mirror of
https://git.mirrors.martin98.com/https://github.com/actions/toolkit
synced 2025-08-22 16:29:13 +08:00
717ba9d9a4
When using some monorepo-related tools (like [changesets](https://github.com/changesets/changesets)), the produced tags have a special format that includes `@` character. For example, a `foo` package on a monorepo will produce Git tags looking like `foo@1.0.0` if using changesets. When used in combination with `actions/attest-build-provenance`, the action was not properly re-crafting the tag in `buildSLSAProvenancePredicate` because it was always splitting the workflow ref by `@` and taking the second element. This result in this error on CI: ``` Error: Error: Failed to persist attestation: Invalid Argument - values do not match: refs/tags/foo != refs/tags/foo@1.0.0 - https://docs.github.com/rest/repos/repos#create-an-attestation ```` This PR slightly update the logic there, and rather take "everything located after the first '@'". This shouldn't introduce any breaking change, while giving support for custom tags. I've added the corresponding test case, it passes, however I couldn't successfully run the full test suite (neither on `main`). Looking forward for CI outcome. Thanks in advance for the review 🙏.
86 lines
2.4 KiB
Plaintext
86 lines
2.4 KiB
Plaintext
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
|
|
|
exports[`provenance functions buildSLSAProvenancePredicate handle tags including "@" character 1`] = `
|
|
{
|
|
"params": {
|
|
"buildDefinition": {
|
|
"buildType": "https://actions.github.io/buildtypes/workflow/v1",
|
|
"externalParameters": {
|
|
"workflow": {
|
|
"path": ".github/workflows/main.yml",
|
|
"ref": "foo@1.0.0",
|
|
"repository": "https://foo.ghe.com/owner/repo",
|
|
},
|
|
},
|
|
"internalParameters": {
|
|
"github": {
|
|
"event_name": "push",
|
|
"repository_id": "repo-id",
|
|
"repository_owner_id": "owner-id",
|
|
"runner_environment": "github-hosted",
|
|
},
|
|
},
|
|
"resolvedDependencies": [
|
|
{
|
|
"digest": {
|
|
"gitCommit": "babca52ab0c93ae16539e5923cb0d7403b9a093b",
|
|
},
|
|
"uri": "git+https://foo.ghe.com/owner/repo@refs/heads/main",
|
|
},
|
|
],
|
|
},
|
|
"runDetails": {
|
|
"builder": {
|
|
"id": "https://foo.ghe.com/owner/workflows/.github/workflows/publish.yml@main",
|
|
},
|
|
"metadata": {
|
|
"invocationId": "https://foo.ghe.com/owner/repo/actions/runs/run-id/attempts/run-attempt",
|
|
},
|
|
},
|
|
},
|
|
"type": "https://slsa.dev/provenance/v1",
|
|
}
|
|
`;
|
|
|
|
exports[`provenance functions buildSLSAProvenancePredicate returns a provenance hydrated from an OIDC token 1`] = `
|
|
{
|
|
"params": {
|
|
"buildDefinition": {
|
|
"buildType": "https://actions.github.io/buildtypes/workflow/v1",
|
|
"externalParameters": {
|
|
"workflow": {
|
|
"path": ".github/workflows/main.yml",
|
|
"ref": "main",
|
|
"repository": "https://foo.ghe.com/owner/repo",
|
|
},
|
|
},
|
|
"internalParameters": {
|
|
"github": {
|
|
"event_name": "push",
|
|
"repository_id": "repo-id",
|
|
"repository_owner_id": "owner-id",
|
|
"runner_environment": "github-hosted",
|
|
},
|
|
},
|
|
"resolvedDependencies": [
|
|
{
|
|
"digest": {
|
|
"gitCommit": "babca52ab0c93ae16539e5923cb0d7403b9a093b",
|
|
},
|
|
"uri": "git+https://foo.ghe.com/owner/repo@refs/heads/main",
|
|
},
|
|
],
|
|
},
|
|
"runDetails": {
|
|
"builder": {
|
|
"id": "https://foo.ghe.com/owner/workflows/.github/workflows/publish.yml@main",
|
|
},
|
|
"metadata": {
|
|
"invocationId": "https://foo.ghe.com/owner/repo/actions/runs/run-id/attempts/run-attempt",
|
|
},
|
|
},
|
|
},
|
|
"type": "https://slsa.dev/provenance/v1",
|
|
}
|
|
`;
|