docker/actions-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,115 Commits 1 Branch 131 Tags
main
Commit Graph

15 Commits

Author SHA1 Message Date
CrazyMax
6b70c3ac3a sigstore: wire tests to explicit cosign binaries 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-04-08 12:15:42 +02:00
CrazyMax
ab22ca5180 sigstore: default blob attestation verification to SLSA provenance v1 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-04-07 16:41:12 +02:00
CrazyMax
b6a3cad225 test: inline mocks in unit test setup 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-27 03:02:00 +01:00
CrazyMax
14b5eee617 move to nodenext and simplify TS/ESM config 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-26 23:50:31 +01:00
CrazyMax
fa21647770 switch from Jest to Vitest 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-26 23:50:31 +01:00
CrazyMax
882907c07b Merge pull request #931 from docker/sigstore-signing-config 
sigstore: use signing config with cosign
 2026-01-15 17:11:42 +01:00
CrazyMax
a5dc8e7614 sigstore: opt to verify attestation manifest for specific platform 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-14 12:23:11 +01:00
CrazyMax
c47fbe6179 sigstore: use signing config with cosign 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 15:14:37 +01:00
CrazyMax
345531d0a4 sigstore: test signAttestationManifests 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 14:56:12 +01:00
CrazyMax
7397cfe37c sigstore: add function to verify image attestations 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 13:21:55 +01:00
CrazyMax
44e7279490 cosign(install): verify binary signature with keyless verification bundle 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-16 15:02:36 +01:00
CrazyMax
85dfc7a573 sigstore: remove @actions/attest dependency 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-05 11:11:57 +01:00
CrazyMax
364d8e8cda sigstore: verifySignedArtifacts func 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:34 +01:00
CrazyMax
1c0dc52a0e sigstore: always set TSA server endpoint to provide trusted timestamping 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:34 +01:00
CrazyMax
36cc95143c sigstore class to sign buildkit provenance blobs 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:33 +01:00