Compare commits

..

2 Commits

Author SHA1 Message Date
Brian DeHamer 700b0a9962 wip
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-02-13 08:47:10 -08:00
Brian DeHamer f41311b4cd bump undici from 5.28.4 to 5.28.5
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-01-27 14:44:37 -08:00
8 changed files with 758 additions and 727 deletions
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
- name: Lint Codebase
id: super-linter
uses: super-linter/super-linter/slim@v7.2.1
uses: super-linter/super-linter/slim@v7
env:
DEFAULT_BRANCH: main
FILTER_REGEX_EXCLUDE: dist/**/*
+1 -1
View File
@@ -65,7 +65,7 @@ attest:
The `subject-path` parameter should identify the artifact for which you want
to generate an attestation. The `predicate-type` can be any of the the
[vetted predicate types][3] or a custom value. The `predicate-path`
identifies a file containing the JSON-encoded predicate parameters.
identifies a file containg the JSON-encoded predicate parameters.
### Inputs
+1 -1
View File
@@ -99,7 +99,7 @@ describe('subjectFromInputs', () => {
})
})
describe('when the algorithm is not supported', () => {
describe('when the alogrithm is not supported', () => {
it('throws an error', async () => {
const inputs: SubjectInputs = {
...blankInputs,
Generated Vendored
+51 -53
View File
@@ -377,9 +377,11 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
// Split just the path and ref from the workflow string.
// owner/repo/.github/workflows/main.yml@main =>
// .github/workflows/main.yml, main
const [workflowPath] = claims.workflow_ref
const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
.replace(`${claims.repository}/`, '')
.split('@');
// Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
const workflowRef = workflowRefChunks.join('@');
return {
type: SLSA_PREDICATE_V1_TYPE,
params: {
@@ -387,7 +389,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
buildType: GITHUB_BUILD_TYPE,
externalParameters: {
workflow: {
ref: claims.ref,
ref: workflowRef,
repository: `${serverURL}/${claims.repository}`,
path: workflowPath
}
@@ -6977,7 +6979,7 @@ module.exports = __toCommonJS(dist_src_exports);
var import_universal_user_agent = __nccwpck_require__(33843);
// pkg/dist-src/version.js
var VERSION = "9.0.6";
var VERSION = "9.0.4";
// pkg/dist-src/defaults.js
var userAgent = `octokit-endpoint.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`;
@@ -7082,9 +7084,9 @@ function addQueryParameters(url, parameters) {
}
// pkg/dist-src/util/extract-url-variable-names.js
var urlVariableRegex = /\{[^{}}]+\}/g;
var urlVariableRegex = /\{[^}]+\}/g;
function removeNonChars(variableName) {
return variableName.replace(/(?:^\W+)|(?:(?<!\W)\W+$)/g, "").split(/,/);
return variableName.replace(/^\W+|\W+$/g, "").split(/,/);
}
function extractUrlVariableNames(url) {
const matches = url.match(urlVariableRegex);
@@ -7270,7 +7272,7 @@ function parse(options) {
}
if (url.endsWith("/graphql")) {
if (options.mediaType.previews?.length) {
const previewsFromAcceptHeader = headers.accept.match(/(?<![\w-])[\w-]+(?=-preview)/g) || [];
const previewsFromAcceptHeader = headers.accept.match(/[\w-]+(?=-preview)/g) || [];
headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map((preview) => {
const format = options.mediaType.format ? `.${options.mediaType.format}` : "+json";
return `application/vnd.github.${preview}-preview${format}`;
@@ -7519,7 +7521,7 @@ __export(dist_src_exports, {
module.exports = __toCommonJS(dist_src_exports);
// pkg/dist-src/version.js
var VERSION = "9.2.2";
var VERSION = "9.1.5";
// pkg/dist-src/normalize-paginated-list-response.js
function normalizePaginatedListResponse(response) {
@@ -7567,7 +7569,7 @@ function iterator(octokit, route, parameters) {
const response = await requestMethod({ method, url, headers });
const normalizedResponse = normalizePaginatedListResponse(response);
url = ((normalizedResponse.headers.link || "").match(
/<([^<>]+)>;\s*rel="next"/
/<([^>]+)>;\s*rel="next"/
) || [])[1];
return { value: normalizedResponse };
} catch (error) {
@@ -7680,8 +7682,6 @@ var paginatingEndpoints = [
"GET /orgs/{org}/members/{username}/codespaces",
"GET /orgs/{org}/migrations",
"GET /orgs/{org}/migrations/{migration_id}/repositories",
"GET /orgs/{org}/organization-roles/{role_id}/teams",
"GET /orgs/{org}/organization-roles/{role_id}/users",
"GET /orgs/{org}/outside_collaborators",
"GET /orgs/{org}/packages",
"GET /orgs/{org}/packages/{package_type}/{package_name}/versions",
@@ -10196,7 +10196,7 @@ var RequestError = class extends Error {
if (options.request.headers.authorization) {
requestCopy.headers = Object.assign({}, options.request.headers, {
authorization: options.request.headers.authorization.replace(
/(?<! ) .*$/,
/ .*$/,
" [REDACTED]"
)
});
@@ -10264,7 +10264,7 @@ var import_endpoint = __nccwpck_require__(54471);
var import_universal_user_agent = __nccwpck_require__(33843);
// pkg/dist-src/version.js
var VERSION = "8.4.1";
var VERSION = "8.2.0";
// pkg/dist-src/is-plain-object.js
function isPlainObject(value) {
@@ -10289,7 +10289,7 @@ function getBufferResponse(response) {
// pkg/dist-src/fetch-wrapper.js
function fetchWrapper(requestOptions) {
var _a, _b, _c, _d;
var _a, _b, _c;
const log = requestOptions.request && requestOptions.request.log ? requestOptions.request.log : console;
const parseSuccessResponseBody = ((_a = requestOptions.request) == null ? void 0 : _a.parseSuccessResponseBody) !== false;
if (isPlainObject(requestOptions.body) || Array.isArray(requestOptions.body)) {
@@ -10310,9 +10310,8 @@ function fetchWrapper(requestOptions) {
return fetch(requestOptions.url, {
method: requestOptions.method,
body: requestOptions.body,
redirect: (_c = requestOptions.request) == null ? void 0 : _c.redirect,
headers: requestOptions.headers,
signal: (_d = requestOptions.request) == null ? void 0 : _d.signal,
signal: (_c = requestOptions.request) == null ? void 0 : _c.signal,
// duplex must be set if request.body is ReadableStream or Async Iterables.
// See https://fetch.spec.whatwg.org/#dom-requestinit-duplex.
...requestOptions.body && { duplex: "half" }
@@ -10323,7 +10322,7 @@ function fetchWrapper(requestOptions) {
headers[keyAndValue[0]] = keyAndValue[1];
}
if ("deprecation" in headers) {
const matches = headers.link && headers.link.match(/<([^<>]+)>; rel="deprecation"/);
const matches = headers.link && headers.link.match(/<([^>]+)>; rel="deprecation"/);
const deprecationLink = matches && matches.pop();
log.warn(
`[@octokit/request] "${requestOptions.method} ${requestOptions.url}" is deprecated. It is scheduled to be removed on ${headers.sunset}${deprecationLink ? `. See ${deprecationLink}` : ""}`
@@ -12934,7 +12933,7 @@ const getRegistryCredentials = (imageName) => {
const { username, password } = (0, exports.fromBasicAuth)(creds.auth);
// If the identitytoken is present, use it as the password (primarily for ACR)
const pass = creds.identitytoken ? creds.identitytoken : password;
return { headers: dockerConfig.HttpHeaders, username, password: pass };
return { username, password: pass };
};
exports.getRegistryCredentials = getRegistryCredentials;
// Encode the username and password as base64-encoded basicauth value
@@ -13422,8 +13421,6 @@ class RegistryClient {
// authenticate requests.
// https://github.com/google/go-containerregistry/blob/main/pkg/authn/README.md#the-registry
async signIn(creds) {
// Ensure we include an auth headers if they are present
__classPrivateFieldSet(this, _RegistryClient_fetch, __classPrivateFieldGet(this, _RegistryClient_fetch, "f").defaults({ headers: creds.headers }), "f");
// Initiate a blob upload to get the auth challenge
const probeResponse = await __classPrivateFieldGet(this, _RegistryClient_fetch, "f").call(this, `${__classPrivateFieldGet(this, _RegistryClient_baseURL, "f")}/v2/${__classPrivateFieldGet(this, _RegistryClient_repository, "f")}/blobs/uploads/`, { method: 'POST' });
// If we get a 200 response, we're already authenticated
@@ -42884,7 +42881,7 @@ const testSet = (set, version, options) => {
const debug = __nccwpck_require__(1159)
const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(45101)
const { safeRe: re, safeSrc: src, t } = __nccwpck_require__(95471)
const { safeRe: re, t } = __nccwpck_require__(95471)
const parseOptions = __nccwpck_require__(70356)
const { compareIdentifiers } = __nccwpck_require__(73348)
@@ -42894,7 +42891,7 @@ class SemVer {
if (version instanceof SemVer) {
if (version.loose === !!options.loose &&
version.includePrerelease === !!options.includePrerelease) {
version.includePrerelease === !!options.includePrerelease) {
return version
} else {
version = version.version
@@ -43060,20 +43057,6 @@ class SemVer {
// preminor will bump the version up to the next minor release, and immediately
// down to pre-release. premajor and prepatch work the same way.
inc (release, identifier, identifierBase) {
if (release.startsWith('pre')) {
if (!identifier && identifierBase === false) {
throw new Error('invalid increment argument: identifier is empty')
}
// Avoid an invalid semver results
if (identifier) {
const r = new RegExp(`^${this.options.loose ? src[t.PRERELEASELOOSE] : src[t.PRERELEASE]}$`)
const match = `-${identifier}`.match(r)
if (!match || match[1] !== identifier) {
throw new Error(`invalid identifier: ${identifier}`)
}
}
}
switch (release) {
case 'premajor':
this.prerelease.length = 0
@@ -43104,12 +43087,6 @@ class SemVer {
}
this.inc('pre', identifier, identifierBase)
break
case 'release':
if (this.prerelease.length === 0) {
throw new Error(`version ${this.raw} is not a prerelease`)
}
this.prerelease.length = 0
break
case 'major':
// If this is a pre-major version, bump up to the same major version.
@@ -43153,6 +43130,10 @@ class SemVer {
case 'pre': {
const base = Number(identifierBase) ? 1 : 0
if (!identifier && identifierBase === false) {
throw new Error('invalid increment argument: identifier is empty')
}
if (this.prerelease.length === 0) {
this.prerelease = [base]
} else {
@@ -43411,13 +43392,20 @@ const diff = (version1, version2) => {
return 'major'
}
// If the main part has no difference
if (lowVersion.compareMain(highVersion) === 0) {
if (lowVersion.minor && !lowVersion.patch) {
return 'minor'
}
// Otherwise it can be determined by checking the high version
if (highVersion.patch) {
// anything higher than a patch bump would result in the wrong version
return 'patch'
}
if (highVersion.minor) {
// anything higher than a minor bump would result in the wrong version
return 'minor'
}
// bumping major/minor/patch all have same result
return 'major'
}
// add the `pre` prefix if we are going to a prerelease version
@@ -43924,7 +43912,6 @@ exports = module.exports = {}
const re = exports.re = []
const safeRe = exports.safeRe = []
const src = exports.src = []
const safeSrc = exports.safeSrc = []
const t = exports.t = {}
let R = 0
@@ -43957,7 +43944,6 @@ const createToken = (name, value, isGlobal) => {
debug(name, index, value)
t[name] = index
src[index] = value
safeSrc[index] = safe
re[index] = new RegExp(value, isGlobal ? 'g' : undefined)
safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined)
}
@@ -70769,8 +70755,10 @@ const createAttestation = async (subjects, predicate, opts) => {
predicateType: predicate.type,
predicate: predicate.params,
sigstore: opts.sigstoreInstance,
token: opts.githubToken
token: opts.githubToken,
skipWrite: true
});
console.log(JSON.stringify(attestation.bundle));
const result = attestation;
if (subjects.length === 1 && opts.pushToRegistry) {
const subject = subjects[0];
@@ -71276,10 +71264,18 @@ const getSubjectFromChecksumsString = (checksums) => {
if (!HEX_STRING_RE.test(digest)) {
throw new Error(`Invalid digest: ${digest}`);
}
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
});
if (digestAlgorithm(digest) === 'sha1') {
subjects.push({
uri: name,
digest: { [digestAlgorithm(digest)]: digest }
});
}
else {
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
});
}
}
return subjects;
};
@@ -71310,6 +71306,8 @@ const parseSubjectPathList = (input) => {
};
const digestAlgorithm = (digest) => {
switch (digest.length) {
case 40:
return 'sha1';
case 64:
return 'sha256';
case 128:
+676 -655
View File
File diff suppressed because it is too large Load Diff
+11 -11
View File
@@ -1,7 +1,7 @@
{
"name": "actions/attest",
"description": "Generate signed attestations for workflow artifacts",
"version": "2.3.0",
"version": "2.2.0",
"author": "",
"private": true,
"homepage": "https://github.com/actions/attest",
@@ -69,31 +69,31 @@
]
},
"dependencies": {
"@actions/attest": "^1.6.0",
"@actions/attest": "^1.5.0",
"@actions/core": "^1.11.1",
"@actions/github": "^6.0.0",
"@actions/glob": "^0.5.0",
"@sigstore/oci": "^0.5.0",
"@sigstore/oci": "^0.4.0",
"csv-parse": "^5.6.0"
},
"devDependencies": {
"@eslint/js": "^9.24.0",
"@sigstore/mock": "^0.10.0",
"@eslint/js": "^9.19.0",
"@sigstore/mock": "^0.9.0",
"@types/jest": "^29.5.14",
"@types/make-fetch-happen": "^10.0.4",
"@types/node": "^22.14.1",
"@types/node": "^22.10.10",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.24.0",
"eslint": "^9.19.0",
"eslint-plugin-import": "^2.31.0",
"eslint-plugin-jest": "^28.11.0",
"jest": "^29.7.0",
"js-yaml": "^4.1.0",
"markdownlint-cli": "^0.44.0",
"nock": "^13.5.6",
"prettier": "^3.5.3",
"ts-jest": "^29.3.2",
"typescript": "^5.8.3",
"typescript-eslint": "^8.30.1",
"prettier": "^3.4.2",
"ts-jest": "^29.2.5",
"typescript": "^5.7.3",
"typescript-eslint": "^8.22.0",
"undici": "^5.28.5"
}
}
+4 -1
View File
@@ -25,9 +25,12 @@ export const createAttestation = async (
predicateType: predicate.type,
predicate: predicate.params,
sigstore: opts.sigstoreInstance,
token: opts.githubToken
token: opts.githubToken,
skipWrite: true
})
console.log(JSON.stringify(attestation.bundle))
const result: AttestResult = attestation
if (subjects.length === 1 && opts.pushToRegistry) {
+13 -4
View File
@@ -189,10 +189,17 @@ const getSubjectFromChecksumsString = (checksums: string): Subject[] => {
throw new Error(`Invalid digest: ${digest}`)
}
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
})
if (digestAlgorithm(digest) === 'sha1') {
subjects.push({
uri: name,
digest: { [digestAlgorithm(digest)]: digest }
} as any)
} else {
subjects.push({
name,
digest: { [digestAlgorithm(digest)]: digest }
})
}
}
return subjects
@@ -233,6 +240,8 @@ const parseSubjectPathList = (input: string): string[] => {
const digestAlgorithm = (digest: string): string => {
switch (digest.length) {
case 40:
return 'sha1'
case 64:
return 'sha256'
case 128: