Compare commits

...

4 Commits

Author SHA1 Message Date
Brian DeHamer 700b0a9962 wip
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-02-13 08:47:10 -08:00
Brian DeHamer f41311b4cd bump undici from 5.28.4 to 5.28.5
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-01-27 14:44:37 -08:00
dependabot[bot] d0c17db4ba Bump the npm-development group with 5 updates (#205)
Bumps the npm-development group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.18.0` | `9.19.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.10.7` | `22.10.10` |
| [eslint](https://github.com/eslint/eslint) | `9.18.0` | `9.19.0` |
| [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | `0.43.0` | `0.44.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.21.0` | `8.22.0` |


Updates `@eslint/js` from 9.18.0 to 9.19.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.19.0/packages/js)

Updates `@types/node` from 22.10.7 to 22.10.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.18.0 to 9.19.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.18.0...v9.19.0)

Updates `markdownlint-cli` from 0.43.0 to 0.44.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.43.0...v0.44.0)

Updates `typescript-eslint` from 8.21.0 to 8.22.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.22.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: markdownlint-cli
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-27 14:41:13 -08:00
Brian DeHamer caa5c7e0da clarify plans supporting artifact attestations (#202)
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-01-22 06:13:06 -08:00
6 changed files with 1427 additions and 297 deletions
+6 -5
View File
@@ -27,11 +27,12 @@ information on artifact attestations.
<!-- prettier-ignore-start -->
> [!NOTE]
> Artifact attestations are available in public repositories for all
> current GitHub plans. They are not available on legacy plans, such as Bronze,
> Silver, or Gold. If you are on a GitHub Free, GitHub Pro, or GitHub Team plan,
> artifact attestations are only available for public repositories. To use
> artifact attestations in private or internal repositories, you must be on a
> GitHub Enterprise Cloud plan.
> current GitHub plans.
>
> To use artifact attestations in private or internal repositories, you must
> be on a GitHub Enterprise Cloud plan.
>
> Artifact attestations are NOT supported on GitHub Enterprise Server.
<!-- prettier-ignore-end -->
## Usage
Generated Vendored
+26 -6
View File
@@ -56529,6 +56529,14 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(98253)
const { File: UndiciFile } = __nccwpck_require__(63041)
const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(94322)
let random
try {
const crypto = __nccwpck_require__(77598)
random = (max) => crypto.randomInt(0, max)
} catch {
random = (max) => Math.floor(Math.random(max))
}
let ReadableStream = globalThis.ReadableStream
/** @type {globalThis['File']} */
@@ -56614,7 +56622,7 @@ function extractBody (object, keepalive = false) {
// Set source to a copy of the bytes held by object.
source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
} else if (util.isFormDataLike(object)) {
const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`
const prefix = `--${boundary}\r\nContent-Disposition: form-data`
/*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
@@ -70747,8 +70755,10 @@ const createAttestation = async (subjects, predicate, opts) => {
predicateType: predicate.type,
predicate: predicate.params,
sigstore: opts.sigstoreInstance,
token: opts.githubToken
token: opts.githubToken,
skipWrite: true
});
console.log(JSON.stringify(attestation.bundle));
const result = attestation;
if (subjects.length === 1 && opts.pushToRegistry) {
const subject = subjects[0];
@@ -71254,10 +71264,18 @@ const getSubjectFromChecksumsString = (checksums) => {
if (!HEX_STRING_RE.test(digest)) {
throw new Error(`Invalid digest: ${digest}`);
}
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
});
if (digestAlgorithm(digest) === 'sha1') {
subjects.push({
uri: name,
digest: { [digestAlgorithm(digest)]: digest }
});
}
else {
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
});
}
}
return subjects;
};
@@ -71288,6 +71306,8 @@ const parseSubjectPathList = (input) => {
};
const digestAlgorithm = (digest) => {
switch (digest.length) {
case 40:
return 'sha1';
case 64:
return 'sha256';
case 128:
+1372 -275
View File
File diff suppressed because it is too large Load Diff
+6 -6
View File
@@ -77,23 +77,23 @@
"csv-parse": "^5.6.0"
},
"devDependencies": {
"@eslint/js": "^9.18.0",
"@eslint/js": "^9.19.0",
"@sigstore/mock": "^0.9.0",
"@types/jest": "^29.5.14",
"@types/make-fetch-happen": "^10.0.4",
"@types/node": "^22.10.7",
"@types/node": "^22.10.10",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.18.0",
"eslint": "^9.19.0",
"eslint-plugin-import": "^2.31.0",
"eslint-plugin-jest": "^28.11.0",
"jest": "^29.7.0",
"js-yaml": "^4.1.0",
"markdownlint-cli": "^0.43.0",
"markdownlint-cli": "^0.44.0",
"nock": "^13.5.6",
"prettier": "^3.4.2",
"ts-jest": "^29.2.5",
"typescript": "^5.7.3",
"typescript-eslint": "^8.21.0",
"undici": "^5.28.4"
"typescript-eslint": "^8.22.0",
"undici": "^5.28.5"
}
}
+4 -1
View File
@@ -25,9 +25,12 @@ export const createAttestation = async (
predicateType: predicate.type,
predicate: predicate.params,
sigstore: opts.sigstoreInstance,
token: opts.githubToken
token: opts.githubToken,
skipWrite: true
})
console.log(JSON.stringify(attestation.bundle))
const result: AttestResult = attestation
if (subjects.length === 1 && opts.pushToRegistry) {
+13 -4
View File
@@ -189,10 +189,17 @@ const getSubjectFromChecksumsString = (checksums: string): Subject[] => {
throw new Error(`Invalid digest: ${digest}`)
}
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
})
if (digestAlgorithm(digest) === 'sha1') {
subjects.push({
uri: name,
digest: { [digestAlgorithm(digest)]: digest }
} as any)
} else {
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
})
}
}
return subjects
@@ -233,6 +240,8 @@ const parseSubjectPathList = (input: string): string[] => {
const digestAlgorithm = (digest: string): string => {
switch (digest.length) {
case 40:
return 'sha1'
case 64:
return 'sha256'
case 128: