actions/toolkit
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/actions/toolkit synced 2026-04-05 13:03:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

generate v0.3 bundles in attest package

Browse Source 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Brian DeHamer
2024-04-03 12:12:26 -07:00
parent 59e9d284e9
commit f8d95a85df
6 changed files with 48 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/attest/src/attest.ts
View File

@@ -1,10 +1,11 @@
import {Bundle, bundleToJSON} from '@sigstore/bundle'
import {bundleToJSON} from '@sigstore/bundle'
import {X509Certificate} from 'crypto'
import {SigstoreInstance, signingEndpoints} from './endpoints'
import {buildIntotoStatement} from './intoto'
import {Payload, signPayload} from './sign'
import {writeAttestation} from './store'
import type {Bundle} from '@sigstore/sign'
import type {Attestation, Predicate, Subject} from './shared.types'
const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'

6
packages/attest/src/sign.ts
View File

@@ -1,5 +1,5 @@
import {Bundle} from '@sigstore/bundle'
import {
Bundle,
BundleBuilder,
CIContextProvider,
DSSEBundleBuilder,
@@ -103,5 +103,7 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
)
}
return new DSSEBundleBuilder({signer, witnesses})
// Build the bundle with the singleCertificate option which will
// trigger the creation of v0.3 DSSE bundles
return new DSSEBundleBuilder({signer, witnesses, singleCertificate: true})
}