Meredith Lancaster
701191f50e
fix linter issues
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-09 11:40:40 -08:00
Meredith Lancaster
539724611c
param name
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-09 11:39:12 -08:00
Meredith Lancaster
3d01d7ed69
Update packages/attest/README.md
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-09 11:38:06 -08:00
Meredith Lancaster
d75223fd4a
split mega param into several different ones
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-09 11:37:04 -08:00
Meredith Lancaster
d795a0ad0d
linter fix
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-09 08:32:31 -08:00
Meredith Lancaster
0380590fdd
fix expected endpoint response
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-09 08:02:38 -08:00
Meredith Lancaster
97b7fa81c8
regenerate package lock
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 19:22:04 -08:00
Meredith Lancaster
87afd16bb2
bump to next minor version
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 19:19:29 -08:00
Meredith Lancaster
c40fa0d905
formatting
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 19:19:11 -08:00
Meredith Lancaster
dc9f635a0d
Update packages/attest/src/artifactMetadata.ts
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-08 16:30:37 -08:00
Meredith Lancaster
7847d31696
Update packages/attest/README.md
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-12-08 16:30:25 -08:00
Meredith Lancaster
10d3b034e0
fix linter issues
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 16:22:59 -08:00
Meredith Lancaster
8eca440361
fix test and function calls
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 15:59:25 -08:00
Meredith Lancaster
6ec87f46b7
add back param parsing function
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 15:39:26 -08:00
Meredith Lancaster
d1f9584cda
fix test calls
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 15:33:01 -08:00
Meredith Lancaster
b8933d0495
reorganize function options and document
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 15:25:34 -08:00
Meredith Lancaster
0a988d204e
rename file
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 15:16:26 -08:00
Meredith Lancaster
136f9dfe37
fix header link
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 14:07:17 -08:00
Meredith Lancaster
ed78411ffb
fix expected response
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 14:03:23 -08:00
Meredith Lancaster
dd097c7f4e
add section on createStorageRecord func
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 13:57:00 -08:00
Meredith Lancaster
f01262913d
table of contents
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 13:55:24 -08:00
Meredith Lancaster
c034e76488
fix function exporting and test results
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 13:49:54 -08:00
Meredith Lancaster
9ca26d4946
regenerate package lock
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 13:17:18 -08:00
Meredith Lancaster
417dbfff73
use parameter objects and add tests
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 13:17:08 -08:00
Meredith Lancaster
79efd648ac
condense parameters
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 11:02:59 -08:00
Meredith Lancaster
e8c242695d
add function for creating storage record
...
Signed-off-by: Meredith Lancaster <malancas@github.com >
2025-12-08 10:49:24 -08:00
dependabot[bot]
f014075da9
Bump tar from 7.5.1 to 7.5.2 in /packages/attest
...
Bumps [tar](https://github.com/isaacs/node-tar ) from 7.5.1 to 7.5.2.
- [Release notes](https://github.com/isaacs/node-tar/releases )
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.1...v7.5.2 )
---
updated-dependencies:
- dependency-name: tar
dependency-version: 7.5.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-06 01:06:03 +00:00
dependabot[bot]
47017fa24b
Bump glob from 10.4.5 to 10.5.0 in /packages/attest
...
Bumps [glob](https://github.com/isaacs/node-glob ) from 10.4.5 to 10.5.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md )
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0 )
---
updated-dependencies:
- dependency-name: glob
dependency-version: 10.5.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-19 17:36:35 +00:00
Salman Muin Kayser Chishti
d3ade9ecfc
Prepare @actions/attest 2.0.0 release
2025-10-20 12:07:20 +01:00
Eugene
5e0fa1aaaa
Remove unnecessary Buffer to Uint8Array conversion
...
Removed unnecessary conversion of Buffer to Uint8Array for compatibility.
2025-10-16 12:08:05 -04:00
Salman Muin Kayser Chishti
394e804dc8
remove skip lib check
2025-10-15 16:28:21 +01:00
Salman Muin Kayser Chishti
347c887e54
package json
2025-10-15 16:27:29 +01:00
Salman Muin Kayser Chishti
fb5ae2a0e0
Keep attest at the same version
2025-10-15 16:27:29 +01:00
Salman Muin Kayser Chishti
33a9b6c09c
update with dist updates
2025-10-15 16:22:51 +01:00
Salman Muin Kayser Chishti
48e42b1fdd
linting
2025-09-04 15:24:57 +01:00
Salman Muin Kayser Chishti
b738f10ef3
package updates
2025-09-04 15:15:02 +01:00
Salman Muin Kayser Chishti
8f32f385e0
Bump package versions, and fix issues
2025-09-04 14:16:27 +01:00
dependabot[bot]
41b3ce3141
Bump undici from 5.28.5 to 5.29.0 in /packages/attest
...
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-15 16:30:57 +00:00
Brian DeHamer
36db4d62ad
Merge pull request #2045 from actions/dependabot/npm_and_yarn/packages/attest/octokit/endpoint-9.0.6
...
Bump @octokit/endpoint from 9.0.5 to 9.0.6 in /packages/attest
2025-05-08 10:47:59 -07:00
dependabot[bot]
957610a37a
Bump @octokit/request-error from 5.1.0 to 5.1.1 in /packages/attest
...
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js ) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/octokit/request-error.js/releases )
- [Commits](https://github.com/octokit/request-error.js/compare/v5.1.0...v5.1.1 )
---
updated-dependencies:
- dependency-name: "@octokit/request-error"
dependency-version: 5.1.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-08 11:19:50 +00:00
dependabot[bot]
6ed621e7d1
Bump @octokit/endpoint from 9.0.5 to 9.0.6 in /packages/attest
...
Bumps [@octokit/endpoint](https://github.com/octokit/endpoint.js ) from 9.0.5 to 9.0.6.
- [Release notes](https://github.com/octokit/endpoint.js/releases )
- [Commits](https://github.com/octokit/endpoint.js/compare/v9.0.5...v9.0.6 )
---
updated-dependencies:
- dependency-name: "@octokit/endpoint"
dependency-version: 9.0.6
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-05-08 11:19:48 +00:00
Brian DeHamer
0bc338adab
set workflow.ref provenance field from ref claim
...
Updates the `buildSLSAProvenancePredicate` function to populate the
`workflow.ref` field from the `ref` claim in the OIDC token.
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2025-02-26 08:47:27 -08:00
Brian DeHamer
95e747361e
bump undici to 5.28.5
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2025-02-14 08:02:10 -08:00
Brian DeHamer
7e54468896
update release notes for @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-11-01 09:45:11 -07:00
Brian DeHamer
339447c5d3
Merge pull request #1863 from meriadec/attest-provenance-tags
...
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
2024-11-01 09:35:13 -07:00
Brian DeHamer
265a5be8bc
support multi-subject attestations
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-11-01 09:08:19 -07:00
Meriadec Pillet
717ba9d9a4
Handle tags containing "@" character in buildSLSAProvenancePredicate
...
When using some monorepo-related tools (like [changesets](https://github.com/changesets/changesets )),
the produced tags have a special format that includes `@` character.
For example, a `foo` package on a monorepo will produce Git tags looking
like `foo@1.0.0` if using changesets.
When used in combination with `actions/attest-build-provenance`, the
action was not properly re-crafting the tag in `buildSLSAProvenancePredicate` because
it was always splitting the workflow ref by `@` and taking the second
element.
This result in this error on CI:
```
Error: Error: Failed to persist attestation: Invalid Argument - values do not match: refs/tags/foo != refs/tags/foo@1.0.0 - https://docs.github.com/rest/repos/repos#create-an-attestation
````
This PR slightly update the logic there, and rather take "everything
located after the first '@'". This shouldn't introduce any breaking
change, while giving support for custom tags.
I've added the corresponding test case, it passes, however I couldn't
successfully run the full test suite (neither on `main`). Looking
forward for CI outcome.
Thanks in advance for the review 🙏 .
2024-10-30 14:29:42 +01:00
Brian DeHamer
29d342f176
Merge pull request #1848 from actions/bdehamer/attest-prep-1-5
...
`@actions/attest`: prep release of @actions/attest v1.5.0
2024-10-14 12:49:33 -07:00
Brian DeHamer
72113fe791
Merge pull request #1847 from actions/bdehamer/attest-update-core
...
`@actions/attest`: bump @actions/core from 1.10.1 to 1.11.1
2024-10-14 12:49:15 -07:00
Brian DeHamer
26c752f562
prep release of @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com >
2024-10-14 12:33:10 -07:00