Commit Graph

71 Commits

Author SHA1 Message Date
Meredith Lancaster 701191f50e fix linter issues
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-09 11:40:40 -08:00
Meredith Lancaster 539724611c param name
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-09 11:39:12 -08:00
Meredith Lancaster 3d01d7ed69 Update packages/attest/README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-09 11:38:06 -08:00
Meredith Lancaster d75223fd4a split mega param into several different ones
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-09 11:37:04 -08:00
Meredith Lancaster d795a0ad0d linter fix
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-09 08:32:31 -08:00
Meredith Lancaster 0380590fdd fix expected endpoint response
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-09 08:02:38 -08:00
Meredith Lancaster 97b7fa81c8 regenerate package lock
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 19:22:04 -08:00
Meredith Lancaster 87afd16bb2 bump to next minor version
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 19:19:29 -08:00
Meredith Lancaster c40fa0d905 formatting
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 19:19:11 -08:00
Meredith Lancaster dc9f635a0d Update packages/attest/src/artifactMetadata.ts
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-08 16:30:37 -08:00
Meredith Lancaster 7847d31696 Update packages/attest/README.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-08 16:30:25 -08:00
Meredith Lancaster 10d3b034e0 fix linter issues
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 16:22:59 -08:00
Meredith Lancaster 8eca440361 fix test and function calls
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 15:59:25 -08:00
Meredith Lancaster 6ec87f46b7 add back param parsing function
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 15:39:26 -08:00
Meredith Lancaster d1f9584cda fix test calls
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 15:33:01 -08:00
Meredith Lancaster b8933d0495 reorganize function options and document
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 15:25:34 -08:00
Meredith Lancaster 0a988d204e rename file
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 15:16:26 -08:00
Meredith Lancaster 136f9dfe37 fix header link
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 14:07:17 -08:00
Meredith Lancaster ed78411ffb fix expected response
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 14:03:23 -08:00
Meredith Lancaster dd097c7f4e add section on createStorageRecord func
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 13:57:00 -08:00
Meredith Lancaster f01262913d table of contents
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 13:55:24 -08:00
Meredith Lancaster c034e76488 fix function exporting and test results
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 13:49:54 -08:00
Meredith Lancaster 9ca26d4946 regenerate package lock
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 13:17:18 -08:00
Meredith Lancaster 417dbfff73 use parameter objects and add tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 13:17:08 -08:00
Meredith Lancaster 79efd648ac condense parameters
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 11:02:59 -08:00
Meredith Lancaster e8c242695d add function for creating storage record
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-12-08 10:49:24 -08:00
dependabot[bot] f014075da9 Bump tar from 7.5.1 to 7.5.2 in /packages/attest
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.1 to 7.5.2.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.5.1...v7.5.2)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-06 01:06:03 +00:00
dependabot[bot] 47017fa24b Bump glob from 10.4.5 to 10.5.0 in /packages/attest
Bumps [glob](https://github.com/isaacs/node-glob) from 10.4.5 to 10.5.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-19 17:36:35 +00:00
Salman Muin Kayser Chishti d3ade9ecfc Prepare @actions/attest 2.0.0 release 2025-10-20 12:07:20 +01:00
Eugene 5e0fa1aaaa Remove unnecessary Buffer to Uint8Array conversion
Removed unnecessary conversion of Buffer to Uint8Array for compatibility.
2025-10-16 12:08:05 -04:00
Salman Muin Kayser Chishti 394e804dc8 remove skip lib check 2025-10-15 16:28:21 +01:00
Salman Muin Kayser Chishti 347c887e54 package json 2025-10-15 16:27:29 +01:00
Salman Muin Kayser Chishti fb5ae2a0e0 Keep attest at the same version 2025-10-15 16:27:29 +01:00
Salman Muin Kayser Chishti 33a9b6c09c update with dist updates 2025-10-15 16:22:51 +01:00
Salman Muin Kayser Chishti 48e42b1fdd linting 2025-09-04 15:24:57 +01:00
Salman Muin Kayser Chishti b738f10ef3 package updates 2025-09-04 15:15:02 +01:00
Salman Muin Kayser Chishti 8f32f385e0 Bump package versions, and fix issues 2025-09-04 14:16:27 +01:00
dependabot[bot] 41b3ce3141 Bump undici from 5.28.5 to 5.29.0 in /packages/attest
Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-15 16:30:57 +00:00
Brian DeHamer 36db4d62ad Merge pull request #2045 from actions/dependabot/npm_and_yarn/packages/attest/octokit/endpoint-9.0.6
Bump @octokit/endpoint from 9.0.5 to 9.0.6 in /packages/attest
2025-05-08 10:47:59 -07:00
dependabot[bot] 957610a37a Bump @octokit/request-error from 5.1.0 to 5.1.1 in /packages/attest
Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v5.1.0...v5.1.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-version: 5.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-08 11:19:50 +00:00
dependabot[bot] 6ed621e7d1 Bump @octokit/endpoint from 9.0.5 to 9.0.6 in /packages/attest
Bumps [@octokit/endpoint](https://github.com/octokit/endpoint.js) from 9.0.5 to 9.0.6.
- [Release notes](https://github.com/octokit/endpoint.js/releases)
- [Commits](https://github.com/octokit/endpoint.js/compare/v9.0.5...v9.0.6)

---
updated-dependencies:
- dependency-name: "@octokit/endpoint"
  dependency-version: 9.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-05-08 11:19:48 +00:00
Brian DeHamer 0bc338adab set workflow.ref provenance field from ref claim
Updates the `buildSLSAProvenancePredicate` function to populate the
`workflow.ref` field from the `ref` claim in the OIDC token.

Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-02-26 08:47:27 -08:00
Brian DeHamer 95e747361e bump undici to 5.28.5
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2025-02-14 08:02:10 -08:00
Brian DeHamer 7e54468896 update release notes for @actions/attest v1.5.0
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 09:45:11 -07:00
Brian DeHamer 339447c5d3 Merge pull request #1863 from meriadec/attest-provenance-tags
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
2024-11-01 09:35:13 -07:00
Brian DeHamer 265a5be8bc support multi-subject attestations
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 09:08:19 -07:00
Meriadec Pillet 717ba9d9a4 Handle tags containing "@" character in buildSLSAProvenancePredicate
When using some monorepo-related tools (like [changesets](https://github.com/changesets/changesets)),
the produced tags have a special format that includes `@` character.

For example, a `foo` package on a monorepo will produce Git tags looking
like `foo@1.0.0` if using changesets.

When used in combination with `actions/attest-build-provenance`, the
action was not properly re-crafting the tag in `buildSLSAProvenancePredicate` because
it was always splitting the workflow ref by `@` and taking the second
element.

This result in this error on CI:

```
Error: Error: Failed to persist attestation: Invalid Argument - values do not match: refs/tags/foo != refs/tags/foo@1.0.0 - https://docs.github.com/rest/repos/repos#create-an-attestation
````

This PR slightly update the logic there, and rather take "everything
located after the first '@'". This shouldn't introduce any breaking
change, while giving support for custom tags.

I've added the corresponding test case, it passes, however I couldn't
successfully run the full test suite (neither on `main`). Looking
forward for CI outcome.

Thanks in advance for the review 🙏.
2024-10-30 14:29:42 +01:00
Brian DeHamer 29d342f176 Merge pull request #1848 from actions/bdehamer/attest-prep-1-5
`@actions/attest`: prep release of @actions/attest v1.5.0
2024-10-14 12:49:33 -07:00
Brian DeHamer 72113fe791 Merge pull request #1847 from actions/bdehamer/attest-update-core
`@actions/attest`: bump @actions/core from 1.10.1 to 1.11.1
2024-10-14 12:49:15 -07:00
Brian DeHamer 26c752f562 prep release of @actions/attest v1.5.0
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:33:10 -07:00