Compare commits

..

2 Commits

Author SHA1 Message Date
Brian DeHamer c16aeb663f pin superlinter to 7.2.1
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-02-26 10:37:10 -08:00
Brian DeHamer 1b7e7444b4 junk
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-02-26 10:25:09 -08:00
4 changed files with 17 additions and 13 deletions
+2
View File
@@ -323,3 +323,5 @@ jobs:
[8]: https://github.com/actions/toolkit/tree/main/packages/glob#patterns
[9]:
https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
Generated Vendored
+4 -2
View File
@@ -377,9 +377,11 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
// Split just the path and ref from the workflow string.
// owner/repo/.github/workflows/main.yml@main =>
// .github/workflows/main.yml, main
const [workflowPath] = claims.workflow_ref
const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
.replace(`${claims.repository}/`, '')
.split('@');
// Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
const workflowRef = workflowRefChunks.join('@');
return {
type: SLSA_PREDICATE_V1_TYPE,
params: {
@@ -387,7 +389,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
buildType: GITHUB_BUILD_TYPE,
externalParameters: {
workflow: {
ref: claims.ref,
ref: workflowRef,
repository: `${serverURL}/${claims.repository}`,
path: workflowPath
}
+9 -9
View File
@@ -1,15 +1,15 @@
{
"name": "actions/attest",
"version": "2.2.1",
"version": "2.2.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "actions/attest",
"version": "2.2.1",
"version": "2.2.0",
"license": "MIT",
"dependencies": {
"@actions/attest": "^1.6.0",
"@actions/attest": "^1.5.0",
"@actions/core": "^1.11.1",
"@actions/github": "^6.0.0",
"@actions/glob": "^0.5.0",
@@ -49,9 +49,9 @@
}
},
"node_modules/@actions/attest": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.6.0.tgz",
"integrity": "sha512-D+VcLqUImA7Gr5qPQrRGvNUJKzP67IHV3/ofF5QBpLqe3Vih3hb74k9ZtjHXamiZNVZi2Wkphj8yTi4/xiWkwQ==",
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.5.0.tgz",
"integrity": "sha512-KIalYPhJu0/6LOhT+Bhw0GncresPCiY1onLq8n0whjoJX0/M7UQmgXkn1ioQnNrkzEhcs6wVKwylusbMwTOX0g==",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.11.1",
@@ -8831,9 +8831,9 @@
"dev": true
},
"@actions/attest": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.6.0.tgz",
"integrity": "sha512-D+VcLqUImA7Gr5qPQrRGvNUJKzP67IHV3/ofF5QBpLqe3Vih3hb74k9ZtjHXamiZNVZi2Wkphj8yTi4/xiWkwQ==",
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.5.0.tgz",
"integrity": "sha512-KIalYPhJu0/6LOhT+Bhw0GncresPCiY1onLq8n0whjoJX0/M7UQmgXkn1ioQnNrkzEhcs6wVKwylusbMwTOX0g==",
"requires": {
"@actions/core": "^1.11.1",
"@actions/github": "^6.0.0",
+2 -2
View File
@@ -1,7 +1,7 @@
{
"name": "actions/attest",
"description": "Generate signed attestations for workflow artifacts",
"version": "2.2.1",
"version": "2.2.0",
"author": "",
"private": true,
"homepage": "https://github.com/actions/attest",
@@ -69,7 +69,7 @@
]
},
"dependencies": {
"@actions/attest": "^1.6.0",
"@actions/attest": "^1.5.0",
"@actions/core": "^1.11.1",
"@actions/github": "^6.0.0",
"@actions/glob": "^0.5.0",