Compare commits

..

1 Commits

Author SHA1 Message Date
Brian DeHamer ca16ab0dbe try macos-latest-large
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-15 10:50:51 -07:00
5 changed files with 685 additions and 761 deletions
+1 -3
View File
@@ -16,7 +16,7 @@ jobs:
strategy:
matrix:
runs-on: [ubuntu-latest, macos-latest, windows-latest]
runs-on: [ubuntu-latest, macos-latest-large, windows-latest]
fail-fast: false
runs-on: ${{ matrix.runs-on }}
@@ -30,8 +30,6 @@ jobs:
with:
node-version: 20.x
- name: bash version
run: bash --version
- name: npm install
run: npm install
-7
View File
@@ -1,15 +1,8 @@
# @actions/attest Releases
### 1.5.0
- Bump @actions/core from 1.10.1 to 1.11.1 [#1847](https://github.com/actions/toolkit/pull/1847)
- Bump @sigstore/bundle from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
- Bump @sigstore/sign from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
### 1.4.2
- Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823)
### 1.4.1
- Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805)
+676 -744
View File
File diff suppressed because it is too large Load Diff
+6 -6
View File
@@ -1,6 +1,6 @@
{
"name": "@actions/attest",
"version": "1.5.0",
"version": "1.4.2",
"description": "Actions attestation lib",
"keywords": [
"github",
@@ -35,19 +35,19 @@
"url": "https://github.com/actions/toolkit/issues"
},
"devDependencies": {
"@sigstore/mock": "^0.8.0",
"@sigstore/rekor-types": "^3.0.0",
"@sigstore/mock": "^0.7.4",
"@sigstore/rekor-types": "^2.0.0",
"@types/jsonwebtoken": "^9.0.6",
"nock": "^13.5.1",
"undici": "^5.28.4"
},
"dependencies": {
"@actions/core": "^1.11.1",
"@actions/core": "^1.10.1",
"@actions/github": "^6.0.0",
"@actions/http-client": "^2.2.3",
"@octokit/plugin-retry": "^6.0.1",
"@sigstore/bundle": "^3.0.0",
"@sigstore/sign": "^3.0.0",
"@sigstore/bundle": "^2.3.2",
"@sigstore/sign": "^2.3.2",
"jose": "^5.2.3"
},
"overrides": {
+2 -1
View File
@@ -86,6 +86,7 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
witnesses.push(
new RekorWitness({
rekorBaseURL: opts.rekorURL,
entryType: 'dsse',
fetchOnConflict: true,
timeout,
retry
@@ -105,5 +106,5 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
// Build the bundle with the singleCertificate option which will
// trigger the creation of v0.3 DSSE bundles
return new DSSEBundleBuilder({signer, witnesses})
return new DSSEBundleBuilder({signer, witnesses, singleCertificate: true})
}