Joel Ambass
2acc8d8fc9
Do not assume action.yml exists
2024-09-16 16:23:56 +02:00
Joel Ambass
87530877ea
We only need to exclude the .git folder
2024-09-03 15:37:40 +02:00
Conor Sloan
1255bb0a54
error if local changes made to the checked out action content
2024-08-28 13:22:37 +01:00
Conor Sloan
86a49c7f6a
secure actions execution context
2024-08-28 12:10:13 +01:00
Conor Sloan
36e729c5aa
grab attestation media type and predicate type from attestation bundle
2024-08-27 20:52:44 +01:00
Conor Sloan
1b9faf628d
add retries and fix up tests
2024-08-23 13:17:07 +01:00
Conor Sloan
72b670f356
add tests for index upload
2024-08-23 11:06:03 +01:00
Conor Sloan
e308348d01
fix up ghcr client tests and remove config from action package layers
2024-08-23 10:56:04 +01:00
Conor Sloan
e53d6ca2a2
reinstate main tests
2024-08-23 10:00:06 +01:00
Conor Sloan
028b950050
experimental: manually generate and upload all manifests
2024-08-22 20:00:30 +01:00
Conor Sloan
bafa38ff94
refactor ghcr client for reusable upload functions
2024-08-22 18:40:02 +01:00
Conor Sloan
e44432d3e5
add new OCI manifests for attestations
2024-08-22 18:13:15 +01:00
Conor Sloan
1f725c56d6
upload attestation to GHCR instead of attestations API
2024-08-22 14:10:50 +01:00
Conor Sloan
bebbbc6eee
parse GHCR error format for errors
2024-08-08 14:07:54 +01:00
Conor Sloan
2bbf08d922
print response body when an http request to ghcr returns unexpected status
2024-08-08 11:45:25 +01:00
Conor Sloan
c1f237b012
Generate provenance attestation before performing upload to ghcr
...
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Conor Sloan
18cf56a126
move checking of git checkout out of parse logic
2024-04-15 15:43:26 +01:00
Conor Sloan
17c0582657
check github_ref tag and sha are checked out on parse
2024-04-15 13:45:54 +01:00
Conor Sloan
507635d01b
only write attestation for non-private repos
2024-04-15 12:26:26 +01:00
Conor Sloan
6dc0f68595
get visibility when grabbing repo information
2024-04-15 12:03:02 +01:00
ddivad195
113eb50eb5
re-integrate toolkit code to main action
2024-03-25 17:44:45 +00:00
Conor Sloan
54d9a343c3
Move from composite to regular node action.
...
This involves generating the attestation in the code using the new attest library in the actions toolkit.
2024-03-01 16:45:32 +00:00
ddivad195
1167b03ce8
refactor debug logging
2024-02-06 18:27:55 +00:00
Edwin Sirko
c4d8d934a0
npm bundled
2024-02-06 18:27:01 +00:00
Conor Sloan
1105b75f95
update coverage
2024-02-06 16:39:53 +00:00
Edwin Sirko
b80af95dd0
use runner's RUNNER_TEMP for temp directory ( #75 )
...
* use runner tempdir
* fix tests etc
* feedback
* ran npm install before generating dist
2024-02-02 13:05:08 -05:00
ddivad195
6233cad2a5
fix failing lint and test errors
2024-02-02 13:04:36 -05:00
boxofyellow
db688d0eea
make sure to populate outputs of the composite action, Disable attestations
2024-02-02 13:00:34 -05:00
boxofyellow
5e2391735e
tests
2024-02-02 12:58:40 -05:00
Conor Sloan
d057826061
initial mvp version
2024-02-02 12:52:31 -05:00