bump @actions/attest from 1.5.0 to 1.6.0 (#217)

* bump @actions/attest from 1.5.0 to 1.6.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* pin superlinter to v7.2.1

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Brian DeHamer
2025-02-26 10:41:20 -08:00
committed by GitHub
parent 516fe2247f
commit a63cfcc7d1
4 changed files with 14 additions and 16 deletions
Generated Vendored
+2 -4
View File
@@ -377,11 +377,9 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
// Split just the path and ref from the workflow string.
// owner/repo/.github/workflows/main.yml@main =>
// .github/workflows/main.yml, main
const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
const [workflowPath] = claims.workflow_ref
.replace(`${claims.repository}/`, '')
.split('@');
// Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
const workflowRef = workflowRefChunks.join('@');
return {
type: SLSA_PREDICATE_V1_TYPE,
params: {
@@ -389,7 +387,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
buildType: GITHUB_BUILD_TYPE,
externalParameters: {
workflow: {
ref: workflowRef,
ref: claims.ref,
repository: `${serverURL}/${claims.repository}`,
path: workflowPath
}