docker/actions-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 131 Tags
18925ea1d8a911f9dccb14bde8c5cffeff9d8a8c
Commit Graph

16 Commits

Author SHA1 Message Date
CrazyMax
e169fb346d github: move artifact and summary logic to dedicated classes 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-05 13:31:13 +01:00
CrazyMax
17e08b98a8 sigstore: verifyArtifact func to verify arbitrary artifact 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 17:25:57 +01:00
CrazyMax
faa5b5bf22 switch to ESM and update config/test wiring 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 10:35:34 +01:00
CrazyMax
882907c07b Merge pull request #931 from docker/sigstore-signing-config 
sigstore: use signing config with cosign
 2026-01-15 17:11:42 +01:00
CrazyMax
a5dc8e7614 sigstore: opt to verify attestation manifest for specific platform 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-14 12:23:11 +01:00
CrazyMax
b4f34ed319 sigstore: make retry on manifest unknown optional 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 16:21:46 +01:00
CrazyMax
c47fbe6179 sigstore: use signing config with cosign 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 15:14:37 +01:00
CrazyMax
0162b2cf8b cosign: clear errors if manifest or bundle payload found 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 13:25:39 +01:00
CrazyMax
7397cfe37c sigstore: add function to verify image attestations 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 13:21:55 +01:00
CrazyMax
d018ed13d0 sigstore: remove verbose flag from persisted cosign args 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-12 14:44:23 +01:00
CrazyMax
85dfc7a573 sigstore: remove @actions/attest dependency 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-05 11:11:57 +01:00
CrazyMax
6bd8db31fe sigstore: multi image names support for signing 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-04 13:36:03 +01:00
CrazyMax
5d9b7822a6 sigstore: sign and verify BuildKit attestation manifests 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 09:35:07 +01:00
CrazyMax
364d8e8cda sigstore: verifySignedArtifacts func 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:34 +01:00
CrazyMax
1c0dc52a0e sigstore: always set TSA server endpoint to provide trusted timestamping 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:34 +01:00
CrazyMax
36cc95143c sigstore class to sign buildkit provenance blobs 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:33 +01:00