add new subject-version input (#364)
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
@@ -30,6 +30,7 @@ describe('index', () => {
|
|||||||
'subject-name': 'my-artifact',
|
'subject-name': 'my-artifact',
|
||||||
'subject-digest': '',
|
'subject-digest': '',
|
||||||
'subject-checksums': '',
|
'subject-checksums': '',
|
||||||
|
'subject-version': '',
|
||||||
'predicate-type': 'https://example.com/predicate',
|
'predicate-type': 'https://example.com/predicate',
|
||||||
predicate: '{}',
|
predicate: '{}',
|
||||||
'predicate-path': '',
|
'predicate-path': '',
|
||||||
@@ -57,6 +58,7 @@ describe('index', () => {
|
|||||||
subjectName: 'my-artifact',
|
subjectName: 'my-artifact',
|
||||||
subjectDigest: '',
|
subjectDigest: '',
|
||||||
subjectChecksums: '',
|
subjectChecksums: '',
|
||||||
|
subjectVersion: '',
|
||||||
predicateType: 'https://example.com/predicate',
|
predicateType: 'https://example.com/predicate',
|
||||||
predicate: '{}',
|
predicate: '{}',
|
||||||
predicatePath: '',
|
predicatePath: '',
|
||||||
|
|||||||
@@ -145,7 +145,8 @@ describe('createAttestation', () => {
|
|||||||
const storageOpts = {
|
const storageOpts = {
|
||||||
...defaultOpts,
|
...defaultOpts,
|
||||||
pushToRegistry: true,
|
pushToRegistry: true,
|
||||||
createStorageRecord: true
|
createStorageRecord: true,
|
||||||
|
subjectVersion: '1.2.3'
|
||||||
}
|
}
|
||||||
|
|
||||||
it('should create storage record when enabled and owner is org', async () => {
|
it('should create storage record when enabled and owner is org', async () => {
|
||||||
@@ -157,10 +158,27 @@ describe('createAttestation', () => {
|
|||||||
storageOpts
|
storageOpts
|
||||||
)
|
)
|
||||||
|
|
||||||
expect(mockCreateStorageRecord).toHaveBeenCalled()
|
expect(mockCreateStorageRecord).toHaveBeenCalledWith(
|
||||||
|
expect.objectContaining({ version: '1.2.3' }),
|
||||||
|
expect.anything(),
|
||||||
|
expect.anything()
|
||||||
|
)
|
||||||
expect(result.storageRecordIds).toEqual([12345])
|
expect(result.storageRecordIds).toEqual([12345])
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('should omit version from storage record when subjectVersion is empty', async () => {
|
||||||
|
const subjects = [TEST_SUBJECT_WITH_REGISTRY]
|
||||||
|
const opts = { ...storageOpts, subjectVersion: '' }
|
||||||
|
|
||||||
|
await createAttestation(subjects, TEST_PREDICATE, opts)
|
||||||
|
|
||||||
|
expect(mockCreateStorageRecord).toHaveBeenCalledWith(
|
||||||
|
expect.objectContaining({ version: undefined }),
|
||||||
|
expect.anything(),
|
||||||
|
expect.anything()
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
it('should skip storage record when owner is User', async () => {
|
it('should skip storage record when owner is User', async () => {
|
||||||
mockGetOctokit.mockReturnValue(createOctokitMock('User'))
|
mockGetOctokit.mockReturnValue(createOctokitMock('User'))
|
||||||
const subjects = [TEST_SUBJECT_WITH_REGISTRY]
|
const subjects = [TEST_SUBJECT_WITH_REGISTRY]
|
||||||
|
|||||||
@@ -101,6 +101,7 @@ const defaultInputs: RunInputs = {
|
|||||||
subjectChecksums: '',
|
subjectChecksums: '',
|
||||||
pushToRegistry: false,
|
pushToRegistry: false,
|
||||||
createStorageRecord: false,
|
createStorageRecord: false,
|
||||||
|
subjectVersion: '',
|
||||||
showSummary: false,
|
showSummary: false,
|
||||||
githubToken: 'test-token',
|
githubToken: 'test-token',
|
||||||
privateSigning: false
|
privateSigning: false
|
||||||
|
|||||||
@@ -30,6 +30,11 @@ inputs:
|
|||||||
attestation. Must specify exactly one of "subject-path", "subject-digest",
|
attestation. Must specify exactly one of "subject-path", "subject-digest",
|
||||||
or "subject-checksums".
|
or "subject-checksums".
|
||||||
required: false
|
required: false
|
||||||
|
subject-version:
|
||||||
|
description: >
|
||||||
|
Version of the subject for the attestation. Only used when
|
||||||
|
"push-to-registry" and "create-storage-record" are both set to true.
|
||||||
|
required: false
|
||||||
sbom-path:
|
sbom-path:
|
||||||
description: >
|
description: >
|
||||||
Path to the JSON-formatted SBOM file (SPDX or CycloneDX) to attest.
|
Path to the JSON-formatted SBOM file (SPDX or CycloneDX) to attest.
|
||||||
|
|||||||
+4
-1
@@ -120899,7 +120899,8 @@ const createAttestation = async (subjects, predicate, opts) => {
|
|||||||
const registryUrl = getRegistryURL(subject.name);
|
const registryUrl = getRegistryURL(subject.name);
|
||||||
const artifactOpts = {
|
const artifactOpts = {
|
||||||
name: subject.name,
|
name: subject.name,
|
||||||
digest: subjectDigest
|
digest: subjectDigest,
|
||||||
|
version: opts.subjectVersion || undefined
|
||||||
};
|
};
|
||||||
const packageRegistryOpts = {
|
const packageRegistryOpts = {
|
||||||
registryUrl
|
registryUrl
|
||||||
@@ -121157,6 +121158,7 @@ async function run(inputs) {
|
|||||||
sigstoreInstance,
|
sigstoreInstance,
|
||||||
pushToRegistry: inputs.pushToRegistry,
|
pushToRegistry: inputs.pushToRegistry,
|
||||||
createStorageRecord: inputs.createStorageRecord,
|
createStorageRecord: inputs.createStorageRecord,
|
||||||
|
subjectVersion: inputs.subjectVersion,
|
||||||
githubToken: inputs.githubToken
|
githubToken: inputs.githubToken
|
||||||
});
|
});
|
||||||
logAttestation(subjects, att, sigstoreInstance);
|
logAttestation(subjects, att, sigstoreInstance);
|
||||||
@@ -121298,6 +121300,7 @@ const inputs = {
|
|||||||
predicatePath: getInput('predicate-path'),
|
predicatePath: getInput('predicate-path'),
|
||||||
pushToRegistry: getBooleanInput('push-to-registry'),
|
pushToRegistry: getBooleanInput('push-to-registry'),
|
||||||
createStorageRecord: getBooleanInput('create-storage-record'),
|
createStorageRecord: getBooleanInput('create-storage-record'),
|
||||||
|
subjectVersion: getInput('subject-version'),
|
||||||
showSummary: getBooleanInput('show-summary'),
|
showSummary: getBooleanInput('show-summary'),
|
||||||
githubToken: getInput('github-token'),
|
githubToken: getInput('github-token'),
|
||||||
// undocumented -- not part of public interface
|
// undocumented -- not part of public interface
|
||||||
|
|||||||
Generated
+2
-2
@@ -1,12 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "actions/attest",
|
"name": "actions/attest",
|
||||||
"version": "4.0.0",
|
"version": "4.1.0",
|
||||||
"lockfileVersion": 3,
|
"lockfileVersion": 3,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "actions/attest",
|
"name": "actions/attest",
|
||||||
"version": "4.0.0",
|
"version": "4.1.0",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@actions/attest": "^3.2.0",
|
"@actions/attest": "^3.2.0",
|
||||||
|
|||||||
+1
-1
@@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"name": "actions/attest",
|
"name": "actions/attest",
|
||||||
"description": "Generate signed attestations for workflow artifacts",
|
"description": "Generate signed attestations for workflow artifacts",
|
||||||
"version": "4.0.0",
|
"version": "4.1.0",
|
||||||
"author": "",
|
"author": "",
|
||||||
"private": true,
|
"private": true,
|
||||||
"type": "module",
|
"type": "module",
|
||||||
|
|||||||
+3
-1
@@ -26,6 +26,7 @@ export const createAttestation = async (
|
|||||||
sigstoreInstance: SigstoreInstance
|
sigstoreInstance: SigstoreInstance
|
||||||
pushToRegistry: boolean
|
pushToRegistry: boolean
|
||||||
createStorageRecord: boolean
|
createStorageRecord: boolean
|
||||||
|
subjectVersion?: string
|
||||||
githubToken: string
|
githubToken: string
|
||||||
}
|
}
|
||||||
): Promise<AttestResult> => {
|
): Promise<AttestResult> => {
|
||||||
@@ -77,7 +78,8 @@ export const createAttestation = async (
|
|||||||
const registryUrl = getRegistryURL(subject.name)
|
const registryUrl = getRegistryURL(subject.name)
|
||||||
const artifactOpts = {
|
const artifactOpts = {
|
||||||
name: subject.name,
|
name: subject.name,
|
||||||
digest: subjectDigest
|
digest: subjectDigest,
|
||||||
|
version: opts.subjectVersion || undefined
|
||||||
}
|
}
|
||||||
const packageRegistryOpts = {
|
const packageRegistryOpts = {
|
||||||
registryUrl
|
registryUrl
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ const inputs: RunInputs = {
|
|||||||
predicatePath: core.getInput('predicate-path'),
|
predicatePath: core.getInput('predicate-path'),
|
||||||
pushToRegistry: core.getBooleanInput('push-to-registry'),
|
pushToRegistry: core.getBooleanInput('push-to-registry'),
|
||||||
createStorageRecord: core.getBooleanInput('create-storage-record'),
|
createStorageRecord: core.getBooleanInput('create-storage-record'),
|
||||||
|
subjectVersion: core.getInput('subject-version'),
|
||||||
showSummary: core.getBooleanInput('show-summary'),
|
showSummary: core.getBooleanInput('show-summary'),
|
||||||
githubToken: core.getInput('github-token'),
|
githubToken: core.getInput('github-token'),
|
||||||
// undocumented -- not part of public interface
|
// undocumented -- not part of public interface
|
||||||
|
|||||||
@@ -35,6 +35,7 @@ export type RunInputs = SubjectInputs &
|
|||||||
SBOMInputs & {
|
SBOMInputs & {
|
||||||
pushToRegistry: boolean
|
pushToRegistry: boolean
|
||||||
createStorageRecord: boolean
|
createStorageRecord: boolean
|
||||||
|
subjectVersion: string
|
||||||
githubToken: string
|
githubToken: string
|
||||||
showSummary: boolean
|
showSummary: boolean
|
||||||
privateSigning: boolean
|
privateSigning: boolean
|
||||||
@@ -97,6 +98,7 @@ export async function run(inputs: RunInputs): Promise<void> {
|
|||||||
sigstoreInstance,
|
sigstoreInstance,
|
||||||
pushToRegistry: inputs.pushToRegistry,
|
pushToRegistry: inputs.pushToRegistry,
|
||||||
createStorageRecord: inputs.createStorageRecord,
|
createStorageRecord: inputs.createStorageRecord,
|
||||||
|
subjectVersion: inputs.subjectVersion,
|
||||||
githubToken: inputs.githubToken
|
githubToken: inputs.githubToken
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user