actions/toolkit
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/actions/toolkit synced 2026-01-03 14:32:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into neo-cache-service

Browse Source
This commit is contained in:
Bassem Dghaidi 2024-10-21 02:25:12 -07:00 committed by GitHub
commit d399e33060
4 changed files with 758 additions and 684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/attest/RELEASES.md
View File

@ -1,8 +1,15 @@
# @actions/attest Releases # @actions/attest Releases
### 1.5.0
- Bump @actions/core from 1.10.1 to 1.11.1 [#1847](https://github.com/actions/toolkit/pull/1847)
- Bump @sigstore/bundle from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
- Bump @sigstore/sign from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
### 1.4.2 ### 1.4.2
- Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823) - Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823)
### 1.4.1 ### 1.4.1
- Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805) - Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805)

1420
packages/attest/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

12
packages/attest/package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@actions/attest", "name": "@actions/attest",
"version": "1.4.2", "version": "1.5.0",
"description": "Actions attestation lib", "description": "Actions attestation lib",
"keywords": [ "keywords": [
"github", "github",
@ -35,19 +35,19 @@
"url": "https://github.com/actions/toolkit/issues" "url": "https://github.com/actions/toolkit/issues"
}, },
"devDependencies": { "devDependencies": {
"@sigstore/mock": "^0.7.4", "@sigstore/mock": "^0.8.0",
"@sigstore/rekor-types": "^2.0.0", "@sigstore/rekor-types": "^3.0.0",
"@types/jsonwebtoken": "^9.0.6", "@types/jsonwebtoken": "^9.0.6",
"nock": "^13.5.1", "nock": "^13.5.1",
"undici": "^5.28.4" "undici": "^5.28.4"
}, },
"dependencies": { "dependencies": {
"@actions/core": "^1.10.1", "@actions/core": "^1.11.1",
"@actions/github": "^6.0.0", "@actions/github": "^6.0.0",
"@actions/http-client": "^2.2.3", "@actions/http-client": "^2.2.3",
"@octokit/plugin-retry": "^6.0.1", "@octokit/plugin-retry": "^6.0.1",
"@sigstore/bundle": "^2.3.2", "@sigstore/bundle": "^3.0.0",
"@sigstore/sign": "^2.3.2", "@sigstore/sign": "^3.0.0",
"jose": "^5.2.3" "jose": "^5.2.3"
}, },
"overrides": { "overrides": {

3
packages/attest/src/sign.ts
View File

@ -86,7 +86,6 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
witnesses.push( witnesses.push(
new RekorWitness({ new RekorWitness({
rekorBaseURL: opts.rekorURL, rekorBaseURL: opts.rekorURL,
entryType: 'dsse',
fetchOnConflict: true, fetchOnConflict: true,
timeout, timeout,
retry retry
@ -106,5 +105,5 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
// Build the bundle with the singleCertificate option which will // Build the bundle with the singleCertificate option which will
// trigger the creation of v0.3 DSSE bundles // trigger the creation of v0.3 DSSE bundles
return new DSSEBundleBuilder({signer, witnesses, singleCertificate: true}) return new DSSEBundleBuilder({signer, witnesses})
} }