Commit Graph

158 Commits

Author SHA1 Message Date
Conor Sloan 028b950050 experimental: manually generate and upload all manifests 2024-08-22 20:00:30 +01:00
Conor Sloan bafa38ff94 refactor ghcr client for reusable upload functions 2024-08-22 18:40:02 +01:00
Conor Sloan e44432d3e5 add new OCI manifests for attestations 2024-08-22 18:13:15 +01:00
Conor Sloan c11354f432 upload attestation and referrer index before artifact
This avoids race conditions when the artifact is read but its attestation doesn't exist
2024-08-22 16:10:12 +01:00
Conor Sloan 1f725c56d6 upload attestation to GHCR instead of attestations API 2024-08-22 14:10:50 +01:00
Conor Sloan f213f0c945 Merge pull request #175 from actions/conorsloan/update-attest-package
Update @actions/attest dependency and send Attestations API header
2024-08-21 16:03:33 +01:00
Conor Sloan 8c9931350a update attest dep and send IA header 2024-08-21 11:11:46 +01:00
Conor Sloan 7af620c09c Merge pull request #164 from actions/conorsloan/fix-readme-example-permissions
Update README.md
2024-08-12 18:06:57 +01:00
Beth Brennan 9c79aec798 Merge branch 'main' into conorsloan/fix-readme-example-permissions 2024-08-12 12:53:26 -04:00
Beth Brennan a2e9ffc7b9 Merge pull request #165 from actions/elbrenn/codeowners
Remove unused CODEOWNERS
2024-08-12 12:51:55 -04:00
Beth Brennan 2af7b38c8b Remove unused codeowners 2024-08-12 12:48:32 -04:00
Conor Sloan 3cc27d51e4 Update README.md
Fix permissions in example workflow
2024-08-12 14:12:39 +01:00
Conor Sloan e039e1d6b7 Merge pull request #163 from actions/conorsloan/create-codeowners
Create CODEOWNERS
2024-08-12 11:40:40 +01:00
Conor Sloan 11f5dcdbc3 Create CODEOWNERS 2024-08-12 10:15:17 +01:00
Conor Sloan 91044eb688 Merge pull request #162 from actions/conorsloan/update-deps
Update dependency versions
2024-08-12 10:03:13 +01:00
Conor Sloan cf53527ffc update dep versions 2024-08-12 09:56:19 +01:00
Conor Sloan f58dd8f0ed Merge pull request #161 from actions/conorsloan/fix-self-publishing-workflow-permissions
Update permissions on self-publishing workflow
2024-08-12 09:56:01 +01:00
Conor Sloan a959dfafba replace contents: write with attestations: write in release 2024-08-12 09:53:52 +01:00
Conor Sloan a61106e002 Merge pull request #159 from actions/conorsloan/never-skip-attestation-write
always set skipWrite to false when generating attestations
2024-08-12 09:53:41 +01:00
Conor Sloan 90d59724e7 always set skipWrite to false when generating attestations 2024-08-12 09:51:04 +01:00
Conor Sloan 1a8d07a497 Merge pull request #94 from actions/dependabot/github_actions/super-linter/super-linter-6
Bump super-linter/super-linter from 5 to 6
2024-08-12 09:50:39 +01:00
Conor Sloan 50c672a353 dont ignore tests in eslint 2024-08-10 11:24:48 +01:00
Conor Sloan 0fd4266160 replace default style with validate env var
See https://github.com/super-linter/super-linter/blob/main/docs/upgrade-guide.md#javascript_default_style-and-typescript_default_style
2024-08-10 11:24:48 +01:00
Conor Sloan e58130f44d move permissions to top level 2024-08-10 11:24:48 +01:00
Conor Sloan 229ed04906 ignore tests in eslinter 2024-08-10 11:24:48 +01:00
Conor Sloan 766a6934c5 fix codeql permissions 2024-08-10 11:24:48 +01:00
Conor Sloan b40fcfc004 attempt 1 to fix linter issues 2024-08-10 11:24:48 +01:00
Sneha Kripanandan 67f4b7749e Set fetch-depth for checkout when using super-linter 2024-08-10 11:24:48 +01:00
dependabot[bot] abf929b7e4 Bump super-linter/super-linter from 5 to 6
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 5 to 6.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v5...v6)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-10 11:24:48 +01:00
Conor Sloan b8bd8fe389 Merge pull request #158 from actions/conorsloan/send-auth-to-ghcr-lookup-endpoint
Send auth token to fetch container registry URL API endpoint
2024-08-09 15:45:58 +01:00
Conor Sloan ffcb1087c4 send auth token to get container registry url endpoint 2024-08-09 14:49:07 +01:00
Conor Sloan f7d49cfdd1 Merge pull request #157 from actions/conorsloan/dump-response-body-on-unexpected-ghcr-response
Include information from GHCR response bodies in error reporting
2024-08-08 16:48:54 +01:00
Conor Sloan bebbbc6eee parse GHCR error format for errors 2024-08-08 14:07:54 +01:00
Conor Sloan 2bbf08d922 print response body when an http request to ghcr returns unexpected status 2024-08-08 11:45:25 +01:00
Conor Sloan 2bc8c192b1 Merge pull request #156 from actions/conorsloan/attest-before-publish
Generate provenance attestation before performing upload to ghcr
2024-08-07 21:48:38 +01:00
Conor Sloan c1f237b012 Generate provenance attestation before performing upload to ghcr
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Sneha Kripanandan 8215ec2f64 Merge pull request #154 from actions/dependabot/npm_and_yarn/types/jest-29.5.12
Bump @types/jest from 29.5.11 to 29.5.12
2024-08-06 09:39:03 -04:00
dependabot[bot] 5de4baf048 Bump @types/jest from 29.5.11 to 29.5.12
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.11 to 29.5.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-05 22:25:35 +00:00
Sneha Kripanandan 9c2a630347 Merge pull request #152 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-28.6.0
Bump eslint-plugin-jest from 27.6.3 to 28.6.0
2024-08-05 15:16:15 -04:00
dependabot[bot] 8e9002fe5a Bump eslint-plugin-jest from 27.6.3 to 28.6.0
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.6.3 to 28.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.6.3...v28.6.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 22:17:15 +00:00
Sneha Kripanandan e2e9fea210 Merge pull request #150 from actions/dependabot/npm_and_yarn/eslint-plugin-prettier-5.2.1
Bump eslint-plugin-prettier from 5.1.3 to 5.2.1
2024-08-01 09:07:01 -04:00
dependabot[bot] b757396339 Bump eslint-plugin-prettier from 5.1.3 to 5.2.1
Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) from 5.1.3 to 5.2.1.
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.1.3...v5.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 12:59:46 +00:00
Sneha Kripanandan ef67e6d74f Merge pull request #149 from actions/dependabot/npm_and_yarn/prettier-3.3.3
Bump prettier from 3.2.4 to 3.3.3
2024-08-01 08:58:29 -04:00
dependabot[bot] cd067bec7f Bump prettier from 3.2.4 to 3.3.3
Bumps [prettier](https://github.com/prettier/prettier) from 3.2.4 to 3.3.3.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.2.4...3.3.3)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-31 22:23:15 +00:00
Sneha Kripanandan 36524bea42 Merge pull request #87 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.21.0
Bump @typescript-eslint/parser from 6.19.0 to 6.21.0
2024-07-31 13:55:44 -04:00
Sneha Kripanandan d623812b29 Merge branch 'main' into dependabot/npm_and_yarn/typescript-eslint/parser-6.21.0 2024-07-31 13:50:29 -04:00
Sneha Kripanandan 1354f92349 Merge pull request #147 from actions/dependabot/npm_and_yarn/ts-jest-29.2.3
Bump ts-jest from 29.1.1 to 29.2.3
2024-07-31 13:45:56 -04:00
dependabot[bot] 23baf08c4c Bump ts-jest from 29.1.1 to 29.2.3
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.1.1 to 29.2.3.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.1...v29.2.3)

---
updated-dependencies:
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-31 17:09:35 +00:00
Sneha Kripanandan 7fee9b1717 Merge pull request #146 from actions/dependabot/npm_and_yarn/types/node-22.0.0
Bump @types/node from 20.11.13 to 22.0.0
2024-07-31 13:08:10 -04:00
dependabot[bot] 6f395ba687 Bump @types/node from 20.11.13 to 22.0.0
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.11.13 to 22.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-31 17:02:46 +00:00