Joel Ambass
2acc8d8fc9
Do not assume action.yml exists
2024-09-16 16:23:56 +02:00
Joel Ambass
65d4d4211f
remove old build artifacts
2024-09-03 17:22:12 +02:00
Joel Ambass
1cbbcdd5ae
Fix Logging
2024-09-03 16:51:21 +02:00
Joel Ambass
87530877ea
We only need to exclude the .git folder
2024-09-03 15:37:40 +02:00
Conor Sloan
1255bb0a54
error if local changes made to the checked out action content
2024-08-28 13:22:37 +01:00
Conor Sloan
86a49c7f6a
secure actions execution context
2024-08-28 12:10:13 +01:00
Conor Sloan
36e729c5aa
grab attestation media type and predicate type from attestation bundle
2024-08-27 20:52:44 +01:00
Conor Sloan
432126c06c
change value of package type for referrer index
2024-08-23 13:42:27 +01:00
Conor Sloan
3555a7ef80
update dist
2024-08-23 13:33:13 +01:00
Conor Sloan
1b9faf628d
add retries and fix up tests
2024-08-23 13:17:07 +01:00
Conor Sloan
e308348d01
fix up ghcr client tests and remove config from action package layers
2024-08-23 10:56:04 +01:00
Conor Sloan
e53d6ca2a2
reinstate main tests
2024-08-23 10:00:06 +01:00
Conor Sloan
da1f4d6352
reverse the upload order
2024-08-22 20:30:50 +01:00
Conor Sloan
028b950050
experimental: manually generate and upload all manifests
2024-08-22 20:00:30 +01:00
Conor Sloan
bafa38ff94
refactor ghcr client for reusable upload functions
2024-08-22 18:40:02 +01:00
Conor Sloan
e44432d3e5
add new OCI manifests for attestations
2024-08-22 18:13:15 +01:00
Conor Sloan
c11354f432
upload attestation and referrer index before artifact
...
This avoids race conditions when the artifact is read but its attestation doesn't exist
2024-08-22 16:10:12 +01:00
Conor Sloan
1f725c56d6
upload attestation to GHCR instead of attestations API
2024-08-22 14:10:50 +01:00
Conor Sloan
8c9931350a
update attest dep and send IA header
2024-08-21 11:11:46 +01:00
Conor Sloan
cf53527ffc
update dep versions
2024-08-12 09:56:19 +01:00
Conor Sloan
90d59724e7
always set skipWrite to false when generating attestations
2024-08-12 09:51:04 +01:00
Conor Sloan
ffcb1087c4
send auth token to get container registry url endpoint
2024-08-09 14:49:07 +01:00
Conor Sloan
bebbbc6eee
parse GHCR error format for errors
2024-08-08 14:07:54 +01:00
Conor Sloan
2bbf08d922
print response body when an http request to ghcr returns unexpected status
2024-08-08 11:45:25 +01:00
Conor Sloan
c1f237b012
Generate provenance attestation before performing upload to ghcr
...
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Conor Sloan
3d3a333728
remove async in parser
2024-04-15 16:11:50 +01:00
Conor Sloan
18cf56a126
move checking of git checkout out of parse logic
2024-04-15 15:43:26 +01:00
Conor Sloan
17c0582657
check github_ref tag and sha are checked out on parse
2024-04-15 13:45:54 +01:00
Conor Sloan
507635d01b
only write attestation for non-private repos
2024-04-15 12:26:26 +01:00
Conor Sloan
6dc0f68595
get visibility when grabbing repo information
2024-04-15 12:03:02 +01:00
ddivad195
85d00a6e39
add subdirectories in archives
2024-04-09 17:05:31 +01:00
ddivad195
113eb50eb5
re-integrate toolkit code to main action
2024-03-25 17:44:45 +00:00
boxofyellow
761ae0d82e
Bump toolkit to 0.0.7
2024-03-08 05:45:40 -08:00
ddivad195
2fabbad58f
fix semver parsing by removing
2024-03-05 17:09:16 +00:00
ddivad195
05bd356814
fix test
2024-03-05 16:51:22 +00:00
ddivad195
9c9b57d4d4
update dist
2024-03-05 16:35:10 +00:00
Conor Sloan
54d9a343c3
Move from composite to regular node action.
...
This involves generating the attestation in the code using the new attest library in the actions toolkit.
2024-03-01 16:45:32 +00:00
ddivad195
b42b69f193
cleanup debug logging
2024-02-06 18:27:57 +00:00
ddivad195
1167b03ce8
refactor debug logging
2024-02-06 18:27:55 +00:00
Edwin Sirko
c4d8d934a0
npm bundled
2024-02-06 18:27:01 +00:00
ddivad195
501681319f
replace axios with fetch
2024-02-06 18:25:25 +00:00
Conor Sloan
f2fb01cf17
run bundle
2024-02-06 16:42:15 +00:00
Conor Sloan
3f76c4d47c
use GITHUB_WORKSPACE as target dir to package up
2024-02-06 16:34:26 +00:00
Edwin Sirko
9525e839de
handle todos ( #82 )
...
* handle todos
* dist/index.js
2024-02-02 14:59:25 -05:00
Edwin Sirko
b80af95dd0
use runner's RUNNER_TEMP for temp directory ( #75 )
...
* use runner tempdir
* fix tests etc
* feedback
* ran npm install before generating dist
2024-02-02 13:05:08 -05:00
ddivad195
ebbc8c8d58
rebuild dist after dependabot updates
2024-02-02 13:04:37 -05:00
ddivad195
6233cad2a5
fix failing lint and test errors
2024-02-02 13:04:36 -05:00
David Daly
621cb8210d
only run if environment is not ghes
2024-02-02 13:04:35 -05:00
Edwin Sirko
dfbae910c5
fixed bug with fsExtra.copySync ( #55 )
2024-02-02 13:04:35 -05:00
Conor Sloan
1f47b19ed3
Tying up loose ends ( #54 )
...
* various qol updates to publish action
* review comments and run bundle
2024-02-02 13:02:14 -05:00