docker/actions-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,936 Commits 1 Branch 131 Tags
5b2d914820086884deca0dddc9df8d73ea0fe296
Commit Graph

377 Commits

Author SHA1 Message Date
CrazyMax
14b5eee617 move to nodenext and simplify TS/ESM config 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-26 23:50:31 +01:00
CrazyMax
5e783cc801 github: use default client and skip archive when uploading artifact 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-26 09:39:03 +01:00
CrazyMax
c790a5b549 buildx(build): handle domain when checking git auth token secret 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-09 17:18:52 +01:00
CrazyMax
e169fb346d github: move artifact and summary logic to dedicated classes 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-05 13:31:13 +01:00
CrazyMax
386d77d22d github: vendor isGhes() func from @actions/artifact module 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-02-02 17:58:09 +01:00
CrazyMax
17e08b98a8 sigstore: verifyArtifact func to verify arbitrary artifact 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 17:25:57 +01:00
CrazyMax
89e14b0d85 buildx(install): workaround to check subjectAlternativeName 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 17:24:22 +01:00
CrazyMax
d830716b30 buildx(install): use sigstore module to verify signature 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 17:24:21 +01:00
CrazyMax
537174131a replace direct octokit deps with @actions/github types 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 16:29:39 +01:00
CrazyMax
2617546094 github: derive summary table types from core API 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 12:16:41 +01:00
CrazyMax
9348f81855 git: drop types/git and inline GitHub context type 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 12:16:40 +01:00
CrazyMax
faa5b5bf22 switch to ESM and update config/test wiring 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-28 10:35:34 +01:00
CrazyMax
882907c07b Merge pull request #931 from docker/sigstore-signing-config 
sigstore: use signing config with cosign
 2026-01-15 17:11:42 +01:00
CrazyMax
79a6dd0432 Merge pull request #938 from crazy-max/bake-def-envs
Some checks failed
publish / publish (push) Has been cancelled
Details 
buildx(bake): merge existing env vars when parsing definition
 2026-01-14 14:03:57 +01:00
CrazyMax
306d954be2 buildx(bake): merge existing env vars when parsing definition 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-14 13:51:42 +01:00
CrazyMax
a5dc8e7614 sigstore: opt to verify attestation manifest for specific platform 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-14 12:23:11 +01:00
CrazyMax
c9ffda6adf Merge pull request #936 from crazy-max/oci-defaultPlatform 
oci: defaultPlatform function
 2026-01-14 12:01:47 +01:00
CrazyMax
af989cc324 oci: defaultPlatform function 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-14 11:49:45 +01:00
CrazyMax
f136d06171 buildx(imagetools): opt to filter attestation manifests by platform 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-14 10:52:51 +01:00
CrazyMax
b4f34ed319 sigstore: make retry on manifest unknown optional 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 16:21:46 +01:00
CrazyMax
c47fbe6179 sigstore: use signing config with cosign 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 15:14:37 +01:00
CrazyMax
0162b2cf8b cosign: clear errors if manifest or bundle payload found 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 13:25:39 +01:00
CrazyMax
7397cfe37c sigstore: add function to verify image attestations 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-01-13 13:21:55 +01:00
copilot-swe-agent[bot]
945d269b25 fix: handle detached head error 2025-12-23 18:48:02 +01:00
CrazyMax
eb8ed6b687 cosign(install): use sigstore module to verify signature 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-16 19:44:45 +01:00
CrazyMax
44e7279490 cosign(install): verify binary signature with keyless verification bundle 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-16 15:02:36 +01:00
CrazyMax
a198dbc46d migrate eslint config to new format required since 9.0.0 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-15 23:10:13 +01:00
CrazyMax
33cdba4686 github: fix import of TransferProgressEvent 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-15 11:28:24 +01:00
CrazyMax
4a30d04fe2 docker(install): unpin QEMU 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-15 09:23:27 +01:00
CrazyMax
8d87ba5a72 docker(install): pin QEMU to 10.1.1 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-12-02 14:31:18 +01:00
CrazyMax
1d22f02ce4 releases: download releases JSON without token first 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-27 10:22:18 +01:00
CrazyMax
8d01bf1bfc Merge pull request #856 from neilime/fix/git-ref-in-detached-head 
fix(git): support getting ref in various detached HEAD contexts
 2025-11-27 10:10:44 +01:00
CrazyMax
9c05197992 buildx(bake): funcs to check attest set in bake definition 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-26 11:08:57 +01:00
Emilien Escalle
ad7ffdebbe fix(git): support getting ref in various detached HEAD contexts 
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
 2025-11-14 08:50:10 +01:00
CrazyMax
d018ed13d0 sigstore: remove verbose flag from persisted cosign args 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-12 14:44:23 +01:00
CrazyMax
85dfc7a573 sigstore: remove @actions/attest dependency 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-05 11:11:57 +01:00
CrazyMax
d8def31251 cache: gracefully handle cache restore failures with warning 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-05 10:02:21 +01:00
CrazyMax
6bd8db31fe sigstore: multi image names support for signing 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-04 13:36:03 +01:00
CrazyMax
f592739bbc Merge pull request #838 from crazy-max/fix-toolkit-class
Some checks failed
publish / publish (push) Has been cancelled
Details 
toolkit: add missing classes
 2025-11-03 12:34:58 +01:00
CrazyMax
8ba2bc9036 docker(install): LIMA_START_TIMEOUT env var 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 12:29:57 +01:00
CrazyMax
18535e8207 toolkit: add missing classes 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 12:27:34 +01:00
CrazyMax
8032ed96f6 Merge pull request #837 from crazy-max/lima-dns 
docker(install): don't use local system resolver with lima and increase timeouts
 2025-11-03 12:10:21 +01:00
CrazyMax
3588cc8ad4 docker(install): increase lima start timeout 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 11:39:42 +01:00
CrazyMax
bbd652b087 docker(install): increase dockerd startup timeout 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 11:39:31 +01:00
CrazyMax
e85f11c5bd docker(install): don't use local system resolver with lima 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 11:09:16 +01:00
CrazyMax
5d9b7822a6 sigstore: sign and verify BuildKit attestation manifests 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-11-03 09:35:07 +01:00
CrazyMax
364d8e8cda sigstore: verifySignedArtifacts func 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:34 +01:00
CrazyMax
1c0dc52a0e sigstore: always set TSA server endpoint to provide trusted timestamping 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:34 +01:00
CrazyMax
36cc95143c sigstore class to sign buildkit provenance blobs 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2025-10-30 15:52:33 +01:00
CrazyMax
24b234cb06 Merge pull request #823 from crazy-max/buildx-attestations-digest 
buildx(imagetools): return attestations digests
 2025-10-30 15:52:12 +01:00