41 Commits

Author SHA1 Message Date
Joel Ambass 2acc8d8fc9 Do not assume action.yml exists 2024-09-16 16:23:56 +02:00
Joel Ambass 87530877ea We only need to exclude the .git folder 2024-09-03 15:37:40 +02:00
Conor Sloan 1255bb0a54 error if local changes made to the checked out action content 2024-08-28 13:22:37 +01:00
Conor Sloan 86a49c7f6a secure actions execution context 2024-08-28 12:10:13 +01:00
Conor Sloan 36e729c5aa grab attestation media type and predicate type from attestation bundle 2024-08-27 20:52:44 +01:00
Conor Sloan 432126c06c change value of package type for referrer index 2024-08-23 13:42:27 +01:00
Conor Sloan 1b9faf628d add retries and fix up tests 2024-08-23 13:17:07 +01:00
Conor Sloan 72b670f356 add tests for index upload 2024-08-23 11:06:03 +01:00
Conor Sloan e308348d01 fix up ghcr client tests and remove config from action package layers 2024-08-23 10:56:04 +01:00
Conor Sloan e53d6ca2a2 reinstate main tests 2024-08-23 10:00:06 +01:00
Conor Sloan 028b950050 experimental: manually generate and upload all manifests 2024-08-22 20:00:30 +01:00
Conor Sloan e44432d3e5 add new OCI manifests for attestations 2024-08-22 18:13:15 +01:00
Conor Sloan c11354f432 upload attestation and referrer index before artifact
This avoids race conditions when the artifact is read but its attestation doesn't exist
2024-08-22 16:10:12 +01:00
Conor Sloan 1f725c56d6 upload attestation to GHCR instead of attestations API 2024-08-22 14:10:50 +01:00
Conor Sloan 90d59724e7 always set skipWrite to false when generating attestations 2024-08-12 09:51:04 +01:00
Conor Sloan ffcb1087c4 send auth token to get container registry url endpoint 2024-08-09 14:49:07 +01:00
Conor Sloan bebbbc6eee parse GHCR error format for errors 2024-08-08 14:07:54 +01:00
Conor Sloan 2bbf08d922 print response body when an http request to ghcr returns unexpected status 2024-08-08 11:45:25 +01:00
Conor Sloan c1f237b012 Generate provenance attestation before performing upload to ghcr
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Conor Sloan 18cf56a126 move checking of git checkout out of parse logic 2024-04-15 15:43:26 +01:00
Conor Sloan 881fd1c540 fix fs helper git test 2024-04-15 14:03:10 +01:00
Conor Sloan 17c0582657 check github_ref tag and sha are checked out on parse 2024-04-15 13:45:54 +01:00
Conor Sloan 507635d01b only write attestation for non-private repos 2024-04-15 12:26:26 +01:00
Conor Sloan 6dc0f68595 get visibility when grabbing repo information 2024-04-15 12:03:02 +01:00
ddivad195 113eb50eb5 re-integrate toolkit code to main action 2024-03-25 17:44:45 +00:00
ddivad195 05bd356814 fix test 2024-03-05 16:51:22 +00:00
Conor Sloan 54d9a343c3 Move from composite to regular node action.
This involves generating the attestation in the code using the new attest library in the actions toolkit.
2024-03-01 16:45:32 +00:00
ddivad195 4fb632b14a fix lint 2024-02-06 18:27:04 +00:00
ddivad195 6d082c4eab cleanup tests 2024-02-06 18:27:04 +00:00
ddivad195 e5b7da2730 update tests to remove axios mocks and mock fetch instead 2024-02-06 18:25:25 +00:00
Conor Sloan 3f76c4d47c use GITHUB_WORKSPACE as target dir to package up 2024-02-06 16:34:26 +00:00
Edwin Sirko b80af95dd0 use runner's RUNNER_TEMP for temp directory (#75)
* use runner tempdir

* fix tests etc

* feedback

* ran npm install before generating dist
2024-02-02 13:05:08 -05:00
ddivad195 6233cad2a5 fix failing lint and test errors 2024-02-02 13:04:36 -05:00
David Daly 621cb8210d only run if environment is not ghes 2024-02-02 13:04:35 -05:00
Conor Sloan 1f47b19ed3 Tying up loose ends (#54)
* various qol updates to publish action

* review comments and run bundle
2024-02-02 13:02:14 -05:00
Edwin Sirko 7472b3f822 refactored path calculation 2024-02-02 13:02:14 -05:00
boxofyellow db688d0eea make sure to populate outputs of the composite action, Disable attestations 2024-02-02 13:00:34 -05:00
Edwin Sirko 5f9b214e33 properly getting CR URL 2024-02-02 12:59:49 -05:00
boxofyellow 5e2391735e tests 2024-02-02 12:58:40 -05:00
Conor Sloan 4ac7dfc3cb update deps, linting, test cases, etc. 2024-02-02 12:55:29 -05:00
Conor Sloan d057826061 initial mvp version 2024-02-02 12:52:31 -05:00