Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c16aeb663f | |||
| 1b7e7444b4 |
@@ -323,3 +323,5 @@ jobs:
|
||||
[8]: https://github.com/actions/toolkit/tree/main/packages/glob#patterns
|
||||
[9]:
|
||||
https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
|
||||
|
||||
|
||||
|
||||
+13
-14
@@ -377,9 +377,11 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
|
||||
// Split just the path and ref from the workflow string.
|
||||
// owner/repo/.github/workflows/main.yml@main =>
|
||||
// .github/workflows/main.yml, main
|
||||
const [workflowPath] = claims.workflow_ref
|
||||
const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
|
||||
.replace(`${claims.repository}/`, '')
|
||||
.split('@');
|
||||
// Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
|
||||
const workflowRef = workflowRefChunks.join('@');
|
||||
return {
|
||||
type: SLSA_PREDICATE_V1_TYPE,
|
||||
params: {
|
||||
@@ -387,7 +389,7 @@ const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void
|
||||
buildType: GITHUB_BUILD_TYPE,
|
||||
externalParameters: {
|
||||
workflow: {
|
||||
ref: claims.ref,
|
||||
ref: workflowRef,
|
||||
repository: `${serverURL}/${claims.repository}`,
|
||||
path: workflowPath
|
||||
}
|
||||
@@ -6977,7 +6979,7 @@ module.exports = __toCommonJS(dist_src_exports);
|
||||
var import_universal_user_agent = __nccwpck_require__(33843);
|
||||
|
||||
// pkg/dist-src/version.js
|
||||
var VERSION = "9.0.6";
|
||||
var VERSION = "9.0.4";
|
||||
|
||||
// pkg/dist-src/defaults.js
|
||||
var userAgent = `octokit-endpoint.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`;
|
||||
@@ -7082,9 +7084,9 @@ function addQueryParameters(url, parameters) {
|
||||
}
|
||||
|
||||
// pkg/dist-src/util/extract-url-variable-names.js
|
||||
var urlVariableRegex = /\{[^{}}]+\}/g;
|
||||
var urlVariableRegex = /\{[^}]+\}/g;
|
||||
function removeNonChars(variableName) {
|
||||
return variableName.replace(/(?:^\W+)|(?:(?<!\W)\W+$)/g, "").split(/,/);
|
||||
return variableName.replace(/^\W+|\W+$/g, "").split(/,/);
|
||||
}
|
||||
function extractUrlVariableNames(url) {
|
||||
const matches = url.match(urlVariableRegex);
|
||||
@@ -7270,7 +7272,7 @@ function parse(options) {
|
||||
}
|
||||
if (url.endsWith("/graphql")) {
|
||||
if (options.mediaType.previews?.length) {
|
||||
const previewsFromAcceptHeader = headers.accept.match(/(?<![\w-])[\w-]+(?=-preview)/g) || [];
|
||||
const previewsFromAcceptHeader = headers.accept.match(/[\w-]+(?=-preview)/g) || [];
|
||||
headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map((preview) => {
|
||||
const format = options.mediaType.format ? `.${options.mediaType.format}` : "+json";
|
||||
return `application/vnd.github.${preview}-preview${format}`;
|
||||
@@ -10264,7 +10266,7 @@ var import_endpoint = __nccwpck_require__(54471);
|
||||
var import_universal_user_agent = __nccwpck_require__(33843);
|
||||
|
||||
// pkg/dist-src/version.js
|
||||
var VERSION = "8.4.1";
|
||||
var VERSION = "8.2.0";
|
||||
|
||||
// pkg/dist-src/is-plain-object.js
|
||||
function isPlainObject(value) {
|
||||
@@ -10289,7 +10291,7 @@ function getBufferResponse(response) {
|
||||
|
||||
// pkg/dist-src/fetch-wrapper.js
|
||||
function fetchWrapper(requestOptions) {
|
||||
var _a, _b, _c, _d;
|
||||
var _a, _b, _c;
|
||||
const log = requestOptions.request && requestOptions.request.log ? requestOptions.request.log : console;
|
||||
const parseSuccessResponseBody = ((_a = requestOptions.request) == null ? void 0 : _a.parseSuccessResponseBody) !== false;
|
||||
if (isPlainObject(requestOptions.body) || Array.isArray(requestOptions.body)) {
|
||||
@@ -10310,9 +10312,8 @@ function fetchWrapper(requestOptions) {
|
||||
return fetch(requestOptions.url, {
|
||||
method: requestOptions.method,
|
||||
body: requestOptions.body,
|
||||
redirect: (_c = requestOptions.request) == null ? void 0 : _c.redirect,
|
||||
headers: requestOptions.headers,
|
||||
signal: (_d = requestOptions.request) == null ? void 0 : _d.signal,
|
||||
signal: (_c = requestOptions.request) == null ? void 0 : _c.signal,
|
||||
// duplex must be set if request.body is ReadableStream or Async Iterables.
|
||||
// See https://fetch.spec.whatwg.org/#dom-requestinit-duplex.
|
||||
...requestOptions.body && { duplex: "half" }
|
||||
@@ -10323,7 +10324,7 @@ function fetchWrapper(requestOptions) {
|
||||
headers[keyAndValue[0]] = keyAndValue[1];
|
||||
}
|
||||
if ("deprecation" in headers) {
|
||||
const matches = headers.link && headers.link.match(/<([^<>]+)>; rel="deprecation"/);
|
||||
const matches = headers.link && headers.link.match(/<([^>]+)>; rel="deprecation"/);
|
||||
const deprecationLink = matches && matches.pop();
|
||||
log.warn(
|
||||
`[@octokit/request] "${requestOptions.method} ${requestOptions.url}" is deprecated. It is scheduled to be removed on ${headers.sunset}${deprecationLink ? `. See ${deprecationLink}` : ""}`
|
||||
@@ -12934,7 +12935,7 @@ const getRegistryCredentials = (imageName) => {
|
||||
const { username, password } = (0, exports.fromBasicAuth)(creds.auth);
|
||||
// If the identitytoken is present, use it as the password (primarily for ACR)
|
||||
const pass = creds.identitytoken ? creds.identitytoken : password;
|
||||
return { headers: dockerConfig.HttpHeaders, username, password: pass };
|
||||
return { username, password: pass };
|
||||
};
|
||||
exports.getRegistryCredentials = getRegistryCredentials;
|
||||
// Encode the username and password as base64-encoded basicauth value
|
||||
@@ -13422,8 +13423,6 @@ class RegistryClient {
|
||||
// authenticate requests.
|
||||
// https://github.com/google/go-containerregistry/blob/main/pkg/authn/README.md#the-registry
|
||||
async signIn(creds) {
|
||||
// Ensure we include an auth headers if they are present
|
||||
__classPrivateFieldSet(this, _RegistryClient_fetch, __classPrivateFieldGet(this, _RegistryClient_fetch, "f").defaults({ headers: creds.headers }), "f");
|
||||
// Initiate a blob upload to get the auth challenge
|
||||
const probeResponse = await __classPrivateFieldGet(this, _RegistryClient_fetch, "f").call(this, `${__classPrivateFieldGet(this, _RegistryClient_baseURL, "f")}/v2/${__classPrivateFieldGet(this, _RegistryClient_repository, "f")}/blobs/uploads/`, { method: 'POST' });
|
||||
// If we get a 200 response, we're already authenticated
|
||||
|
||||
Generated
+514
-418
File diff suppressed because it is too large
Load Diff
+10
-10
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "actions/attest",
|
||||
"description": "Generate signed attestations for workflow artifacts",
|
||||
"version": "2.3.0",
|
||||
"version": "2.2.0",
|
||||
"author": "",
|
||||
"private": true,
|
||||
"homepage": "https://github.com/actions/attest",
|
||||
@@ -69,31 +69,31 @@
|
||||
]
|
||||
},
|
||||
"dependencies": {
|
||||
"@actions/attest": "^1.6.0",
|
||||
"@actions/attest": "^1.5.0",
|
||||
"@actions/core": "^1.11.1",
|
||||
"@actions/github": "^6.0.0",
|
||||
"@actions/glob": "^0.5.0",
|
||||
"@sigstore/oci": "^0.5.0",
|
||||
"@sigstore/oci": "^0.4.0",
|
||||
"csv-parse": "^5.6.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@eslint/js": "^9.24.0",
|
||||
"@eslint/js": "^9.21.0",
|
||||
"@sigstore/mock": "^0.10.0",
|
||||
"@types/jest": "^29.5.14",
|
||||
"@types/make-fetch-happen": "^10.0.4",
|
||||
"@types/node": "^22.14.1",
|
||||
"@types/node": "^22.13.5",
|
||||
"@vercel/ncc": "^0.38.3",
|
||||
"eslint": "^9.24.0",
|
||||
"eslint": "^9.21.0",
|
||||
"eslint-plugin-import": "^2.31.0",
|
||||
"eslint-plugin-jest": "^28.11.0",
|
||||
"jest": "^29.7.0",
|
||||
"js-yaml": "^4.1.0",
|
||||
"markdownlint-cli": "^0.44.0",
|
||||
"nock": "^13.5.6",
|
||||
"prettier": "^3.5.3",
|
||||
"ts-jest": "^29.3.2",
|
||||
"typescript": "^5.8.3",
|
||||
"typescript-eslint": "^8.30.1",
|
||||
"prettier": "^3.5.2",
|
||||
"ts-jest": "^29.2.6",
|
||||
"typescript": "^5.7.3",
|
||||
"typescript-eslint": "^8.25.0",
|
||||
"undici": "^5.28.5"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user