actions/toolkit
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/actions/toolkit synced 2026-04-03 02:53:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1863 from meriadec/attest-provenance-tags

Browse Source 
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
This commit is contained in:
Brian DeHamer
2024-11-01 09:35:13 -07:00
committed by GitHub
parent 43ce96d373 717ba9d9a4
commit 339447c5d3
3 changed files with 68 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/attest/src/provenance.ts
View File

@@ -30,9 +30,11 @@ export const buildSLSAProvenancePredicate = async (
// Split just the path and ref from the workflow string.
// owner/repo/.github/workflows/main.yml@main =>
// .github/workflows/main.yml, main
const [workflowPath, workflowRef] = claims.workflow_ref
const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
.replace(`${claims.repository}/`, '')
.split('@')
// Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
const workflowRef = workflowRefChunks.join('@')
return {
type: SLSA_PREDICATE_V1_TYPE,