Compare commits

..

8 Commits

Author SHA1 Message Date
Brian DeHamer 8cb9193776 new OCI compat mode flag
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-10 09:41:02 -07:00
Brian DeHamer 99cf707746 another take on an empty config
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-10 08:47:16 -07:00
Brian DeHamer 6e1e49a5d4 try empty descriptor
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-09 17:41:13 -07:00
Brian DeHamer c8edbd7693 redefine empty blob
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-09 16:41:18 -07:00
Brian DeHamer f4f308e094 tweak logging
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-09 14:43:34 -07:00
Brian DeHamer 3a105d9b34 dump probe response headers
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-09 10:56:02 -07:00
Brian DeHamer bb7f52f719 more debug logging
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-09 10:33:50 -07:00
Brian DeHamer 6d85257406 experiment w/ OCI header auth
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-04-03 17:47:14 -07:00
7 changed files with 38638 additions and 1841 deletions
+1 -5
View File
@@ -38,7 +38,7 @@ jobs:
- name: Lint Codebase
id: super-linter
uses: super-linter/super-linter/slim@v7.4.0
uses: super-linter/super-linter/slim@v7.2.1
env:
DEFAULT_BRANCH: main
FILTER_REGEX_EXCLUDE: dist/**/*
@@ -47,8 +47,4 @@ jobs:
VALIDATE_ALL_CODEBASE: true
VALIDATE_JAVASCRIPT_STANDARD: false
VALIDATE_TYPESCRIPT_STANDARD: false
VALIDATE_TYPESCRIPT_ES: false
VALIDATE_JSCPD: false
- name: Run eslint
run: npm run lint:eslint
-6
View File
@@ -18,12 +18,6 @@ Once the attestation has been created and signed, it will be uploaded to the GH
attestations API and associated with the repository from which the workflow was
initiated.
When an attestation is created, the attestation is stored on the local
filesystem used by the runner. For each attestation created, the filesystem path
will be appended to the file `${RUNNER_TEMP}/created_attestation_paths.txt`.
This can be used to gather all attestations created by all jobs during a the
workflow.
Attestations can be verified using the [`attestation` command in the GitHub
CLI][5].
Generated Vendored
+287
View File
@@ -0,0 +1,287 @@
"use strict";
exports.id = 184;
exports.ids = [184];
exports.modules = {
/***/ 91184:
/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
/* harmony export */ __webpack_require__.d(__webpack_exports__, {
/* harmony export */ "default": () => (/* binding */ pMap)
/* harmony export */ });
/* unused harmony exports pMapIterable, pMapSkip */
async function pMap(
iterable,
mapper,
{
concurrency = Number.POSITIVE_INFINITY,
stopOnError = true,
signal,
} = {},
) {
return new Promise((resolve, reject_) => {
if (iterable[Symbol.iterator] === undefined && iterable[Symbol.asyncIterator] === undefined) {
throw new TypeError(`Expected \`input\` to be either an \`Iterable\` or \`AsyncIterable\`, got (${typeof iterable})`);
}
if (typeof mapper !== 'function') {
throw new TypeError('Mapper function is required');
}
if (!((Number.isSafeInteger(concurrency) && concurrency >= 1) || concurrency === Number.POSITIVE_INFINITY)) {
throw new TypeError(`Expected \`concurrency\` to be an integer from 1 and up or \`Infinity\`, got \`${concurrency}\` (${typeof concurrency})`);
}
const result = [];
const errors = [];
const skippedIndexesMap = new Map();
let isRejected = false;
let isResolved = false;
let isIterableDone = false;
let resolvingCount = 0;
let currentIndex = 0;
const iterator = iterable[Symbol.iterator] === undefined ? iterable[Symbol.asyncIterator]() : iterable[Symbol.iterator]();
const reject = reason => {
isRejected = true;
isResolved = true;
reject_(reason);
};
if (signal) {
if (signal.aborted) {
reject(signal.reason);
}
signal.addEventListener('abort', () => {
reject(signal.reason);
});
}
const next = async () => {
if (isResolved) {
return;
}
const nextItem = await iterator.next();
const index = currentIndex;
currentIndex++;
// Note: `iterator.next()` can be called many times in parallel.
// This can cause multiple calls to this `next()` function to
// receive a `nextItem` with `done === true`.
// The shutdown logic that rejects/resolves must be protected
// so it runs only one time as the `skippedIndex` logic is
// non-idempotent.
if (nextItem.done) {
isIterableDone = true;
if (resolvingCount === 0 && !isResolved) {
if (!stopOnError && errors.length > 0) {
reject(new AggregateError(errors)); // eslint-disable-line unicorn/error-message
return;
}
isResolved = true;
if (skippedIndexesMap.size === 0) {
resolve(result);
return;
}
const pureResult = [];
// Support multiple `pMapSkip`'s.
for (const [index, value] of result.entries()) {
if (skippedIndexesMap.get(index) === pMapSkip) {
continue;
}
pureResult.push(value);
}
resolve(pureResult);
}
return;
}
resolvingCount++;
// Intentionally detached
(async () => {
try {
const element = await nextItem.value;
if (isResolved) {
return;
}
const value = await mapper(element, index);
// Use Map to stage the index of the element.
if (value === pMapSkip) {
skippedIndexesMap.set(index, value);
}
result[index] = value;
resolvingCount--;
await next();
} catch (error) {
if (stopOnError) {
reject(error);
} else {
errors.push(error);
resolvingCount--;
// In that case we can't really continue regardless of `stopOnError` state
// since an iterable is likely to continue throwing after it throws once.
// If we continue calling `next()` indefinitely we will likely end up
// in an infinite loop of failed iteration.
try {
await next();
} catch (error) {
reject(error);
}
}
}
})();
};
// Create the concurrent runners in a detached (non-awaited)
// promise. We need this so we can await the `next()` calls
// to stop creating runners before hitting the concurrency limit
// if the iterable has already been marked as done.
// NOTE: We *must* do this for async iterators otherwise we'll spin up
// infinite `next()` calls by default and never start the event loop.
(async () => {
for (let index = 0; index < concurrency; index++) {
try {
// eslint-disable-next-line no-await-in-loop
await next();
} catch (error) {
reject(error);
break;
}
if (isIterableDone || isRejected) {
break;
}
}
})();
});
}
function pMapIterable(
iterable,
mapper,
{
concurrency = Number.POSITIVE_INFINITY,
backpressure = concurrency,
} = {},
) {
if (iterable[Symbol.iterator] === undefined && iterable[Symbol.asyncIterator] === undefined) {
throw new TypeError(`Expected \`input\` to be either an \`Iterable\` or \`AsyncIterable\`, got (${typeof iterable})`);
}
if (typeof mapper !== 'function') {
throw new TypeError('Mapper function is required');
}
if (!((Number.isSafeInteger(concurrency) && concurrency >= 1) || concurrency === Number.POSITIVE_INFINITY)) {
throw new TypeError(`Expected \`concurrency\` to be an integer from 1 and up or \`Infinity\`, got \`${concurrency}\` (${typeof concurrency})`);
}
if (!((Number.isSafeInteger(backpressure) && backpressure >= concurrency) || backpressure === Number.POSITIVE_INFINITY)) {
throw new TypeError(`Expected \`backpressure\` to be an integer from \`concurrency\` (${concurrency}) and up or \`Infinity\`, got \`${backpressure}\` (${typeof backpressure})`);
}
return {
async * [Symbol.asyncIterator]() {
const iterator = iterable[Symbol.asyncIterator] === undefined ? iterable[Symbol.iterator]() : iterable[Symbol.asyncIterator]();
const promises = [];
let runningMappersCount = 0;
let isDone = false;
let index = 0;
function trySpawn() {
if (isDone || !(runningMappersCount < concurrency && promises.length < backpressure)) {
return;
}
const promise = (async () => {
const {done, value} = await iterator.next();
if (done) {
return {done: true};
}
runningMappersCount++;
// Spawn if still below concurrency and backpressure limit
trySpawn();
try {
const returnValue = await mapper(await value, index++);
runningMappersCount--;
if (returnValue === pMapSkip) {
const index = promises.indexOf(promise);
if (index > 0) {
promises.splice(index, 1);
}
}
// Spawn if still below backpressure limit and just dropped below concurrency limit
trySpawn();
return {done: false, value: returnValue};
} catch (error) {
isDone = true;
return {error};
}
})();
promises.push(promise);
}
trySpawn();
while (promises.length > 0) {
const {error, done, value} = await promises[0]; // eslint-disable-line no-await-in-loop
promises.shift();
if (error) {
throw error;
}
if (done) {
return;
}
// Spawn if just dropped below backpressure limit and below the concurrency limit
trySpawn();
if (value === pMapSkip) {
continue;
}
yield value;
}
},
};
}
const pMapSkip = Symbol('skip');
/***/ })
};
;
Generated Vendored
+37657 -1062
View File
File diff suppressed because one or more lines are too long
+681 -741
View File
File diff suppressed because it is too large Load Diff
+12 -12
View File
@@ -1,7 +1,7 @@
{
"name": "actions/attest",
"description": "Generate signed attestations for workflow artifacts",
"version": "2.4.0",
"version": "2.2.1",
"author": "",
"private": true,
"homepage": "https://github.com/actions/attest",
@@ -71,29 +71,29 @@
"dependencies": {
"@actions/attest": "^1.6.0",
"@actions/core": "^1.11.1",
"@actions/github": "^6.0.1",
"@actions/github": "^6.0.0",
"@actions/glob": "^0.5.0",
"@sigstore/oci": "^0.5.0",
"@sigstore/oci": "^0.4.0",
"csv-parse": "^5.6.0"
},
"devDependencies": {
"@eslint/js": "^9.28.0",
"@eslint/js": "^9.23.0",
"@sigstore/mock": "^0.10.0",
"@types/jest": "^29.5.14",
"@types/make-fetch-happen": "^10.0.4",
"@types/node": "^22.15.30",
"@types/node": "^22.13.14",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.28.0",
"eslint": "^9.23.0",
"eslint-plugin-import": "^2.31.0",
"eslint-plugin-jest": "^28.13.0",
"eslint-plugin-jest": "^28.11.0",
"jest": "^29.7.0",
"js-yaml": "^4.1.0",
"markdownlint-cli": "^0.45.0",
"markdownlint-cli": "^0.44.0",
"nock": "^13.5.6",
"prettier": "^3.5.3",
"ts-jest": "^29.3.4",
"typescript": "^5.8.3",
"typescript-eslint": "^8.34.0",
"undici": "^5.29.0"
"ts-jest": "^29.3.1",
"typescript": "^5.8.2",
"typescript-eslint": "^8.29.0",
"undici": "^5.28.5"
}
}
-15
View File
@@ -16,7 +16,6 @@ import {
import type { Subject } from '@actions/attest'
const ATTESTATION_FILE_NAME = 'attestation.json'
const ATTESTATION_PATHS_FILE_NAME = 'created_attestation_paths.txt'
export type RunInputs = SubjectInputs &
PredicateInputs & {
@@ -80,20 +79,6 @@ export async function run(inputs: RunInputs): Promise<void> {
flag: 'a'
})
const baseDir = process.env.RUNNER_TEMP
if (baseDir) {
const outputSummaryPath = path.join(baseDir, ATTESTATION_PATHS_FILE_NAME)
// Append the output path to the attestations paths file
fs.appendFileSync(outputSummaryPath, outputPath + os.EOL, {
encoding: 'utf-8',
flag: 'a'
})
} else {
core.warning(
'RUNNER_TEMP environment variable is not set. Cannot write attestation paths file.'
)
}
if (att.attestationID) {
core.setOutput('attestation-id', att.attestationID)
core.setOutput('attestation-url', attestationURL(att.attestationID))