Brian DeHamer
7d7ff4475a
ESM Conversion ( #347 )
...
* initial esm conversion
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* esm'ify jest tests
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* lint issues
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* debug mock
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* glob updated
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* async all file functions
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* update @actions/github
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* update @actions/attest
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* rebuild package-lock.json
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* use experimental flag for jest in ci
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* remove stray istanbul ignore
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* Optimize getSubjectFromPath to avoid concurrent stat calls
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
* Fix boundary condition for MAX_SUBJECT_COUNT check
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
* Improve error message clarity for subject count limit
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
* Update test to match new error message format
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
* rebuild dist
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* Fix parseSBOMFromPath to check file size before reading
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
* Build package with updated changes
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
---------
Signed-off-by: Brian DeHamer <bdehamer@github.com >
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com >
2026-02-18 08:52:30 -08:00
Brian DeHamer
dc4ad3cc6c
Consolidate attestation actions ( #346 )
...
* consolidate attestation actions
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* better errors
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* Update src/sbom.ts
Co-authored-by: Austin Beattie <ajbeattie@github.com >
* clarify dedupe comment
Signed-off-by: Brian DeHamer <bdehamer@github.com >
---------
Signed-off-by: Brian DeHamer <bdehamer@github.com >
Co-authored-by: Austin Beattie <ajbeattie@github.com >
2026-02-13 11:23:24 -08:00
Meredith Lancaster
20eb46ce7a
Validate repository org-ownership before storage record creation ( #328 )
...
* check if the repository is owned by org before attempting storage record creation
Signed-off-by: Meredith Lancaster <malancas@github.com >
* linter
Signed-off-by: Meredith Lancaster <malancas@github.com >
* generate dist
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add fixtures for repoOwnerIsOrg function
Signed-off-by: Meredith Lancaster <malancas@github.com >
* formatter
Signed-off-by: Meredith Lancaster <malancas@github.com >
* clean up fixtures
Signed-off-by: Meredith Lancaster <malancas@github.com >
* more clean up
Signed-off-by: Meredith Lancaster <malancas@github.com >
* fix function declaration
Signed-off-by: Meredith Lancaster <malancas@github.com >
* clean up fixtures
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add test when repo is not owned by org
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add more expect statements, clean up mock calls
Signed-off-by: Meredith Lancaster <malancas@github.com >
* formatter
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add more spy expect statements
Signed-off-by: Meredith Lancaster <malancas@github.com >
---------
Signed-off-by: Meredith Lancaster <malancas@github.com >
2026-01-26 08:31:21 -08:00
Meredith Lancaster
7667f588f2
Create Artifact Metadata Storage Record on registry push ( #313 )
...
* first pass at creating storage record
Signed-off-by: Meredith Lancaster <malancas@github.com >
* include storage record param in action config
Signed-off-by: Meredith Lancaster <malancas@github.com >
* use latest actions/attest version
Signed-off-by: Meredith Lancaster <malancas@github.com >
* update storage record params
Signed-off-by: Meredith Lancaster <malancas@github.com >
* include storage record id in result
Signed-off-by: Meredith Lancaster <malancas@github.com >
* regenerate dist
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add documentation on storage records
Signed-off-by: Meredith Lancaster <malancas@github.com >
* log storage record creation
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add storage record output
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add new param
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add storage record id output
Signed-off-by: Meredith Lancaster <malancas@github.com >
* fix linter errors
Signed-off-by: Meredith Lancaster <malancas@github.com >
* return all storage record ids
Signed-off-by: Meredith Lancaster <malancas@github.com >
* bump minor version
Signed-off-by: Meredith Lancaster <malancas@github.com >
* use expect string match function
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add try catch block for storage record creation
Signed-off-by: Meredith Lancaster <malancas@github.com >
* fix table column spacing
Signed-off-by: Meredith Lancaster <malancas@github.com >
* check for protocol
Signed-off-by: Meredith Lancaster <malancas@github.com >
* check for artifact url protocol
Signed-off-by: Meredith Lancaster <malancas@github.com >
* only fill registry_url for now
Signed-off-by: Meredith Lancaster <malancas@github.com >
* cleanup protocol handling
Signed-off-by: Meredith Lancaster <malancas@github.com >
* regenerate dist
Signed-off-by: Meredith Lancaster <malancas@github.com >
* handle subject name correctly
Signed-off-by: Meredith Lancaster <malancas@github.com >
* move test
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add back assert statements
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add back output assert statements
Signed-off-by: Meredith Lancaster <malancas@github.com >
* Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* Apply suggestion from @Copilot
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
* use url for subject name parsing
Signed-off-by: Meredith Lancaster <malancas@github.com >
* add missing test setpu
Signed-off-by: Meredith Lancaster <malancas@github.com >
* fix storage record fail test
Signed-off-by: Meredith Lancaster <malancas@github.com >
* regenerate dist
Signed-off-by: Meredith Lancaster <malancas@github.com >
---------
Signed-off-by: Meredith Lancaster <malancas@github.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-18 11:30:45 -08:00
Brian DeHamer
38bcf9b1c5
New subject-checksums input param ( #198 )
...
* new subject-checksums input param
Signed-off-by: Brian DeHamer <bdehamer@github.com >
* check for valid hex string for digest
Signed-off-by: Brian DeHamer <bdehamer@github.com >
---------
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2025-01-21 10:32:02 -08:00
Brian DeHamer
94d0d43131
add attestation-id and attestation-url outputs ( #181 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-12-09 09:56:33 -08:00
Brian DeHamer
a2d6fee37e
readme updates for v2 release ( #173 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-11-21 12:53:27 -08:00
Brian DeHamer
85e94cb741
support multi-subject attestations ( #164 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-11-05 09:16:07 -08:00
Brian DeHamer
97f7cf8914
add show-summary input ( #108 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-07-30 11:27:18 -07:00
Brian DeHamer
9e752e3d76
batch processing w/ exponential backoff ( #79 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-06-03 07:56:25 -07:00
Brian DeHamer
3ff4eb4c69
centralize collection of action inputs ( #72 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-05-24 11:01:44 -07:00
Brian DeHamer
80d9f23382
process subjects in batches ( #67 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-05-22 07:55:00 -07:00
Brian DeHamer
b0d8b47eb7
include more detail in error logging ( #58 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-05-09 12:34:01 -07:00
Brian DeHamer
c58d52c41d
limit attestation subject count ( #53 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-05-06 11:51:42 -07:00
Brian DeHamer
a6dded75c9
bump @actions/attest from 1.1.0 to 1.2.1 ( #41 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-04-25 11:03:54 -07:00
Brian DeHamer
3b95763d7e
more test coverage ( #18 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-02-29 17:02:56 -08:00
Brian DeHamer
32049315c5
enable unit tests in CI ( #15 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-02-28 10:45:31 -08:00
Brian DeHamer
525454b125
choose proper sigstore instance when attesting ( #11 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-02-27 16:47:20 -08:00
ejahnGithub
e3c685d193
init attest action
2024-02-22 07:53:51 -08:00
Brian DeHamer
aaaeb08d4e
Initial commit
2024-02-20 11:22:22 -08:00