Conor Sloan
e308348d01
fix up ghcr client tests and remove config from action package layers
2024-08-23 10:56:04 +01:00
Conor Sloan
e53d6ca2a2
reinstate main tests
2024-08-23 10:00:06 +01:00
Conor Sloan
da1f4d6352
reverse the upload order
2024-08-22 20:30:50 +01:00
Conor Sloan
028b950050
experimental: manually generate and upload all manifests
2024-08-22 20:00:30 +01:00
Conor Sloan
bafa38ff94
refactor ghcr client for reusable upload functions
2024-08-22 18:40:02 +01:00
Conor Sloan
e44432d3e5
add new OCI manifests for attestations
2024-08-22 18:13:15 +01:00
Conor Sloan
c11354f432
upload attestation and referrer index before artifact
...
This avoids race conditions when the artifact is read but its attestation doesn't exist
2024-08-22 16:10:12 +01:00
Conor Sloan
1f725c56d6
upload attestation to GHCR instead of attestations API
2024-08-22 14:10:50 +01:00
Conor Sloan
f213f0c945
Merge pull request #175 from actions/conorsloan/update-attest-package
...
Update @actions/attest dependency and send Attestations API header
2024-08-21 16:03:33 +01:00
Conor Sloan
8c9931350a
update attest dep and send IA header
2024-08-21 11:11:46 +01:00
Conor Sloan
7af620c09c
Merge pull request #164 from actions/conorsloan/fix-readme-example-permissions
...
Update README.md
2024-08-12 18:06:57 +01:00
Beth Brennan
9c79aec798
Merge branch 'main' into conorsloan/fix-readme-example-permissions
2024-08-12 12:53:26 -04:00
Beth Brennan
a2e9ffc7b9
Merge pull request #165 from actions/elbrenn/codeowners
...
Remove unused CODEOWNERS
2024-08-12 12:51:55 -04:00
Beth Brennan
2af7b38c8b
Remove unused codeowners
2024-08-12 12:48:32 -04:00
Conor Sloan
3cc27d51e4
Update README.md
...
Fix permissions in example workflow
2024-08-12 14:12:39 +01:00
Conor Sloan
e039e1d6b7
Merge pull request #163 from actions/conorsloan/create-codeowners
...
Create CODEOWNERS
2024-08-12 11:40:40 +01:00
Conor Sloan
11f5dcdbc3
Create CODEOWNERS
2024-08-12 10:15:17 +01:00
Conor Sloan
91044eb688
Merge pull request #162 from actions/conorsloan/update-deps
...
Update dependency versions
2024-08-12 10:03:13 +01:00
Conor Sloan
cf53527ffc
update dep versions
2024-08-12 09:56:19 +01:00
Conor Sloan
f58dd8f0ed
Merge pull request #161 from actions/conorsloan/fix-self-publishing-workflow-permissions
...
Update permissions on self-publishing workflow
2024-08-12 09:56:01 +01:00
Conor Sloan
a959dfafba
replace contents: write with attestations: write in release
2024-08-12 09:53:52 +01:00
Conor Sloan
a61106e002
Merge pull request #159 from actions/conorsloan/never-skip-attestation-write
...
always set skipWrite to false when generating attestations
2024-08-12 09:53:41 +01:00
Conor Sloan
90d59724e7
always set skipWrite to false when generating attestations
2024-08-12 09:51:04 +01:00
Conor Sloan
1a8d07a497
Merge pull request #94 from actions/dependabot/github_actions/super-linter/super-linter-6
...
Bump super-linter/super-linter from 5 to 6
2024-08-12 09:50:39 +01:00
Conor Sloan
50c672a353
dont ignore tests in eslint
2024-08-10 11:24:48 +01:00
Conor Sloan
0fd4266160
replace default style with validate env var
...
See https://github.com/super-linter/super-linter/blob/main/docs/upgrade-guide.md#javascript_default_style-and-typescript_default_style
2024-08-10 11:24:48 +01:00
Conor Sloan
e58130f44d
move permissions to top level
2024-08-10 11:24:48 +01:00
Conor Sloan
229ed04906
ignore tests in eslinter
2024-08-10 11:24:48 +01:00
Conor Sloan
766a6934c5
fix codeql permissions
2024-08-10 11:24:48 +01:00
Conor Sloan
b40fcfc004
attempt 1 to fix linter issues
2024-08-10 11:24:48 +01:00
Sneha Kripanandan
67f4b7749e
Set fetch-depth for checkout when using super-linter
2024-08-10 11:24:48 +01:00
dependabot[bot]
abf929b7e4
Bump super-linter/super-linter from 5 to 6
...
Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter ) from 5 to 6.
- [Release notes](https://github.com/super-linter/super-linter/releases )
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md )
- [Commits](https://github.com/super-linter/super-linter/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: super-linter/super-linter
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-10 11:24:48 +01:00
Conor Sloan
b8bd8fe389
Merge pull request #158 from actions/conorsloan/send-auth-to-ghcr-lookup-endpoint
...
Send auth token to fetch container registry URL API endpoint
2024-08-09 15:45:58 +01:00
Conor Sloan
ffcb1087c4
send auth token to get container registry url endpoint
2024-08-09 14:49:07 +01:00
Conor Sloan
f7d49cfdd1
Merge pull request #157 from actions/conorsloan/dump-response-body-on-unexpected-ghcr-response
...
Include information from GHCR response bodies in error reporting
2024-08-08 16:48:54 +01:00
Conor Sloan
bebbbc6eee
parse GHCR error format for errors
2024-08-08 14:07:54 +01:00
Conor Sloan
2bbf08d922
print response body when an http request to ghcr returns unexpected status
2024-08-08 11:45:25 +01:00
Conor Sloan
2bc8c192b1
Merge pull request #156 from actions/conorsloan/attest-before-publish
...
Generate provenance attestation before performing upload to ghcr
2024-08-07 21:48:38 +01:00
Conor Sloan
c1f237b012
Generate provenance attestation before performing upload to ghcr
...
This allows us to check in the backend that a valid attestation exists for a package version before we allow the upload to succeed.
In doing this, we can perform an integrity check that the attestation is valid and all action packages have valid attestations.
2024-08-07 17:13:39 +01:00
Sneha Kripanandan
8215ec2f64
Merge pull request #154 from actions/dependabot/npm_and_yarn/types/jest-29.5.12
...
Bump @types/jest from 29.5.11 to 29.5.12
2024-08-06 09:39:03 -04:00
dependabot[bot]
5de4baf048
Bump @types/jest from 29.5.11 to 29.5.12
...
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest ) from 29.5.11 to 29.5.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest )
---
updated-dependencies:
- dependency-name: "@types/jest"
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-05 22:25:35 +00:00
Sneha Kripanandan
9c2a630347
Merge pull request #152 from actions/dependabot/npm_and_yarn/eslint-plugin-jest-28.6.0
...
Bump eslint-plugin-jest from 27.6.3 to 28.6.0
2024-08-05 15:16:15 -04:00
dependabot[bot]
8e9002fe5a
Bump eslint-plugin-jest from 27.6.3 to 28.6.0
...
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest ) from 27.6.3 to 28.6.0.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases )
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md )
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v27.6.3...v28.6.0 )
---
updated-dependencies:
- dependency-name: eslint-plugin-jest
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-01 22:17:15 +00:00
Sneha Kripanandan
e2e9fea210
Merge pull request #150 from actions/dependabot/npm_and_yarn/eslint-plugin-prettier-5.2.1
...
Bump eslint-plugin-prettier from 5.1.3 to 5.2.1
2024-08-01 09:07:01 -04:00
dependabot[bot]
b757396339
Bump eslint-plugin-prettier from 5.1.3 to 5.2.1
...
Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier ) from 5.1.3 to 5.2.1.
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases )
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md )
- [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.1.3...v5.2.1 )
---
updated-dependencies:
- dependency-name: eslint-plugin-prettier
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-08-01 12:59:46 +00:00
Sneha Kripanandan
ef67e6d74f
Merge pull request #149 from actions/dependabot/npm_and_yarn/prettier-3.3.3
...
Bump prettier from 3.2.4 to 3.3.3
2024-08-01 08:58:29 -04:00
dependabot[bot]
cd067bec7f
Bump prettier from 3.2.4 to 3.3.3
...
Bumps [prettier](https://github.com/prettier/prettier ) from 3.2.4 to 3.3.3.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.2.4...3.3.3 )
---
updated-dependencies:
- dependency-name: prettier
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-07-31 22:23:15 +00:00
Sneha Kripanandan
36524bea42
Merge pull request #87 from actions/dependabot/npm_and_yarn/typescript-eslint/parser-6.21.0
...
Bump @typescript-eslint/parser from 6.19.0 to 6.21.0
2024-07-31 13:55:44 -04:00
Sneha Kripanandan
d623812b29
Merge branch 'main' into dependabot/npm_and_yarn/typescript-eslint/parser-6.21.0
2024-07-31 13:50:29 -04:00
Sneha Kripanandan
1354f92349
Merge pull request #147 from actions/dependabot/npm_and_yarn/ts-jest-29.2.3
...
Bump ts-jest from 29.1.1 to 29.2.3
2024-07-31 13:45:56 -04:00