Conor Sloan
e03465965b
Update README.md
2024-08-28 14:02:38 +01:00
Conor Sloan
e3f16e22ab
Merge pull request #182 from actions/conorsloan/check-for-uncommitted-changes
...
Fail if local changes made to the checked out action content
2024-08-28 13:56:41 +01:00
Conor Sloan
1255bb0a54
error if local changes made to the checked out action content
2024-08-28 13:22:37 +01:00
Conor Sloan
4aeb3f6341
Merge pull request #181 from actions/conorsloan/fixup-runtime-security
...
Secure actions execution context
2024-08-28 12:39:22 +01:00
Conor Sloan
86a49c7f6a
secure actions execution context
2024-08-28 12:10:13 +01:00
Conor Sloan
8a96626c28
Merge pull request #179 from actions/conorsloan/upload-attestations-to-ghcr
...
Upload attestations to GHCR instead of Attestations API
2024-08-27 21:27:41 +01:00
Conor Sloan
36e729c5aa
grab attestation media type and predicate type from attestation bundle
2024-08-27 20:52:44 +01:00
Conor Sloan
432126c06c
change value of package type for referrer index
2024-08-23 13:42:27 +01:00
Conor Sloan
3555a7ef80
update dist
2024-08-23 13:33:13 +01:00
Conor Sloan
1b9faf628d
add retries and fix up tests
2024-08-23 13:17:07 +01:00
Conor Sloan
72b670f356
add tests for index upload
2024-08-23 11:06:03 +01:00
Conor Sloan
e308348d01
fix up ghcr client tests and remove config from action package layers
2024-08-23 10:56:04 +01:00
Conor Sloan
e53d6ca2a2
reinstate main tests
2024-08-23 10:00:06 +01:00
Conor Sloan
da1f4d6352
reverse the upload order
2024-08-22 20:30:50 +01:00
Conor Sloan
028b950050
experimental: manually generate and upload all manifests
2024-08-22 20:00:30 +01:00
Conor Sloan
bafa38ff94
refactor ghcr client for reusable upload functions
2024-08-22 18:40:02 +01:00
Conor Sloan
e44432d3e5
add new OCI manifests for attestations
2024-08-22 18:13:15 +01:00
Conor Sloan
c11354f432
upload attestation and referrer index before artifact
...
This avoids race conditions when the artifact is read but its attestation doesn't exist
2024-08-22 16:10:12 +01:00
Conor Sloan
1f725c56d6
upload attestation to GHCR instead of attestations API
2024-08-22 14:10:50 +01:00
Conor Sloan
f213f0c945
Merge pull request #175 from actions/conorsloan/update-attest-package
...
Update @actions/attest dependency and send Attestations API header
2024-08-21 16:03:33 +01:00
Conor Sloan
8c9931350a
update attest dep and send IA header
2024-08-21 11:11:46 +01:00
Conor Sloan
7af620c09c
Merge pull request #164 from actions/conorsloan/fix-readme-example-permissions
...
Update README.md
2024-08-12 18:06:57 +01:00
Beth Brennan
9c79aec798
Merge branch 'main' into conorsloan/fix-readme-example-permissions
2024-08-12 12:53:26 -04:00
Beth Brennan
a2e9ffc7b9
Merge pull request #165 from actions/elbrenn/codeowners
...
Remove unused CODEOWNERS
2024-08-12 12:51:55 -04:00
Beth Brennan
2af7b38c8b
Remove unused codeowners
2024-08-12 12:48:32 -04:00
Conor Sloan
3cc27d51e4
Update README.md
...
Fix permissions in example workflow
2024-08-12 14:12:39 +01:00
Conor Sloan
e039e1d6b7
Merge pull request #163 from actions/conorsloan/create-codeowners
...
Create CODEOWNERS
2024-08-12 11:40:40 +01:00
Conor Sloan
11f5dcdbc3
Create CODEOWNERS
2024-08-12 10:15:17 +01:00
Conor Sloan
91044eb688
Merge pull request #162 from actions/conorsloan/update-deps
...
Update dependency versions
2024-08-12 10:03:13 +01:00
Conor Sloan
cf53527ffc
update dep versions
2024-08-12 09:56:19 +01:00
Conor Sloan
f58dd8f0ed
Merge pull request #161 from actions/conorsloan/fix-self-publishing-workflow-permissions
...
Update permissions on self-publishing workflow
2024-08-12 09:56:01 +01:00
Conor Sloan
a959dfafba
replace contents: write with attestations: write in release
2024-08-12 09:53:52 +01:00
Conor Sloan
a61106e002
Merge pull request #159 from actions/conorsloan/never-skip-attestation-write
...
always set skipWrite to false when generating attestations
2024-08-12 09:53:41 +01:00
Conor Sloan
90d59724e7
always set skipWrite to false when generating attestations
2024-08-12 09:51:04 +01:00
Conor Sloan
1a8d07a497
Merge pull request #94 from actions/dependabot/github_actions/super-linter/super-linter-6
...
Bump super-linter/super-linter from 5 to 6
2024-08-12 09:50:39 +01:00
Conor Sloan
50c672a353
dont ignore tests in eslint
2024-08-10 11:24:48 +01:00
Conor Sloan
0fd4266160
replace default style with validate env var
...
See https://github.com/super-linter/super-linter/blob/main/docs/upgrade-guide.md#javascript_default_style-and-typescript_default_style
2024-08-10 11:24:48 +01:00
Conor Sloan
e58130f44d
move permissions to top level
2024-08-10 11:24:48 +01:00
Conor Sloan
229ed04906
ignore tests in eslinter
2024-08-10 11:24:48 +01:00
Conor Sloan
766a6934c5
fix codeql permissions
2024-08-10 11:24:48 +01:00
Conor Sloan
b40fcfc004
attempt 1 to fix linter issues
2024-08-10 11:24:48 +01:00
Sneha Kripanandan
67f4b7749e
Set fetch-depth for checkout when using super-linter
2024-08-10 11:24:48 +01:00
dependabot[bot]
abf929b7e4
Bump super-linter/super-linter from 5 to 6
...
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter ) from 5 to 6.
- [Release notes](https://github.com/super-linter/super-linter/releases )
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md )
- [Commits](https://github.com/super-linter/super-linter/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: super-linter/super-linter
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-10 11:24:48 +01:00
Conor Sloan
b8bd8fe389
Merge pull request #158 from actions/conorsloan/send-auth-to-ghcr-lookup-endpoint
...
Send auth token to fetch container registry URL API endpoint
2024-08-09 15:45:58 +01:00
Conor Sloan
ffcb1087c4
send auth token to get container registry url endpoint
2024-08-09 14:49:07 +01:00
Conor Sloan
f7d49cfdd1
Merge pull request #157 from actions/conorsloan/dump-response-body-on-unexpected-ghcr-response
...
Include information from GHCR response bodies in error reporting
2024-08-08 16:48:54 +01:00
Conor Sloan
bebbbc6eee
parse GHCR error format for errors
2024-08-08 14:07:54 +01:00
Conor Sloan
2bbf08d922
print response body when an http request to ghcr returns unexpected status
2024-08-08 11:45:25 +01:00
Conor Sloan
2bc8c192b1
Merge pull request #156 from actions/conorsloan/attest-before-publish
...
Generate provenance attestation before performing upload to ghcr
2024-08-07 21:48:38 +01:00
Conor Sloan
c1f237b012
Generate provenance attestation before performing upload to ghcr
...
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00