d0a54a541ddc1263d + languageName: node + linkType: hard + "minipass-flush@npm:^1.0.5": version: 1.0.5 resolution: "minipass-flush@npm:1.0.5" @@ -7021,6 +7518,13 @@ __metadata: languageName: node linkType: hard +"minipass@npm:^7.0.2, minipass@npm:^7.0.3, minipass@npm:^7.1.2": + version: 7.1.2 + resolution: "minipass@npm:7.1.2" + checksum: 10/c25f0ee8196d8e6036661104bacd743785b2599a21de5c516b32b3fa2b83113ac89a2358465bc04956baab37ffb956ae43be679b2262bf7be15fce467ccd7950 + languageName: node + linkType: hard + "minipass@npm:^7.0.4": version: 7.0.4 resolution: "minipass@npm:7.0.4" @@ -7028,13 +7532,6 @@ __metadata: languageName: node linkType: hard -"minipass@npm:^7.1.2": - version: 7.1.2 - resolution: "minipass@npm:7.1.2" - checksum: 10/c25f0ee8196d8e6036661104bacd743785b2599a21de5c516b32b3fa2b83113ac89a2358465bc04956baab37ffb956ae43be679b2262bf7be15fce467ccd7950 - languageName: node - linkType: hard - "minizlib@npm:^2.1.1, minizlib@npm:^2.1.2": version: 2.1.2 resolution: "minizlib@npm:2.1.2" @@ -7045,6 +7542,15 @@ __metadata: languageName: node linkType: hard +"minizlib@npm:^3.0.1, minizlib@npm:^3.1.0": + version: 3.1.0 + resolution: "minizlib@npm:3.1.0" + dependencies: + minipass: "npm:^7.1.2" + checksum: 10/f47365cc2cb7f078cbe7e046eb52655e2e7e97f8c0a9a674f4da60d94fb0624edfcec9b5db32e8ba5a99a5f036f595680ae6fe02a262beaa73026e505cc52f99 + languageName: node + linkType: hard + "mkdirp@npm:^0.5.1": version: 0.5.6 resolution: "mkdirp@npm:0.5.6" @@ -7093,6 +7599,13 @@ __metadata: languageName: node linkType: hard +"negotiator@npm:^1.0.0": + version: 1.0.0 + resolution: "negotiator@npm:1.0.0" + checksum: 10/b5734e87295324fabf868e36fb97c84b7d7f3156ec5f4ee5bf6e488079c11054f818290fc33804cef7b1ee21f55eeb14caea83e7dafae6492a409b3e573153e5 + languageName: node + linkType: hard + "neo-async@npm:^2.6.2": version: 2.6.2 resolution: "neo-async@npm:2.6.2" @@ -7100,6 +7613,17 @@ __metadata: languageName: node linkType: hard +"nock@npm:^13.5.5": + version: 13.5.6 + resolution: "nock@npm:13.5.6" + dependencies: + debug: "npm:^4.1.0" + json-stringify-safe: "npm:^5.0.1" + propagate: "npm:^2.0.0" + checksum: 10/a57c265b75e5f7767e2f8baf058773cdbf357c31c5fea2761386ec03a008a657f9df921899fe2a9502773b47145b708863b32345aef529b3c45cba4019120f88 + languageName: node + linkType: hard + "node-fetch@npm:^2.6.7": version: 2.6.7 resolution: "node-fetch@npm:2.6.7" @@ -7383,6 +7907,13 @@ __metadata: languageName: node linkType: hard +"p-map@npm:^7.0.2": + version: 7.0.3 + resolution: "p-map@npm:7.0.3" + checksum: 10/2ef48ccfc6dd387253d71bf502604f7893ed62090b2c9d73387f10006c342606b05233da0e4f29388227b61eb5aeface6197e166520c465c234552eeab2fe633 + languageName: node + linkType: hard + "p-try@npm:^2.0.0": version: 2.2.0 resolution: "p-try@npm:2.2.0" @@ -7463,6 +7994,16 @@ __metadata: languageName: node linkType: hard +"path-scurry@npm:^1.11.1": + version: 1.11.1 + resolution: "path-scurry@npm:1.11.1" + dependencies: + lru-cache: "npm:^10.2.0" + minipass: "npm:^5.0.0 || ^6.0.2 || ^7.0.0" + checksum: 10/5e8845c159261adda6f09814d7725683257fcc85a18f329880ab4d7cc1d12830967eae5d5894e453f341710d5484b8fdbbd4d75181b4d6e1eb2f4dc7aeadc434 + languageName: node + linkType: hard + "path-scurry@npm:^2.0.0": version: 2.0.0 resolution: "path-scurry@npm:2.0.0" @@ -7528,6 +8069,20 @@ __metadata: languageName: node linkType: hard +"pkijs@npm:^3.2.4": + version: 3.3.2 + resolution: "pkijs@npm:3.3.2" + dependencies: + "@noble/hashes": "npm:1.4.0" + asn1js: "npm:^3.0.6" + bytestreamjs: "npm:^2.0.1" + pvtsutils: "npm:^1.3.6" + pvutils: "npm:^1.1.3" + tslib: "npm:^2.8.1" + checksum: 10/aefd2504a7f0d9114c7efeaab1391f492498fc5b8acf49bd06257617915b80344328b143bb6cb25be180c3eee39e32964722e43a2ced48742dd418e7fb7bbd7a + languageName: node + linkType: hard + "possible-typed-array-names@npm:^1.0.0": version: 1.0.0 resolution: "possible-typed-array-names@npm:1.0.0" @@ -7571,6 +8126,13 @@ __metadata: languageName: node linkType: hard +"proc-log@npm:^5.0.0": + version: 5.0.0 + resolution: "proc-log@npm:5.0.0" + checksum: 10/35610bdb0177d3ab5d35f8827a429fb1dc2518d9e639f2151ac9007f01a061c30e0c635a970c9b00c39102216160f6ec54b62377c92fac3b7bfc2ad4b98d195c + languageName: node + linkType: hard + "process-nextick-args@npm:~2.0.0": version: 2.0.1 resolution: "process-nextick-args@npm:2.0.1" @@ -7612,6 +8174,13 @@ __metadata: languageName: node linkType: hard +"propagate@npm:^2.0.0": + version: 2.0.1 + resolution: "propagate@npm:2.0.1" + checksum: 10/8c761c16e8232f82f6d015d3e01e8bd4109f47ad804f904d950f6fe319813b448ca112246b6bfdc182b400424b155b0b7c4525a9bb009e6fa950200157569c14 + languageName: node + linkType: hard + "psl@npm:^1.1.28": version: 1.9.0 resolution: "psl@npm:1.9.0" @@ -7661,6 +8230,22 @@ __metadata: languageName: node linkType: hard +"pvtsutils@npm:^1.3.5, pvtsutils@npm:^1.3.6": + version: 1.3.6 + resolution: "pvtsutils@npm:1.3.6" + dependencies: + tslib: "npm:^2.8.1" + checksum: 10/d45b12f8526e13ecf15fe09b30cde65501f3300fd2a07c11b28a966d434d1f767c8a61597ecba2e19c7eb19ca0c740341a6babc67a4f741e08b1ef1095c71663 + languageName: node + linkType: hard + +"pvutils@npm:^1.1.3": + version: 1.1.5 + resolution: "pvutils@npm:1.1.5" + checksum: 10/9a5a71603c72bf9ea3a4501e8251e3f7a56026ed059bf63a18bd9a30cac6c35cc8250b39eb6291c1cb204cdeb6660663ab9bb2c74e85a512919bb2d614e340ea + languageName: node + linkType: hard + "queue-microtask@npm:^1.2.2": version: 1.2.3 resolution: "queue-microtask@npm:1.2.3" @@ -7730,6 +8315,13 @@ __metadata: languageName: node linkType: hard +"reflect-metadata@npm:^0.2.2": + version: 0.2.2 + resolution: "reflect-metadata@npm:0.2.2" + checksum: 10/1c93f9ac790fea1c852fde80c91b2760420069f4862f28e6fae0c00c6937a56508716b0ed2419ab02869dd488d123c4ab92d062ae84e8739ea7417fae10c4745 + languageName: node + linkType: hard + "reflect.getprototypeof@npm:^1.0.6, reflect.getprototypeof@npm:^1.0.9": version: 1.0.10 resolution: "reflect.getprototypeof@npm:1.0.10" @@ -8267,6 +8859,17 @@ __metadata: languageName: node linkType: hard +"socks-proxy-agent@npm:^8.0.3": + version: 8.0.5 + resolution: "socks-proxy-agent@npm:8.0.5" + dependencies: + agent-base: "npm:^7.1.2" + debug: "npm:^4.3.4" + socks: "npm:^2.8.3" + checksum: 10/ee99e1dacab0985b52cbe5a75640be6e604135e9489ebdc3048635d186012fbaecc20fbbe04b177dee434c319ba20f09b3e7dfefb7d932466c0d707744eac05c + languageName: node + linkType: hard + "socks@npm:^2.6.2": version: 2.7.1 resolution: "socks@npm:2.7.1" @@ -8277,6 +8880,16 @@ __metadata: languageName: node linkType: hard +"socks@npm:^2.8.3": + version: 2.8.7 + resolution: "socks@npm:2.8.7" + dependencies: + ip-address: "npm:^10.0.1" + smart-buffer: "npm:^4.2.0" + checksum: 10/d19366c95908c19db154f329bbe94c2317d315dc933a7c2b5101e73f32a555c84fb199b62174e1490082a593a4933d8d5a9b297bde7d1419c14a11a965f51356 + languageName: node + linkType: hard + "source-map-support@npm:0.5.13": version: 0.5.13 resolution: "source-map-support@npm:0.5.13" @@ -8308,6 +8921,15 @@ __metadata: languageName: node linkType: hard +"ssri@npm:^12.0.0": + version: 12.0.0 + resolution: "ssri@npm:12.0.0" + dependencies: + minipass: "npm:^7.0.3" + checksum: 10/7024c1a6e39b3f18aa8f1c8290e884fe91b0f9ca5a6c6d410544daad54de0ba664db879afe16412e187c6c292fd60b937f047ee44292e5c2af2dcc6d8e1a9b48 + languageName: node + linkType: hard + "ssri@npm:^9.0.0": version: 9.0.1 resolution: "ssri@npm:9.0.1" @@ -8635,6 +9257,19 @@ __metadata: languageName: node linkType: hard +"tar@npm:^7.4.3": + version: 7.5.1 + resolution: "tar@npm:7.5.1" + dependencies: + "@isaacs/fs-minipass": "npm:^4.0.0" + chownr: "npm:^3.0.0" + minipass: "npm:^7.1.2" + minizlib: "npm:^3.1.0" + yallist: "npm:^5.0.0" + checksum: 10/4848cd2fa2fcaf0734cf54e14bc685056eb43a74d7cc7f954c3ac88fea88c85d95b1d7896619f91aab6f2234c5eec731c18aaa201a78fcf86985bdc824ed7a00 + languageName: node + linkType: hard + "test-exclude@npm:^6.0.0": version: 6.0.0 resolution: "test-exclude@npm:6.0.0" @@ -8826,13 +9461,20 @@ __metadata: languageName: node linkType: hard -"tslib@npm:^1.10.0": +"tslib@npm:^1.10.0, tslib@npm:^1.9.3": version: 1.14.1 resolution: "tslib@npm:1.14.1" checksum: 10/7dbf34e6f55c6492637adb81b555af5e3b4f9cc6b998fb440dac82d3b42bdc91560a35a5fb75e20e24a076c651438234da6743d139e4feabf0783f3cdfe1dddb languageName: node linkType: hard +"tslib@npm:^2.0.0, tslib@npm:^2.6.2, tslib@npm:^2.7.0, tslib@npm:^2.8.1": + version: 2.8.1 + resolution: "tslib@npm:2.8.1" + checksum: 10/3e2e043d5c2316461cb54e5c7fe02c30ef6dccb3384717ca22ae5c6b5bc95232a6241df19c622d9c73b809bea33b187f6dbc73030963e29950c2141bc32a79f7 + languageName: node + linkType: hard + "tslib@npm:^2.2.0": version: 2.6.0 resolution: "tslib@npm:2.6.0" @@ -8840,6 +9482,15 @@ __metadata: languageName: node linkType: hard +"tsyringe@npm:^4.10.0": + version: 4.10.0 + resolution: "tsyringe@npm:4.10.0" + dependencies: + tslib: "npm:^1.9.3" + checksum: 10/b42660dc112cee2db02b3d69f2ef6a6a9d185afd96b18d8f88e47c1e62be94b69a9f5a58fcfdb2a3fbb7c6c175b8162ea00f7db6499bf333ce945e570e31615c + languageName: node + linkType: hard + "tunnel@npm:0.0.6, tunnel@npm:^0.0.6": version: 0.0.6 resolution: "tunnel@npm:0.0.6" @@ -9134,6 +9785,15 @@ __metadata: languageName: node linkType: hard +"unique-filename@npm:^4.0.0": + version: 4.0.0 + resolution: "unique-filename@npm:4.0.0" + dependencies: + unique-slug: "npm:^5.0.0" + checksum: 10/6a62094fcac286b9ec39edbd1f8f64ff92383baa430af303dfed1ffda5e47a08a6b316408554abfddd9730c78b6106bef4ca4d02c1231a735ddd56ced77573df + languageName: node + linkType: hard + "unique-slug@npm:^3.0.0": version: 3.0.0 resolution: "unique-slug@npm:3.0.0" @@ -9143,6 +9803,15 @@ __metadata: languageName: node linkType: hard +"unique-slug@npm:^5.0.0": + version: 5.0.0 + resolution: "unique-slug@npm:5.0.0" + dependencies: + imurmurhash: "npm:^0.1.4" + checksum: 10/beafdf3d6f44990e0a5ce560f8f881b4ee811be70b6ba0db25298c31c8cf525ed963572b48cd03be1c1349084f9e339be4241666d7cf1ebdad20598d3c652b27 + languageName: node + linkType: hard + "universal-user-agent@npm:^6.0.0": version: 6.0.0 resolution: "universal-user-agent@npm:6.0.0" @@ -9226,6 +9895,19 @@ __metadata: languageName: node linkType: hard +"webcrypto-core@npm:^1.8.0": + version: 1.8.1 + resolution: "webcrypto-core@npm:1.8.1" + dependencies: + "@peculiar/asn1-schema": "npm:^2.3.13" + "@peculiar/json-schema": "npm:^1.1.12" + asn1js: "npm:^3.0.5" + pvtsutils: "npm:^1.3.5" + tslib: "npm:^2.7.0" + checksum: 10/1a03144cb0b34433da0ebff79b1f8b81a17e4edee32614ae310af2b92e97cec24fcf82319a457798fa2c2259808d9cdaecda186655e4ec2616adf8669ffa505c + languageName: node + linkType: hard + "webidl-conversions@npm:^3.0.0": version: 3.0.1 resolution: "webidl-conversions@npm:3.0.1" @@ -9468,6 +10150,13 @@ __metadata: languageName: node linkType: hard +"yallist@npm:^5.0.0": + version: 5.0.0 + resolution: "yallist@npm:5.0.0" + checksum: 10/1884d272d485845ad04759a255c71775db0fac56308764b4c77ea56a20d56679fad340213054c8c9c9c26fcfd4c4b2a90df993b7e0aaf3cdb73c618d1d1a802a + languageName: node + linkType: hard + "yargs-parser@npm:^21.1.1": version: 21.1.1 resolution: "yargs-parser@npm:21.1.1"