30 Commits

Author SHA1 Message Date
Joel Ambass 2acc8d8fc9 Do not assume action.yml exists 2024-09-16 16:23:56 +02:00
Joel Ambass 87530877ea We only need to exclude the .git folder 2024-09-03 15:37:40 +02:00
Conor Sloan 1255bb0a54 error if local changes made to the checked out action content 2024-08-28 13:22:37 +01:00
Conor Sloan 86a49c7f6a secure actions execution context 2024-08-28 12:10:13 +01:00
Conor Sloan 36e729c5aa grab attestation media type and predicate type from attestation bundle 2024-08-27 20:52:44 +01:00
Conor Sloan 1b9faf628d add retries and fix up tests 2024-08-23 13:17:07 +01:00
Conor Sloan 72b670f356 add tests for index upload 2024-08-23 11:06:03 +01:00
Conor Sloan e308348d01 fix up ghcr client tests and remove config from action package layers 2024-08-23 10:56:04 +01:00
Conor Sloan e53d6ca2a2 reinstate main tests 2024-08-23 10:00:06 +01:00
Conor Sloan 028b950050 experimental: manually generate and upload all manifests 2024-08-22 20:00:30 +01:00
Conor Sloan bafa38ff94 refactor ghcr client for reusable upload functions 2024-08-22 18:40:02 +01:00
Conor Sloan e44432d3e5 add new OCI manifests for attestations 2024-08-22 18:13:15 +01:00
Conor Sloan 1f725c56d6 upload attestation to GHCR instead of attestations API 2024-08-22 14:10:50 +01:00
Conor Sloan bebbbc6eee parse GHCR error format for errors 2024-08-08 14:07:54 +01:00
Conor Sloan 2bbf08d922 print response body when an http request to ghcr returns unexpected status 2024-08-08 11:45:25 +01:00
Conor Sloan c1f237b012 Generate provenance attestation before performing upload to ghcr
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Conor Sloan 18cf56a126 move checking of git checkout out of parse logic 2024-04-15 15:43:26 +01:00
Conor Sloan 17c0582657 check github_ref tag and sha are checked out on parse 2024-04-15 13:45:54 +01:00
Conor Sloan 507635d01b only write attestation for non-private repos 2024-04-15 12:26:26 +01:00
Conor Sloan 6dc0f68595 get visibility when grabbing repo information 2024-04-15 12:03:02 +01:00
ddivad195 113eb50eb5 re-integrate toolkit code to main action 2024-03-25 17:44:45 +00:00
Conor Sloan 54d9a343c3 Move from composite to regular node action.
This involves generating the attestation in the code using the new attest library in the actions toolkit.
2024-03-01 16:45:32 +00:00
ddivad195 1167b03ce8 refactor debug logging 2024-02-06 18:27:55 +00:00
Edwin Sirko c4d8d934a0 npm bundled 2024-02-06 18:27:01 +00:00
Conor Sloan 1105b75f95 update coverage 2024-02-06 16:39:53 +00:00
Edwin Sirko b80af95dd0 use runner's RUNNER_TEMP for temp directory (#75)
* use runner tempdir

* fix tests etc

* feedback

* ran npm install before generating dist
2024-02-02 13:05:08 -05:00
ddivad195 6233cad2a5 fix failing lint and test errors 2024-02-02 13:04:36 -05:00
boxofyellow db688d0eea make sure to populate outputs of the composite action, Disable attestations 2024-02-02 13:00:34 -05:00
boxofyellow 5e2391735e tests 2024-02-02 12:58:40 -05:00
Conor Sloan d057826061 initial mvp version 2024-02-02 12:52:31 -05:00