Compare commits

..

46 Commits

Author SHA1 Message Date
Meredith Lancaster cef9ee9223 remove comment
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 13:18:59 -08:00
Meredith Lancaster 554882dca6 remove unused mocks
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 13:15:37 -08:00
Meredith Lancaster bdb27c47d0 tests handle esm
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 13:09:33 -08:00
Meredith Lancaster c44ed442f4 update eslint and ts configs to handle esm
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 13:09:08 -08:00
Meredith Lancaster 4eb88dc0f0 drop old jest setup
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 13:08:11 -08:00
Meredith Lancaster 6f4be31791 move jest config to separate file
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 13:07:47 -08:00
Meredith Lancaster 20984daf61 regenerate dist
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 11:15:36 -08:00
Meredith Lancaster 858f1cb727 regenerate dist
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 11:09:12 -08:00
Meredith Lancaster 0345c893f4 update esm imports
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 11:09:06 -08:00
Meredith Lancaster 75dea93e1d include type:module in package
Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-02-05 11:08:57 -08:00
dependabot[bot] a82737a684 Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 (#342)
* Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1

Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1.

---
updated-dependencies:
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate package-lock

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>
2026-02-05 10:03:29 -08:00
dependabot[bot] 9a85e4f48a Bump the npm-development group with 2 updates (#338)
Bumps the npm-development group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [undici](https://github.com/nodejs/undici).


Updates `@types/node` from 25.1.0 to 25.2.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `undici` from 7.19.2 to 7.20.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v7.19.2...v7.20.0)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: undici
  dependency-version: 7.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-03 14:50:42 -08:00
dependabot[bot] 615da641f0 Bump tar from 7.4.3 to 7.5.7 (#337)
* Bump tar from 7.4.3 to 7.5.7

Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.7.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Rebuild dist after dependency updates

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2026-01-29 15:03:36 -08:00
dependabot[bot] 411f73e40b Bump @actions/attest from 2.1.0 to 2.2.0 (#325)
* Bump @actions/attest from 2.1.0 to 2.2.0

Bumps [@actions/attest](https://github.com/actions/toolkit/tree/HEAD/packages/attest) from 2.1.0 to 2.2.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/attest)

---
updated-dependencies:
- dependency-name: "@actions/attest"
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update dist/ after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2026-01-29 15:01:54 -08:00
dependabot[bot] 95674aef8a Bump @actions/github from 6.0.1 to 7.0.0 (#324)
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 6.0.1 to 7.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2026-01-28 15:29:26 -08:00
dependabot[bot] 775709ffff Bump the npm-development group across 1 directory with 5 updates (#336)
* Bump the npm-development group across 1 directory with 5 updates

Bumps the npm-development group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.3` | `25.0.10` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.9.0` | `29.12.1` |
| [prettier](https://github.com/prettier/prettier) | `3.7.4` | `3.8.1` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.50.1` | `8.54.0` |
| [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.19.1` |



Updates `@types/node` from 25.0.3 to 25.0.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jest` from 29.9.0 to 29.12.1
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.9.0...v29.12.1)

Updates `prettier` from 3.7.4 to 3.8.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.7.4...3.8.1)

Updates `typescript-eslint` from 8.50.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/typescript-eslint)

Updates `undici` from 7.18.2 to 7.19.1
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v7.18.2...v7.19.1)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.12.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-version: 3.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: undici
  dependency-version: 7.19.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update dist/ after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2026-01-27 18:41:15 -08:00
dependabot[bot] 6d9cc6edb5 Bump tar from 7.4.3 to 7.5.6 (#333)
* Bump tar from 7.4.3 to 7.5.6

Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.6.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.6)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update dist/ after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2026-01-27 18:40:58 -08:00
dependabot[bot] 792c62d14a Bump @actions/core from 2.0.1 to 2.0.2 in the npm-production group (#323)
Bumps the npm-production group with 1 update: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core).


Updates `@actions/core` from 2.0.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2026-01-27 18:40:13 -08:00
dependabot[bot] 65786c7512 Bump the actions-minor group across 1 directory with 2 updates (#335)
Bumps the actions-minor group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-node](https://github.com/actions/setup-node).


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2)

Updates `actions/setup-node` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
- dependency-name: actions/setup-node
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-27 15:27:59 -08:00
Meredith Lancaster e59cbc1ad1 Update version to 3.2.0 (#334)
* update version to 3.2.0

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate package-lock

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-01-26 08:59:13 -08:00
Meredith Lancaster 20eb46ce7a Validate repository org-ownership before storage record creation (#328)
* check if the repository is owned by org before attempting storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* linter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* generate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add fixtures for repoOwnerIsOrg function

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up fixtures

Signed-off-by: Meredith Lancaster <malancas@github.com>

* more clean up

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix function declaration

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up fixtures

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add test when repo is not owned by org

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more expect statements, clean up mock calls

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more spy expect statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-01-26 08:31:21 -08:00
Meredith Lancaster 7433fa7e7a Update undici development dependency to the latest version (#332)
* update undici dep to the latest version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update to v7.18.2

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
2026-01-20 16:21:19 -08:00
dependabot[bot] c03bf4160d Bump the npm-development group with 3 updates (#320)
Bumps the npm-development group with 3 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@types/node` from 25.0.2 to 25.0.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jest` from 29.5.0 to 29.9.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.5.0...v29.9.0)

Updates `typescript-eslint` from 8.50.0 to 8.50.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.50.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.50.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-02 05:03:48 -08:00
Meredith Lancaster 7667f588f2 Create Artifact Metadata Storage Record on registry push (#313)
* first pass at creating storage record

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include storage record param in action config

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use latest actions/attest version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update storage record params

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include storage record id in result

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add documentation on storage records

Signed-off-by: Meredith Lancaster <malancas@github.com>

* log storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add storage record output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add new param

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add storage record id output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix linter errors

Signed-off-by: Meredith Lancaster <malancas@github.com>

* return all storage record ids

Signed-off-by: Meredith Lancaster <malancas@github.com>

* bump minor version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use expect string match function

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add try catch block for storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix table column spacing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for protocol

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for artifact url protocol

Signed-off-by: Meredith Lancaster <malancas@github.com>

* only fill registry_url for now

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup protocol handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* handle subject name correctly

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add back assert statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add back output assert statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* use url for subject name parsing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add missing test setpu

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix storage record fail test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-18 11:30:45 -08:00
dependabot[bot] 0512723b04 Bump @actions/core from 1.11.1 to 2.0.1 (#318)
* Bump @actions/core from 1.11.1 to 2.0.1

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.11.1 to 2.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/@actions/artifact@2.0.1/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
2025-12-15 16:39:30 -08:00
dependabot[bot] c16e6655b7 Bump the npm-development group with 5 updates (#315)
Bumps the npm-development group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.1` | `9.39.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `9.39.2` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.2.1` | `29.5.0` |
| [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | `0.46.0` | `0.47.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.49.0` | `8.50.0` |


Updates `@eslint/js` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js)

Updates `eslint` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.1...v9.39.2)

Updates `eslint-plugin-jest` from 29.2.1 to 29.5.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.2.1...v29.5.0)

Updates `markdownlint-cli` from 0.46.0 to 0.47.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.46.0...v0.47.0)

Updates `typescript-eslint` from 8.49.0 to 8.50.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.50.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: markdownlint-cli
  dependency-version: 0.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.50.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 16:27:15 -08:00
dependabot[bot] 3374a04c9f Bump @types/node from 24.10.1 to 25.0.2 (#317)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.1 to 25.0.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 16:23:27 -08:00
dependabot[bot] 8ed7eda47c Bump actions/upload-artifact from 5 to 6 (#314)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 14:54:32 -08:00
dependabot[bot] 6440a037b1 Bump the npm-development group with 2 updates (#312)
Bumps the npm-development group with 2 updates: [prettier](https://github.com/prettier/prettier) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `prettier` from 3.7.3 to 3.7.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.7.3...3.7.4)

Updates `typescript-eslint` from 8.48.0 to 8.49.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.49.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.7.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.49.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 08:42:03 -08:00
dependabot[bot] 70b5d87a50 Bump the actions-minor group with 2 updates (#311)
Bumps the actions-minor group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-node](https://github.com/actions/setup-node).


Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

Updates `actions/setup-node` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6...v6.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
- dependency-name: actions/setup-node
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 08:41:09 -08:00
dependabot[bot] 9902fb2594 Bump the npm-development group with 2 updates (#310)
Bumps the npm-development group with 2 updates: [prettier](https://github.com/prettier/prettier) and [ts-jest](https://github.com/kulshekhar/ts-jest).


Updates `prettier` from 3.6.2 to 3.7.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.6.2...3.7.3)

Updates `ts-jest` from 29.4.5 to 29.4.6
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.5...v29.4.6)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.7.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-version: 29.4.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 19:16:19 -08:00
dependabot[bot] 3293874900 Bump actions/checkout from 5.0.1 to 6.0.0 (#308)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-26 08:44:16 -08:00
dependabot[bot] 88adb86536 Bump the npm-development group with 2 updates (#307)
Bumps the npm-development group with 2 updates: [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `eslint-plugin-jest` from 29.1.0 to 29.2.1
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.1.0...v29.2.1)

Updates `typescript-eslint` from 8.47.0 to 8.48.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-version: 29.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.48.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 14:32:05 -08:00
dependabot[bot] a6ce6d776c Bump actions/checkout from 5 to 6 (#306)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 14:31:23 -08:00
dependabot[bot] 2498417848 Bump glob and markdownlint-cli (#305)
* Bump glob and markdownlint-cli

Bumps [glob](https://github.com/isaacs/node-glob) to 10.5.0 and updates ancestor dependencies [glob](https://github.com/isaacs/node-glob) and [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli). These dependencies need to be updated together.


Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

Updates `glob` from 11.0.3 to 11.1.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

Updates `markdownlint-cli` from 0.45.0 to 0.46.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: indirect
- dependency-name: markdownlint-cli
  dependency-version: 0.46.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* ran npm run bundle and commit /dist changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2025-11-20 10:17:59 -08:00
dependabot[bot] 498dbf428a Bump the npm-development group across 1 directory with 6 updates (#302)
* Bump the npm-development group across 1 directory with 6 updates

Bumps the npm-development group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.37.0` | `9.39.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.7.0` | `24.10.0` |
| [eslint](https://github.com/eslint/eslint) | `9.37.0` | `9.39.1` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.0.1` | `29.1.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.4` | `29.4.5` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.46.0` | `8.46.4` |



Updates `@eslint/js` from 9.37.0 to 9.39.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.1/packages/js)

Updates `@types/node` from 24.7.0 to 24.10.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.37.0 to 9.39.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.37.0...v9.39.1)

Updates `eslint-plugin-jest` from 29.0.1 to 29.1.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.0.1...v29.1.0)

Updates `ts-jest` from 29.4.4 to 29.4.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.4...v29.4.5)

Updates `typescript-eslint` from 8.46.0 to 8.46.4
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.4/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 24.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.39.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-version: 29.4.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.46.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* ran npm run bundle and commit /dist changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2025-11-20 10:17:12 -08:00
dependabot[bot] 065aa7392a Bump @actions/attest from 1.6.0 to 2.0.0 (#299)
* Bump @actions/attest from 1.6.0 to 2.0.0

Bumps [@actions/attest](https://github.com/actions/toolkit/tree/HEAD/packages/attest) from 1.6.0 to 2.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/attest)

---
updated-dependencies:
- dependency-name: "@actions/attest"
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* ran npm run bundle and commit /dist changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2025-11-20 10:16:34 -08:00
dependabot[bot] 9ad3ee754c Bump actions/setup-node from 5.0.0 to 6.0.0 (#296)
* Bump actions/setup-node from 5.0.0 to 6.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix actions/setup-node v6.0.0 version comment and commit hash (#304)

* Initial plan

* Fix actions/setup-node v6.0.0 comment and hash

Co-authored-by: tingx2wang <17136661+tingx2wang@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tingx2wang <17136661+tingx2wang@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tingx2wang <17136661+tingx2wang@users.noreply.github.com>
2025-11-20 10:15:59 -08:00
dependabot[bot] 139b0f683f Bump actions/upload-artifact from 4 to 5 (#298)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
2025-11-18 16:09:35 -08:00
dependabot[bot] faa0536652 Bump js-yaml from 4.1.0 to 4.1.1 (#303)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-17 10:13:47 -08:00
dependabot[bot] d59d2680aa Bump github/codeql-action from 3 to 4 (#293)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-17 10:54:18 -07:00
dependabot[bot] 935b19fceb Bump the npm-development group with 5 updates (#292)
Bumps the npm-development group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.36.0` | `9.37.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.6.0` | `24.7.0` |
| [eslint](https://github.com/eslint/eslint) | `9.36.0` | `9.37.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.2` | `5.9.3` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.45.0` | `8.46.0` |


Updates `@eslint/js` from 9.36.0 to 9.37.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js)

Updates `@types/node` from 24.6.0 to 24.7.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.36.0 to 9.37.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.36.0...v9.37.0)

Updates `typescript` from 5.9.2 to 5.9.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.2...v5.9.3)

Updates `typescript-eslint` from 8.45.0 to 8.46.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 24.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript
  dependency-version: 5.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.46.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-07 06:41:54 -07:00
dependabot[bot] 51eca592cc Bump the npm-development group with 3 updates (#291)
Bumps the npm-development group with 3 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@types/node` from 24.5.2 to 24.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `jest` from 30.1.3 to 30.2.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.2.0/packages/jest)

Updates `typescript-eslint` from 8.44.1 to 8.45.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: jest
  dependency-version: 30.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 10:04:14 -07:00
dependabot[bot] 419b2d7b05 Bump the npm-development group across 1 directory with 6 updates (#290)
Bumps the npm-development group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.35.0` | `9.36.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.1` | `24.5.2` |
| [@vercel/ncc](https://github.com/vercel/ncc) | `0.38.3` | `0.38.4` |
| [eslint](https://github.com/eslint/eslint) | `9.35.0` | `9.36.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.1` | `29.4.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.43.0` | `8.44.1` |



Updates `@eslint/js` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.36.0/packages/js)

Updates `@types/node` from 24.3.1 to 24.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vercel/ncc` from 0.38.3 to 0.38.4
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.3...0.38.4)

Updates `eslint` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.35.0...v9.36.0)

Updates `ts-jest` from 29.4.1 to 29.4.4
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.1...v29.4.4)

Updates `typescript-eslint` from 8.43.0 to 8.44.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.44.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 24.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@vercel/ncc"
  dependency-version: 0.38.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-version: 29.4.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.44.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 14:15:27 -04:00
dependabot[bot] 4ed1c73c0c Bump actions/setup-node from 4 to 5 (#286)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-12 13:06:37 -07:00
dependabot[bot] 8255f5ff67 Bump the npm-development group across 1 directory with 5 updates (#287)
Bumps the npm-development group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.34.0` | `9.35.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.0` | `24.3.1` |
| [eslint](https://github.com/eslint/eslint) | `9.34.0` | `9.35.0` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.0.5` | `30.1.3` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.41.0` | `8.43.0` |



Updates `@eslint/js` from 9.34.0 to 9.35.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.35.0/packages/js)

Updates `@types/node` from 24.3.0 to 24.3.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.34.0 to 9.35.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.34.0...v9.35.0)

Updates `jest` from 30.0.5 to 30.1.3
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.1.3/packages/jest)

Updates `typescript-eslint` from 8.41.0 to 8.43.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 24.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: jest
  dependency-version: 30.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-12 13:06:00 -07:00
23 changed files with 69505 additions and 42211 deletions
+3 -3
View File
@@ -28,11 +28,11 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v5
uses: actions/checkout@v6.0.2
- name: Setup Node.js
id: setup-node
uses: actions/setup-node@v4
uses: actions/setup-node@v6.2.0
with:
node-version-file: .node-version
cache: npm
@@ -60,7 +60,7 @@ jobs:
- if: ${{ failure() && steps.diff.outcome == 'failure' }}
name: Upload Artifact
id: upload
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v6
with:
name: dist
path: dist/
+3 -3
View File
@@ -21,11 +21,11 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
- name: Setup Node.js
id: setup-node
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version-file: .node-version
cache: npm
@@ -58,7 +58,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
- name: Calculate subject digest
id: subject
env:
+4 -4
View File
@@ -32,19 +32,19 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v5
uses: actions/checkout@v6.0.2
- name: Initialize CodeQL
id: initialize
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
source-root: src
- name: Autobuild
id: autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
id: analyze
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@v4
+20 -6
View File
@@ -52,11 +52,13 @@ attest:
permissions:
id-token: write
attestations: write
artifact-metadata: write
```
The `id-token` permission gives the action the ability to mint the OIDC token
necessary to request a Sigstore signing certificate. The `attestations`
permission is necessary to persist the attestation.
permission is necessary to persist the attestation. The `artifact-metadata`
permission is necessary to create the artifact storage record.
1. Add the following to your workflow after your artifact has been built:
@@ -118,6 +120,12 @@ See [action.yml](action.yml)
# the "subject-digest" parameter be specified. Defaults to false.
push-to-registry:
# Whether to create a storage record for the artifact.
# Requires that push-to-registry is set to true.
# Requires that the "subject-name" parameter specify the fully-qualified
# image name. Defaults to true.
create-storage-record:
# Whether to attach a list of generated attestations to the workflow run
# summary page. Defaults to true.
show-summary:
@@ -131,11 +139,12 @@ See [action.yml](action.yml)
<!-- markdownlint-disable MD013 -->
| Name | Description | Example |
| ----------------- | -------------------------------------------------------------- | ------------------------------------------------ |
| `attestation-id` | GitHub ID for the attestation | `123456` |
| `attestation-url` | URL for the attestation summary | `https://github.com/foo/bar/attestations/123456` |
| `bundle-path` | Absolute path to the file containing the generated attestation | `/tmp/attestation.json` |
| Name | Description | Example |
| ------------------- | -------------------------------------------------------------- | ------------------------------------------------ |
| `attestation-id` | GitHub ID for the attestation | `123456` |
| `attestation-url` | URL for the attestation summary | `https://github.com/foo/bar/attestations/123456` |
| `bundle-path` | Absolute path to the file containing the generated attestation | `/tmp/attestation.json` |
| `storage-record-ids` | GitHub IDs for the storage records | `987654` |
<!-- markdownlint-enable MD013 -->
@@ -269,6 +278,10 @@ fully-qualified image name (e.g. "ghcr.io/user/app" or
"acme.azurecr.io/user/app"). Do NOT include a tag as part of the image name --
the specific image being attested is identified by the supplied digest.
If the `push-to-registry` option is set to true, the Action will also
emit an Artifact Metadata Storage Record. If you do not want to emit a
storage record, set `create-storage-record` to `false`.
> **NOTE**: When pushing to Docker Hub, please use "docker.io" as the registry
> portion of the image name.
@@ -287,6 +300,7 @@ jobs:
packages: write
contents: read
attestations: write
artifact-metadata: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
+15 -9
View File
@@ -2,20 +2,26 @@
* Unit tests for the action's entrypoint, src/index.ts
*/
import * as core from '@actions/core'
import * as main from '../src/main'
import { jest, describe, expect, beforeEach } from '@jest/globals'
// Mock the action's entrypoint
const runMock = jest.spyOn(main, 'run').mockImplementation()
const getBooleanInputMock = jest.spyOn(core, 'getBooleanInput')
// Mock modules before importing them
const runMock = jest.fn<() => Promise<void>>()
jest.unstable_mockModule('../src/main', () => ({
run: runMock
}))
jest.unstable_mockModule('@actions/core', () => ({
getInput: jest.fn(() => ''),
getBooleanInput: jest.fn(() => false)
}))
describe('index', () => {
beforeEach(() => {
getBooleanInputMock.mockImplementation(() => false)
jest.clearAllMocks()
})
it('calls run when imported', () => {
// eslint-disable-next-line @typescript-eslint/no-require-imports
require('../src/index')
it('calls run when imported', async () => {
await import('../src/index.js')
expect(runMock).toHaveBeenCalled()
})
+250 -68
View File
@@ -5,38 +5,110 @@
* Specifically, the inputs listed in `action.yml` should be set as environment
* variables following the pattern `INPUT_<INPUT_NAME>`.
*/
import * as core from '@actions/core'
import * as github from '@actions/github'
import { mockFulcio, mockRekor, mockTSA } from '@sigstore/mock'
import * as oci from '@sigstore/oci'
import fs from 'fs/promises'
import nock from 'nock'
import os from 'os'
import path from 'path'
import { MockAgent, setGlobalDispatcher } from 'undici'
import { SEARCH_PUBLIC_GOOD_URL } from '../src/endpoints'
import * as main from '../src/main'
import {
jest,
describe,
expect,
beforeEach,
afterEach,
it
} from '@jest/globals'
import type { RunInputs } from '../src/main.js'
// Mock the GitHub Actions core library
const infoMock = jest.spyOn(core, 'info')
const startGroupMock = jest.spyOn(core, 'startGroup')
const setOutputMock = jest.spyOn(core, 'setOutput')
const setFailedMock = jest.spyOn(core, 'setFailed')
// Create mock functions for core
const infoMock = jest.fn()
const warningMock = jest.fn()
const startGroupMock = jest.fn()
const endGroupMock = jest.fn()
const setOutputMock = jest.fn()
const setFailedMock = jest.fn()
const summaryWriteMock = jest.fn<() => Promise<void>>()
// Ensure that setFailed doesn't set an exit code during tests
setFailedMock.mockImplementation(() => {})
// Create a mock summary object
const mockSummary = {
addHeading: jest.fn().mockReturnThis(),
addRaw: jest.fn().mockReturnThis(),
addTable: jest.fn().mockReturnThis(),
addSeparator: jest.fn().mockReturnThis(),
addLink: jest.fn().mockReturnThis(),
addBreak: jest.fn().mockReturnThis(),
addList: jest.fn().mockReturnThis(),
write: summaryWriteMock.mockResolvedValue(undefined)
}
const summaryWriteMock = jest.spyOn(core.summary, 'write')
summaryWriteMock.mockImplementation(async () => Promise.resolve(core.summary))
// Mock @actions/core before importing
jest.unstable_mockModule('@actions/core', () => ({
info: infoMock,
warning: warningMock,
startGroup: startGroupMock,
endGroup: endGroupMock,
setOutput: setOutputMock,
setFailed: setFailedMock,
summary: mockSummary
}))
// Mock the action's main function
const runMock = jest.spyOn(main, 'run')
// Create mocks for OCI and attest modules
/* eslint-disable @typescript-eslint/no-explicit-any */
const getRegistryCredentialsMock = jest.fn<(...args: any[]) => any>()
const attachArtifactToImageMock = jest.fn<(...args: any[]) => any>()
const createStorageRecordMock = jest.fn<(...args: any[]) => any>()
const attestMock = jest.fn<(...args: any[]) => any>()
/* eslint-enable @typescript-eslint/no-explicit-any */
// Mock @sigstore/oci
jest.unstable_mockModule('@sigstore/oci', () => ({
getRegistryCredentials: getRegistryCredentialsMock,
attachArtifactToImage: attachArtifactToImageMock
}))
// Mock @actions/attest
jest.unstable_mockModule('@actions/attest', () => ({
attest: attestMock,
createStorageRecord: createStorageRecordMock
}))
// Create a mutable context object for @actions/github
const mockContext: Record<string, unknown> = {}
// Mock for getOctokit to return a mock octokit client
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const mockReposGet = jest.fn<(...args: any[]) => any>()
const mockOctokit = {
rest: {
repos: {
get: mockReposGet
}
}
}
jest.unstable_mockModule('@actions/github', () => ({
context: mockContext,
getOctokit: jest.fn(() => mockOctokit)
}))
// Helper to set the mocked GitHub context
function setGHContext(context: object): void {
Object.keys(mockContext).forEach(key => delete mockContext[key])
Object.assign(mockContext, context)
}
// Now import the modules after mocking
const { mockFulcio, mockRekor, mockTSA } = await import('@sigstore/mock')
const fs = (await import('fs/promises')).default
const nock = (await import('nock')).default
const os = (await import('os')).default
const path = (await import('path')).default
const { MockAgent, setGlobalDispatcher } = await import('undici')
const { SEARCH_PUBLIC_GOOD_URL } = await import('../src/endpoints.js')
const { run } = (await import('../src/main.js')) as {
run: (inputs: RunInputs) => Promise<void>
}
// MockAgent for mocking @actions/github
const mockAgent = new MockAgent()
setGlobalDispatcher(mockAgent)
const defaultInputs: main.RunInputs = {
const defaultInputs: RunInputs = {
predicate: '',
predicateType: '',
predicatePath: '',
@@ -45,16 +117,15 @@ const defaultInputs: main.RunInputs = {
subjectPath: '',
subjectChecksums: '',
pushToRegistry: false,
createStorageRecord: true,
showSummary: true,
githubToken: '',
privateSigning: false
}
describe('action', () => {
// Capture original environment variables and GitHub context so we can restore
// them after each test
// Capture original environment variables so we can restore them after each test
const originalEnv = process.env
const originalContext = { ...github.context }
// Mock OIDC token endpoint
const tokenURL = 'https://token.url'
@@ -66,30 +137,66 @@ describe('action', () => {
'base64'
)}.}`
const subjectName = 'registry/foo/bar'
const subjectName = 'ghcr.io/registry/foo/bar'
const subjectDigest =
'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
const predicate = '{}'
const predicateType = 'https://in-toto.io/attestation/release/v0.1'
const attestationID = '1234567890'
const storageRecordID = 987654321
beforeEach(() => {
jest.clearAllMocks()
// Set up default GitHub context with empty payload
setGHContext({
payload: {},
repo: { owner: 'test-owner', repo: 'test-repo' }
})
// Set up default return value for attestMock (without tlogID for private/GitHub sigstore)
attestMock.mockResolvedValue({
attestationID,
bundle: {
mediaType: 'application/vnd.dev.sigstore.bundle.v0.3+json',
verificationMaterial: {
certificate: {
rawBytes: Buffer.from(
'-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----'
).toString('base64')
},
tlogEntries: []
},
content: {}
},
certificate:
'-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----'
})
// Set up default return value for createStorageRecordMock (returns array of record IDs)
createStorageRecordMock.mockResolvedValue([storageRecordID])
nock(tokenURL)
.get('/')
.query({ audience: 'sigstore' })
.reply(200, { value: oidcToken })
mockAgent
.get('https://api.github.com')
const pool = mockAgent.get('https://api.github.com')
pool
.intercept({
path: /^\/repos\/.*\/.*\/attestations$/,
method: 'post'
})
.reply(201, { id: attestationID })
pool
.intercept({
path: /^\/orgs\/.*\/artifacts\/metadata\/storage-record$/,
method: 'post'
})
.reply(200, { storage_records: [{ id: storageRecordID }] })
process.env = {
...originalEnv,
ACTIONS_ID_TOKEN_REQUEST_URL: tokenURL,
@@ -102,12 +209,12 @@ describe('action', () => {
// Restore the original environment
process.env = originalEnv
// Restore the original github.context
setGHContext(originalContext)
// Clear the github context
setGHContext({ payload: {}, repo: { owner: '', repo: '' } })
})
describe('when ACTIONS_ID_TOKEN_REQUEST_URL is not set', () => {
const inputs: main.RunInputs = {
const inputs: RunInputs = {
...defaultInputs,
subjectDigest,
subjectName,
@@ -122,9 +229,8 @@ describe('action', () => {
})
it('sets a failed status', async () => {
await main.run(inputs)
await run(inputs)
expect(runMock).toHaveReturned()
expect(setFailedMock).toHaveBeenCalledWith(
new Error(
'missing "id-token" permission. Please add "permissions: id-token: write" to your workflow.'
@@ -135,9 +241,8 @@ describe('action', () => {
describe('when no inputs are provided', () => {
it('sets a failed status', async () => {
await main.run(defaultInputs)
await run(defaultInputs)
expect(runMock).toHaveReturned()
expect(setFailedMock).toHaveBeenCalledWith(
new Error(
'One of subject-path, subject-digest, or subject-checksums must be provided'
@@ -147,7 +252,7 @@ describe('action', () => {
})
describe('when the repository is private', () => {
const inputs: main.RunInputs = {
const inputs: RunInputs = {
...defaultInputs,
subjectDigest,
subjectName,
@@ -171,10 +276,9 @@ describe('action', () => {
})
it('invokes the action w/o error', async () => {
await main.run(inputs)
await run(inputs)
expect(runMock).toHaveReturned()
expect(setFailedMock).not.toHaveBeenCalledWith()
expect(setFailedMock).not.toHaveBeenCalled()
expect(infoMock).toHaveBeenNthCalledWith(
1,
expect.stringMatching(
@@ -217,10 +321,7 @@ describe('action', () => {
})
describe('when the repository is public', () => {
const getRegCredsSpy = jest.spyOn(oci, 'getRegistryCredentials')
const attachArtifactSpy = jest.spyOn(oci, 'attachArtifactToImage')
const inputs: main.RunInputs = {
const inputs: RunInputs = {
...defaultInputs,
subjectDigest,
subjectName,
@@ -243,26 +344,51 @@ describe('action', () => {
})
await mockRekor({ baseURL: 'https://rekor.sigstore.dev' })
getRegCredsSpy.mockImplementation(() => ({
getRegistryCredentialsMock.mockImplementation(() => ({
username: 'username',
password: 'password'
}))
attachArtifactSpy.mockImplementation(async () =>
Promise.resolve({
digest: 'sha256:123456',
mediaType: 'application/vnd.cncf.notary.v2',
size: 123456
})
)
attachArtifactToImageMock.mockResolvedValue({
digest: 'sha256:123456',
mediaType: 'application/vnd.cncf.notary.v2',
size: 123456
})
// Set up attestMock with tlogID for public good sigstore
attestMock.mockResolvedValue({
attestationID,
bundle: {
mediaType: 'application/vnd.dev.sigstore.bundle.v0.3+json',
verificationMaterial: {
certificate: {
rawBytes: Buffer.from(
'-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----'
).toString('base64')
},
tlogEntries: [{ logIndex: '123' }]
},
content: {}
},
certificate:
'-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----',
tlogID: '123'
})
// Mock the repos.get API call for repoOwnerIsOrg check
mockReposGet.mockResolvedValue({
data: { owner: { type: 'Organization' } }
})
})
it('invokes the action w/o error', async () => {
await main.run(inputs)
await run(inputs)
expect(runMock).toHaveReturned()
expect(setFailedMock).not.toHaveBeenCalled()
expect(getRegCredsSpy).toHaveBeenCalledWith(subjectName)
expect(attachArtifactSpy).toHaveBeenCalled()
expect(getRegistryCredentialsMock).toHaveBeenCalledWith(subjectName)
expect(attachArtifactToImageMock).toHaveBeenCalled()
expect(attestMock).toHaveBeenCalled()
expect(createStorageRecordMock).toHaveBeenCalled()
expect(warningMock).not.toHaveBeenCalled()
expect(infoMock).toHaveBeenNthCalledWith(
1,
expect.stringMatching(
@@ -293,6 +419,14 @@ describe('action', () => {
6,
expect.stringMatching(attestationID)
)
expect(infoMock).toHaveBeenNthCalledWith(
9,
expect.stringMatching('Storage record created')
)
expect(infoMock).toHaveBeenNthCalledWith(
10,
expect.stringMatching('Storage record IDs: 987654321')
)
expect(setOutputMock).toHaveBeenNthCalledWith(
1,
'bundle-path',
@@ -308,6 +442,62 @@ describe('action', () => {
'attestation-url',
expect.stringContaining(`foo/bar/attestations/${attestationID}`)
)
expect(setOutputMock).toHaveBeenNthCalledWith(
4,
'storage-record-ids',
expect.stringMatching(storageRecordID.toString())
)
expect(setFailedMock).not.toHaveBeenCalled()
})
it('catches error when storage record creation fails and continues', async () => {
// Mock the createStorageRecord function and throw an error
createStorageRecordMock.mockRejectedValueOnce(
new Error('Failed to persist storage record: Not Found')
)
await run(inputs)
expect(attestMock).toHaveBeenCalled()
expect(createStorageRecordMock).toHaveBeenCalled()
expect(setFailedMock).not.toHaveBeenCalled()
expect(warningMock).toHaveBeenNthCalledWith(
1,
expect.stringMatching('Failed to create storage record')
)
})
it('does not create a storage record when the repo is owned by a user', async () => {
// Mock the repos.get API to return a user-owned repo
mockReposGet.mockResolvedValueOnce({ data: { owner: { type: 'User' } } })
await run(inputs)
expect(setFailedMock).not.toHaveBeenCalled()
expect(getRegistryCredentialsMock).toHaveBeenCalledWith(subjectName)
expect(attachArtifactToImageMock).toHaveBeenCalled()
expect(attestMock).toHaveBeenCalled()
expect(createStorageRecordMock).not.toHaveBeenCalled()
expect(warningMock).not.toHaveBeenCalled()
expect(infoMock).toHaveBeenCalledWith(
expect.stringMatching(
`Attestation created for ${subjectName}@${subjectDigest}`
)
)
expect(infoMock).not.toHaveBeenCalledWith(
expect.stringMatching('Storage record created')
)
expect(infoMock).not.toHaveBeenCalledWith(
expect.stringMatching('Storage record IDs: 987654321')
)
expect(setOutputMock).toHaveBeenCalledWith(
'attestation-id',
expect.stringMatching(attestationID)
)
expect(setOutputMock).not.toHaveBeenCalledWith(
'storage-record-ids',
expect.stringMatching(storageRecordID.toString())
)
expect(setFailedMock).not.toHaveBeenCalled()
})
})
@@ -351,16 +541,15 @@ describe('action', () => {
})
it('invokes the action w/o error', async () => {
const inputs: main.RunInputs = {
const inputs: RunInputs = {
...defaultInputs,
subjectPath: path.join(dir, `${filename}-*`),
predicateType,
predicate,
githubToken: 'gh-token'
}
await main.run(inputs)
await run(inputs)
expect(runMock).toHaveReturned()
expect(setFailedMock).not.toHaveBeenCalled()
expect(infoMock).toHaveBeenNthCalledWith(
1,
@@ -399,16 +588,15 @@ describe('action', () => {
})
it('sets a failed status', async () => {
const inputs: main.RunInputs = {
const inputs: RunInputs = {
...defaultInputs,
subjectPath: path.join(dir, `${filename}-*`),
predicateType,
predicate,
githubToken: 'gh-token'
}
await main.run(inputs)
await run(inputs)
expect(runMock).toHaveReturned()
expect(setFailedMock).toHaveBeenCalledWith(
new Error(
'Too many subjects specified. The maximum number of subjects is 1024.'
@@ -417,9 +605,3 @@ describe('action', () => {
})
})
})
// Stubbing the GitHub context is a bit tricky. We need to use
// `Object.defineProperty` because `github.context` is read-only.
function setGHContext(context: object): void {
Object.defineProperty(github, 'context', { value: context })
}
+1 -1
View File
@@ -1,7 +1,7 @@
import fs from 'fs/promises'
import os from 'os'
import path from 'path'
import { predicateFromInputs, PredicateInputs } from '../src/predicate'
import { predicateFromInputs, PredicateInputs } from '../src/predicate.js'
describe('subjectFromInputs', () => {
const blankInputs: PredicateInputs = {
+1 -1
View File
@@ -1,4 +1,4 @@
import { highlight, mute } from '../src/style'
import { highlight, mute } from '../src/style.js'
describe('style', () => {
describe('highlight', () => {
+10 -5
View File
@@ -6,7 +6,7 @@ import {
formatSubjectDigest,
subjectFromInputs,
SubjectInputs
} from '../src/subject'
} from '../src/subject.js'
describe('subjectFromInputs', () => {
const blankInputs: SubjectInputs = {
@@ -264,10 +264,15 @@ describe('subjectFromInputs', () => {
expect(subjects).toBeDefined()
expect(subjects).toHaveLength(3)
subjects.forEach((subject, i) => {
expect(subject.name).toEqual(`${filename}-${i}`)
expect(subject.digest).toEqual({ sha256: expectedDigest })
})
subjects.forEach(
(
subject: { name: string; digest: Record<string, string> },
i: number
) => {
expect(subject.name).toEqual(`${filename}-${i}`)
expect(subject.digest).toEqual({ sha256: expectedDigest })
}
)
})
})
+8
View File
@@ -53,6 +53,12 @@ inputs:
the "subject-digest" parameter be specified. Defaults to false.
default: false
required: false
create-storage-record:
description: >
Whether to create a storage record for the artifact.
Requires that push-to-registry is set to true. Defaults to true.
default: true
required: false
show-summary:
description: >
Whether to attach a list of generated attestations to the workflow run
@@ -71,6 +77,8 @@ outputs:
description: 'The ID of the attestation.'
attestation-url:
description: 'The URL for the attestation summary.'
storage-record-ids:
description: 'The IDs of the storage records created for the artifact.'
runs:
using: node24
Generated Vendored
+26 -14
View File
@@ -1,7 +1,6 @@
"use strict";
exports.id = 606;
exports.ids = [606];
exports.modules = {
export const id = 606;
export const ids = [606];
export const modules = {
/***/ 606:
/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
@@ -19,7 +18,7 @@ async function pMap(
signal,
} = {},
) {
return new Promise((resolve, reject_) => {
return new Promise((resolve_, reject_) => {
if (iterable[Symbol.iterator] === undefined && iterable[Symbol.asyncIterator] === undefined) {
throw new TypeError(`Expected \`input\` to be either an \`Iterable\` or \`AsyncIterable\`, got (${typeof iterable})`);
}
@@ -42,10 +41,24 @@ async function pMap(
let currentIndex = 0;
const iterator = iterable[Symbol.iterator] === undefined ? iterable[Symbol.asyncIterator]() : iterable[Symbol.iterator]();
const signalListener = () => {
reject(signal.reason);
};
const cleanup = () => {
signal?.removeEventListener('abort', signalListener);
};
const resolve = value => {
resolve_(value);
cleanup();
};
const reject = reason => {
isRejected = true;
isResolved = true;
reject_(reason);
cleanup();
};
if (signal) {
@@ -53,9 +66,7 @@ async function pMap(
reject(signal.reason);
}
signal.addEventListener('abort', () => {
reject(signal.reason);
});
signal.addEventListener('abort', signalListener, {once: true});
}
const next = async () => {
@@ -203,31 +214,32 @@ function pMapIterable(
const iterator = iterable[Symbol.asyncIterator] === undefined ? iterable[Symbol.iterator]() : iterable[Symbol.asyncIterator]();
const promises = [];
let runningMappersCount = 0;
let pendingPromisesCount = 0;
let isDone = false;
let index = 0;
function trySpawn() {
if (isDone || !(runningMappersCount < concurrency && promises.length < backpressure)) {
if (isDone || !(pendingPromisesCount < concurrency && promises.length < backpressure)) {
return;
}
pendingPromisesCount++;
const promise = (async () => {
const {done, value} = await iterator.next();
if (done) {
pendingPromisesCount--;
return {done: true};
}
runningMappersCount++;
// Spawn if still below concurrency and backpressure limit
trySpawn();
try {
const returnValue = await mapper(await value, index++);
runningMappersCount--;
pendingPromisesCount--;
if (returnValue === pMapSkip) {
const index = promises.indexOf(promise);
@@ -242,6 +254,7 @@ function pMapIterable(
return {done: false, value: returnValue};
} catch (error) {
pendingPromisesCount--;
isDone = true;
return {error};
}
@@ -284,4 +297,3 @@ const pMapSkip = Symbol('skip');
/***/ })
};
;
Generated Vendored
+66601 -33751
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+3
View File
@@ -0,0 +1,3 @@
{
"type": "module"
}
+7
View File
@@ -89,6 +89,13 @@ export default tseslint.config(
allowObject: true
}
]
},
settings: {
'import/resolver': {
typescript: {
project: './tsconfig.lint.json'
}
}
}
}
)
+37
View File
@@ -0,0 +1,37 @@
export default {
preset: "ts-jest",
verbose: true,
clearMocks: true,
testEnvironment: 'node',
moduleFileExtensions: ['js', 'ts'],
testMatch: ['**/*.test.ts'],
testPathIgnorePatterns: [
"/node_modules/",
"/dist/"
],
transform: {
'^.+\\.ts$': [
'ts-jest',
{
useESM: true,
diagnostics: {
ignoreCodes: [151002]
}
}
]
},
coverageReporters: [
"json-summary",
"text",
"lcov"
],
collectCoverage: true,
collectCoverageFrom: [
"./src/**"
],
extensionsToTreatAsEsm: ['.ts'],
transformIgnorePatterns: ['node_modules/(?!(@actions)/)'],
moduleNameMapper: {
'^(\\.{1,2}/.*)\\.js$': '$1'
},
}
-1
View File
@@ -1 +0,0 @@
process.stdout.write = jest.fn()
+2388 -8282
View File
File diff suppressed because it is too large Load Diff
+22 -51
View File
@@ -1,7 +1,8 @@
{
"name": "actions/attest",
"description": "Generate signed attestations for workflow artifacts",
"version": "3.0.0",
"version": "3.2.0",
"type": "module",
"author": "",
"private": true,
"homepage": "https://github.com/actions/attest",
@@ -24,7 +25,7 @@
},
"scripts": {
"bundle": "npm run format:write && npm run package",
"ci-test": "jest",
"ci-test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
"format:write": "prettier --write **/*.ts",
"format:check": "prettier --check **/*.ts",
"lint:eslint": "npx eslint",
@@ -32,68 +33,38 @@
"lint": "npm run lint:eslint && npm run lint:markdown",
"package": "ncc build src/index.ts --license licenses.txt",
"package:watch": "npm run package -- --watch",
"test": "jest",
"test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
"all": "npm run format:write && npm run lint && npm run test && npm run package"
},
"license": "MIT",
"jest": {
"preset": "ts-jest",
"setupFilesAfterEnv": [
"./jest.setup.js"
],
"verbose": true,
"clearMocks": true,
"testEnvironment": "node",
"moduleFileExtensions": [
"js",
"ts"
],
"testMatch": [
"**/*.test.ts"
],
"testPathIgnorePatterns": [
"/node_modules/",
"/dist/"
],
"transform": {
"^.+\\.ts$": "ts-jest"
},
"coverageReporters": [
"json-summary",
"text",
"lcov"
],
"collectCoverage": true,
"collectCoverageFrom": [
"./src/**"
]
},
"dependencies": {
"@actions/attest": "^1.6.0",
"@actions/core": "^1.11.1",
"@actions/github": "^6.0.1",
"@actions/attest": "^2.2.1",
"@actions/core": "^2.0.2",
"@actions/github": "^7.0.0",
"@actions/glob": "^0.5.0",
"@sigstore/oci": "^0.6.0",
"csv-parse": "^5.6.0"
},
"devDependencies": {
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.39.2",
"@jest/globals": "^30.2.0",
"@sigstore/mock": "^0.11.0",
"@types/jest": "^30.0.0",
"@types/make-fetch-happen": "^10.0.4",
"@types/node": "^24.3.0",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.34.0",
"@types/node": "^25.2.0",
"@vercel/ncc": "^0.38.4",
"eslint": "^9.39.2",
"eslint-import-resolver-typescript": "^4.4.4",
"eslint-plugin-import": "^2.32.0",
"eslint-plugin-jest": "^29.0.1",
"jest": "^30.0.5",
"js-yaml": "^4.1.0",
"markdownlint-cli": "^0.45.0",
"eslint-plugin-jest": "^29.12.1",
"jest": "^30.2.0",
"js-yaml": "^4.1.1",
"markdownlint-cli": "^0.47.0",
"nock": "^13.5.6",
"prettier": "^3.6.2",
"ts-jest": "^29.4.1",
"typescript": "^5.9.2",
"typescript-eslint": "^8.41.0",
"undici": "^5.29.0"
"prettier": "^3.8.1",
"ts-jest": "^29.4.6",
"typescript": "^5.9.3",
"typescript-eslint": "^8.54.0",
"undici": "^7.20.0"
}
}
+85 -3
View File
@@ -1,6 +1,14 @@
import { Attestation, Predicate, Subject, attest } from '@actions/attest'
import {
Attestation,
Predicate,
Subject,
attest,
createStorageRecord
} from '@actions/attest'
import { attachArtifactToImage, getRegistryCredentials } from '@sigstore/oci'
import { formatSubjectDigest } from './subject'
import { formatSubjectDigest } from './subject.js'
import * as core from '@actions/core'
import * as github from '@actions/github'
const OCI_TIMEOUT = 30000
const OCI_RETRY = 3
@@ -8,6 +16,7 @@ const OCI_RETRY = 3
export type SigstoreInstance = 'public-good' | 'github'
export type AttestResult = Attestation & {
attestationDigest?: string
storageRecordIds?: number[]
}
export const createAttestation = async (
@@ -16,6 +25,7 @@ export const createAttestation = async (
opts: {
sigstoreInstance: SigstoreInstance
pushToRegistry: boolean
createStorageRecord: boolean
githubToken: string
}
): Promise<AttestResult> => {
@@ -33,10 +43,11 @@ export const createAttestation = async (
if (subjects.length === 1 && opts.pushToRegistry) {
const subject = subjects[0]
const credentials = getRegistryCredentials(subject.name)
const subjectDigest = formatSubjectDigest(subject)
const artifact = await attachArtifactToImage({
credentials,
imageName: subject.name,
imageDigest: formatSubjectDigest(subject),
imageDigest: subjectDigest,
artifact: Buffer.from(JSON.stringify(attestation.bundle)),
mediaType: attestation.bundle.mediaType,
annotations: {
@@ -48,7 +59,78 @@ export const createAttestation = async (
// Add the attestation's digest to the result
result.attestationDigest = artifact.digest
// Because creating a storage record requires the 'artifact-metadata:write'
// permission, we wrap this in a try/catch to avoid failing the entire
// attestation process if the token does not have the correct permissions.
if (opts.createStorageRecord) {
try {
const token = opts.githubToken
const isOrg = await repoOwnerIsOrg(token)
if (!isOrg) {
// The Artifact Metadata Storage Record API is only available to
// organizations. So if the repo owner is not an organization,
// storage record creation should not be attempted.
return result
}
const registryUrl = getRegistryURL(subject.name)
const artifactOpts = {
name: subject.name,
digest: subjectDigest
}
const packageRegistryOpts = {
registryUrl
}
const records = await createStorageRecord(
artifactOpts,
packageRegistryOpts,
token
)
if (!records || records.length === 0) {
core.warning('No storage records were created.')
}
result.storageRecordIds = records
} catch (error) {
core.warning(`Failed to create storage record: ${error}`)
core.warning(
'Please check that the "artifact-metadata:write" permission has been included'
)
}
}
}
return result
}
// Call the GET /repos/{owner}/{repo} endpoint to determine if the repo
// owner is an organization. This is used to determine if storage
// record creation should be attempted.
export const repoOwnerIsOrg = async (githubToken: string): Promise<boolean> => {
const octokit = github.getOctokit(githubToken)
const { data: repo } = await octokit.rest.repos.get({
owner: github.context.repo.owner,
repo: github.context.repo.repo
})
return repo.owner?.type === 'Organization'
}
function getRegistryURL(subjectName: string): string {
let url: URL
try {
url = new URL(subjectName)
} catch {
url = new URL(`https://${subjectName}`)
}
if (url.protocol !== 'https:') {
throw new Error(
`Unsupported protocol ${url.protocol} in subject name ${subjectName}`
)
}
return url.origin
}
+2 -1
View File
@@ -2,7 +2,7 @@
* The entrypoint for the action.
*/
import * as core from '@actions/core'
import { run, RunInputs } from './main'
import { run, RunInputs } from './main.js'
const inputs: RunInputs = {
subjectPath: core.getInput('subject-path'),
@@ -13,6 +13,7 @@ const inputs: RunInputs = {
predicate: core.getInput('predicate'),
predicatePath: core.getInput('predicate-path'),
pushToRegistry: core.getBooleanInput('push-to-registry'),
createStorageRecord: core.getBooleanInput('create-storage-record'),
showSummary: core.getBooleanInput('show-summary'),
githubToken: core.getInput('github-token'),
// undocumented -- not part of public interface
+15 -5
View File
@@ -3,15 +3,15 @@ import * as github from '@actions/github'
import fs from 'fs'
import os from 'os'
import path from 'path'
import { AttestResult, SigstoreInstance, createAttestation } from './attest'
import { SEARCH_PUBLIC_GOOD_URL } from './endpoints'
import { PredicateInputs, predicateFromInputs } from './predicate'
import * as style from './style'
import { AttestResult, SigstoreInstance, createAttestation } from './attest.js'
import { SEARCH_PUBLIC_GOOD_URL } from './endpoints.js'
import { PredicateInputs, predicateFromInputs } from './predicate.js'
import * as style from './style.js'
import {
SubjectInputs,
formatSubjectDigest,
subjectFromInputs
} from './subject'
} from './subject.js'
import type { Subject } from '@actions/attest'
@@ -21,6 +21,7 @@ const ATTESTATION_PATHS_FILE_NAME = 'created_attestation_paths.txt'
export type RunInputs = SubjectInputs &
PredicateInputs & {
pushToRegistry: boolean
createStorageRecord: boolean
githubToken: string
showSummary: boolean
privateSigning: boolean
@@ -69,6 +70,7 @@ export async function run(inputs: RunInputs): Promise<void> {
const att = await createAttestation(subjects, predicate, {
sigstoreInstance,
pushToRegistry: inputs.pushToRegistry,
createStorageRecord: inputs.createStorageRecord,
githubToken: inputs.githubToken
})
@@ -100,6 +102,9 @@ export async function run(inputs: RunInputs): Promise<void> {
core.setOutput('attestation-id', att.attestationID)
core.setOutput('attestation-url', attestationURL(att.attestationID))
}
if (att.storageRecordIds) {
core.setOutput('storage-record-ids', att.storageRecordIds.join(','))
}
/* istanbul ignore else */
if (inputs.showSummary) {
@@ -169,6 +174,11 @@ const logAttestation = (
core.info(style.highlight('Attestation uploaded to registry'))
core.info(`${subjects[0].name}@${attestation.attestationDigest}`)
}
if (attestation.storageRecordIds && attestation.storageRecordIds.length > 0) {
core.info(style.highlight('Storage record created'))
core.info(`Storage record IDs: ${attestation.storageRecordIds.join(',')}`)
}
}
// Attach summary information to the GitHub Actions run
+1 -1
View File
@@ -16,5 +16,5 @@
"skipLibCheck": true,
"newLine": "lf"
},
"exclude": ["./dist", "./node_modules", "./__tests__", "./coverage"]
"exclude": ["./dist", "./node_modules", "./__tests__", "./coverage", "./jest.config.ts"]
}
+3 -2
View File
@@ -2,8 +2,9 @@
"$schema": "https://json.schemastore.org/tsconfig",
"extends": "./tsconfig.json",
"compilerOptions": {
"noEmit": true
"noEmit": true,
"rootDir": "."
},
"include": ["./__tests__/**/*", "./src/**/*"],
"include": ["./__tests__/**/*", "./src/**/*", "./jest.config.ts"],
"exclude": ["./dist", "./node_modules", "./coverage", "*.json"]
}