Merge branch 'actions:main' into main-origin

2025-12-15 20:03:28 +00:00 · 2025-08-28 21:09:09 -07:00 · 2025-08-28 21:09:09 -07:00 · f2a6401597
commit f2a6401597
parent e6946cd9fe 0b6e980926
14 changed files with 36 additions and 99 deletions
--- a/.github/linters/.yaml-lint.yml
+++ b/.github/linters/.yaml-lint.yml
@ -1,10 +0,0 @@
-rules:
-  document-end: disable
-  document-start:
-    level: warning
-    present: false
-  line-length:
-    level: warning
-    max: 80
-    allow-non-breakable-words: true
-    allow-non-breakable-inline-mappings: true
--- a/.github/linters/tsconfig.json
+++ b/.github/linters/tsconfig.json
@ -1,9 +0,0 @@
-{
-  "$schema": "https://json.schemastore.org/tsconfig",
-  "extends": "../../tsconfig.json",
-  "compilerOptions": {
-    "noEmit": true
-  },
-  "include": ["../../__tests__/**/*", "../../src/**/*"],
-  "exclude": ["../../dist", "../../node_modules", "../../coverage", "*.json"]
-}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -21,7 +21,7 @@ jobs:
    steps:
      - name: Checkout
        id: checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Setup Node.js
        id: setup-node
@ -57,7 +57,7 @@ jobs:
    steps:
      - name: Checkout
        id: checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Run attest-provenance
        id: attest-provenance
        uses: ./
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -1,55 +0,0 @@
-name: Lint Codebase
-
-on:
-  pull_request:
-    branches:
-      - main
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: read
-  packages: read
-  statuses: write
-
-jobs:
-  lint:
-    name: Lint Codebase
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        id: checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          fetch-depth: 0
-
-      - name: Setup Node.js
-        id: setup-node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version-file: .node-version
-          cache: npm
-
-      - name: Install Dependencies
-        id: install
-        run: npm ci
-
-      - name: Lint Codebase
-        id: super-linter
-        uses: super-linter/super-linter/slim@v8.0.0
-        env:
-          DEFAULT_BRANCH: main
-          FILTER_REGEX_EXCLUDE: dist/**/*
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TYPESCRIPT_DEFAULT_STYLE: prettier
-          VALIDATE_ALL_CODEBASE: true
-          VALIDATE_JAVASCRIPT_STANDARD: false
-          VALIDATE_TYPESCRIPT_ES: false
-          VALIDATE_TYPESCRIPT_STANDARD: false
-          VALIDATE_JSCPD: false
-          VALIDATE_YAML_PRETTIER: false
-
-      - name: Run eslint
-        run: npm run lint:eslint
--- a/.github/workflows/prober.yml
+++ b/.github/workflows/prober.yml
@ -29,7 +29,7 @@ jobs:
          date > artifact

      - name: Attest build provenance
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
        env:
          INPUT_PRIVATE-SIGNING: ${{ inputs.sigstore == 'github' && 'true' || 'false' }}
        with:
--- a/.github/linters/.markdown-lint.yml
+++ b/.github/linters/.markdown-lint.yml
--- a/.node-version
+++ b/.node-version
@ -1 +1 @@
-20.6.0
+24.5.0
--- a/README.md
+++ b/README.md
@ -55,7 +55,7 @@ attest:
 1. Add the following to your workflow after your artifact has been built:

   ```yaml
-   - uses: actions/attest-build-provenance@v2
+   - uses: actions/attest-build-provenance@v3
     with:
       subject-path: '<PATH TO ARTIFACT>'
   ```
@ -68,7 +68,7 @@ attest:
 See [action.yml](action.yml)

 ```yaml
- uses: actions/attest-build-provenance@v2
+- uses: actions/attest-build-provenance@v3
  with:
    # Path to the artifact serving as the subject of the attestation. Must
    # specify exactly one of "subject-path", "subject-digest", or
@ -159,7 +159,7 @@ jobs:
      - name: Build artifact
        run: make my-app
      - name: Attest
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
        with:
          subject-path: '${{ github.workspace }}/my-app'
 ```
@ -170,7 +170,7 @@ If you are generating multiple artifacts, you can attest all of them at the same
 time by using a wildcard in the `subject-path` input.

 ```yaml
- uses: actions/attest-build-provenance@v2
+- uses: actions/attest-build-provenance@v3
  with:
    subject-path: 'dist/**/my-bin-*'
 ```
@ -182,13 +182,13 @@ Alternatively, you can explicitly list multiple subjects with either a comma or
 newline delimited list:

 ```yaml
- uses: actions/attest-build-provenance@v2
+- uses: actions/attest-build-provenance@v3
  with:
    subject-path: 'dist/foo, dist/bar'
 ```

 ```yaml
- uses: actions/attest-build-provenance@v2
+- uses: actions/attest-build-provenance@v3
  with:
    subject-path: |
      dist/foo
@ -209,7 +209,7 @@ attestation.
 - name: Calculate artifact digests
  run: |
    shasum -a 256 foo_0.0.1_* > subject.checksums.txt
- uses: actions/attest-build-provenance@v2
+- uses: actions/attest-build-provenance@v3
  with:
    subject-checksums: subject.checksums.txt
 ```
@ -282,7 +282,7 @@ jobs:
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
      - name: Attest
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
        id: attest
        with:
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@ -304,7 +304,7 @@ artifact directly into the `subject-digest` input of the attestation action.
    path: dist/*
    name: artifact.zip

- uses: actions/attest-build-provenance@v2
+- uses: actions/attest-build-provenance@v3
  with:
    subject-name: artifact.zip
    subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}
--- a/action.yml
+++ b/action.yml
@ -62,10 +62,12 @@ outputs:
 runs:
  using: 'composite'
  steps:
-    - uses: actions/attest-build-provenance/predicate@1176ef556905f349f669722abf30bce1a6e16e01 # predicate@1.1.5
+    - uses: actions/attest-build-provenance/predicate@864457a58d4733d7f1574bd8821fa24e02cf7538 # predicate@2.0.0
      id: generate-build-provenance-predicate
-    - uses: actions/attest@ce27ba3b4a9a139d9a20a4a07d69fabb52f1e5bc # v2.4.0
+    - uses: actions/attest@daf44fb950173508f38bd2406030372c1d1162b1 # v3.0.0
      id: attest
+      env:
+        NODE_OPTIONS: "--max-http-header-size=32768"
      with:
        subject-path: ${{ inputs.subject-path }}
        subject-digest: ${{ inputs.subject-digest }}
--- a/.github/linters/eslint.config.mjs
+++ b/.github/linters/eslint.config.mjs
@ -7,7 +7,7 @@ export default tseslint.config(
  // Ignore non-project files
  {
    name: 'ignore',
-    ignores: ['.github', 'dist', 'coverage', '**/*.json', 'jest.setup.js']
+    ignores: ['.github', 'dist', 'coverage', '**/*.json', 'jest.setup.js', 'eslint.config.mjs']
  },
  // Use recommended rules from ESLint, TypeScript, and other plugins
  eslint.configs.recommended,
@ -21,7 +21,7 @@ export default tseslint.config(
    languageOptions: {
      ecmaVersion: 2023,
      parserOptions: {
-        project: ['./.github/linters/tsconfig.json']
+        project: ['./tsconfig.lint.json']
      }
    },
    rules: {
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "actions/attest-build-provenance",
-  "version": "1.1.5",
+  "version": "2.0.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "actions/attest-build-provenance",
-      "version": "1.1.5",
+      "version": "2.0.0",
      "license": "MIT",
      "dependencies": {
        "@actions/attest": "^1.6.0",
@ -30,7 +30,7 @@
        "typescript-eslint": "^8.39.1"
      },
      "engines": {
-        "node": ">=20"
+        "node": ">=24"
      }
    },
    "node_modules/@actions/attest": {
--- a/package.json
+++ b/package.json
@ -1,7 +1,7 @@
 {
  "name": "actions/attest-build-provenance",
  "description": "Generate signed build provenance attestations",
-  "version": "1.1.5",
+  "version": "2.0.0",
  "author": "",
  "private": true,
  "homepage": "https://github.com/actions/attest-build-provenance",
@ -21,15 +21,15 @@
    ".": "./dist/index.js"
  },
  "engines": {
-    "node": ">=20"
+    "node": ">=24"
  },
  "scripts": {
    "bundle": "npm run format:write && npm run package",
    "ci-test": "jest",
    "format:write": "prettier --write **/*.ts",
    "format:check": "prettier --check **/*.ts",
-    "lint:eslint": "npx eslint . -c ./.github/linters/eslint.config.mjs",
-    "lint:markdown": "npx markdownlint --config .github/linters/.markdown-lint.yml \"*.md\"",
+    "lint:eslint": "npx eslint",
+    "lint:markdown": "npx markdownlint --config .markdown-lint.yml \"*.md\"",
    "lint": "npm run lint:eslint && npm run lint:markdown",
    "package": "ncc build src/index.ts --license licenses.txt",
    "package:watch": "npm run package -- --watch",
--- a/predicate/action.yml
+++ b/predicate/action.yml
@ -10,5 +10,5 @@ outputs:
    description: >
      URI identifying the type of the predicate.
 runs:
-  using: node20
+  using: node24
  main: ../dist/index.js
--- a/tsconfig.lint.json
+++ b/tsconfig.lint.json
@ -0,0 +1,9 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "noEmit": true
+  },
+  "include": ["./__tests__/**/*", "./src/**/*"],
+  "exclude": ["./dist", "./node_modules", "./coverage", "*.json"]
+}
 @ -1 +1 @@
 .6.0
 .5.0