Joel Ambass
2acc8d8fc9
Do not assume action.yml exists
2024-09-16 16:23:56 +02:00
Joel Ambass
87530877ea
We only need to exclude the .git folder
2024-09-03 15:37:40 +02:00
Conor Sloan
1255bb0a54
error if local changes made to the checked out action content
2024-08-28 13:22:37 +01:00
Conor Sloan
86a49c7f6a
secure actions execution context
2024-08-28 12:10:13 +01:00
Conor Sloan
36e729c5aa
grab attestation media type and predicate type from attestation bundle
2024-08-27 20:52:44 +01:00
Conor Sloan
432126c06c
change value of package type for referrer index
2024-08-23 13:42:27 +01:00
Conor Sloan
1b9faf628d
add retries and fix up tests
2024-08-23 13:17:07 +01:00
Conor Sloan
72b670f356
add tests for index upload
2024-08-23 11:06:03 +01:00
Conor Sloan
e308348d01
fix up ghcr client tests and remove config from action package layers
2024-08-23 10:56:04 +01:00
Conor Sloan
e53d6ca2a2
reinstate main tests
2024-08-23 10:00:06 +01:00
Conor Sloan
028b950050
experimental: manually generate and upload all manifests
2024-08-22 20:00:30 +01:00
Conor Sloan
e44432d3e5
add new OCI manifests for attestations
2024-08-22 18:13:15 +01:00
Conor Sloan
c11354f432
upload attestation and referrer index before artifact
...
This avoids race conditions when the artifact is read but its attestation doesn't exist
2024-08-22 16:10:12 +01:00
Conor Sloan
1f725c56d6
upload attestation to GHCR instead of attestations API
2024-08-22 14:10:50 +01:00
Conor Sloan
90d59724e7
always set skipWrite to false when generating attestations
2024-08-12 09:51:04 +01:00
Conor Sloan
ffcb1087c4
send auth token to get container registry url endpoint
2024-08-09 14:49:07 +01:00
Conor Sloan
bebbbc6eee
parse GHCR error format for errors
2024-08-08 14:07:54 +01:00
Conor Sloan
2bbf08d922
print response body when an http request to ghcr returns unexpected status
2024-08-08 11:45:25 +01:00
Conor Sloan
c1f237b012
Generate provenance attestation before performing upload to ghcr
...
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Conor Sloan
18cf56a126
move checking of git checkout out of parse logic
2024-04-15 15:43:26 +01:00
Conor Sloan
881fd1c540
fix fs helper git test
2024-04-15 14:03:10 +01:00
Conor Sloan
17c0582657
check github_ref tag and sha are checked out on parse
2024-04-15 13:45:54 +01:00
Conor Sloan
507635d01b
only write attestation for non-private repos
2024-04-15 12:26:26 +01:00
Conor Sloan
6dc0f68595
get visibility when grabbing repo information
2024-04-15 12:03:02 +01:00
ddivad195
113eb50eb5
re-integrate toolkit code to main action
2024-03-25 17:44:45 +00:00
ddivad195
05bd356814
fix test
2024-03-05 16:51:22 +00:00
Conor Sloan
54d9a343c3
Move from composite to regular node action.
...
This involves generating the attestation in the code using the new attest library in the actions toolkit.
2024-03-01 16:45:32 +00:00
ddivad195
4fb632b14a
fix lint
2024-02-06 18:27:04 +00:00
ddivad195
6d082c4eab
cleanup tests
2024-02-06 18:27:04 +00:00
ddivad195
e5b7da2730
update tests to remove axios mocks and mock fetch instead
2024-02-06 18:25:25 +00:00
Conor Sloan
3f76c4d47c
use GITHUB_WORKSPACE as target dir to package up
2024-02-06 16:34:26 +00:00
Edwin Sirko
b80af95dd0
use runner's RUNNER_TEMP for temp directory ( #75 )
...
* use runner tempdir
* fix tests etc
* feedback
* ran npm install before generating dist
2024-02-02 13:05:08 -05:00
ddivad195
6233cad2a5
fix failing lint and test errors
2024-02-02 13:04:36 -05:00
David Daly
621cb8210d
only run if environment is not ghes
2024-02-02 13:04:35 -05:00
Conor Sloan
1f47b19ed3
Tying up loose ends ( #54 )
...
* various qol updates to publish action
* review comments and run bundle
2024-02-02 13:02:14 -05:00
Edwin Sirko
7472b3f822
refactored path calculation
2024-02-02 13:02:14 -05:00
boxofyellow
db688d0eea
make sure to populate outputs of the composite action, Disable attestations
2024-02-02 13:00:34 -05:00
Edwin Sirko
5f9b214e33
properly getting CR URL
2024-02-02 12:59:49 -05:00
boxofyellow
5e2391735e
tests
2024-02-02 12:58:40 -05:00
Conor Sloan
4ac7dfc3cb
update deps, linting, test cases, etc.
2024-02-02 12:55:29 -05:00
Conor Sloan
d057826061
initial mvp version
2024-02-02 12:52:31 -05:00