actions/docker-attest-build-provenance
1
0
Fork 0
mirror of https://github.com/actions/attest-build-provenance.git synced 2025-12-17 04:39:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: actions:main
Branches Tags
actions:main
actions:dependabot/npm_and_yarn/actions/core-2.0.1
actions:bdehamer/oci-native-fetch
actions:experimental/header-auth
actions:bdehamer/demo
actions:bdehamer/e2e
actions:test
actions:v3
actions:v3.0.0
actions:predicate@2.0.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.3
actions:v2.2.2
actions:predicate@1.1.5
actions:v2.2.1
actions:v2.2.0
actions:v2
actions:v2.1.0
actions:v2.0.1
actions:v2.0.0
actions:v1
actions:v1.4.4
actions:predicate@1.1.4
actions:v1.4.3
actions:predicate@1.1.3
actions:v1.4.2
actions:v1.4.1
actions:predicate@1.1.2
actions:fa
actions:v1.4.0
actions:predicate@1.1.1
actions:v1.3.3
actions:v1.3.2
actions:v1.3.1
actions:v1.3.0
actions:predicate@1.1.0
actions:v1.2.0
actions:v1.1.2
actions:v1.1.1
actions:v1.1.0
actions:v1.0.0
actions:predicate@1.0.0
actions:v0.2.0
actions:predicate@0.2.0
actions:v0.1.1
actions:v0.1.0
actions:predicate@0.1.0
..
compare: actions:predicate@2.0.0
Branches Tags
actions:dependabot/npm_and_yarn/actions/core-2.0.1
actions:main
actions:bdehamer/oci-native-fetch
actions:experimental/header-auth
actions:bdehamer/demo
actions:bdehamer/e2e
actions:test
actions:v3
actions:v3.0.0
actions:predicate@2.0.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.3
actions:v2.2.2
actions:predicate@1.1.5
actions:v2.2.1
actions:v2.2.0
actions:v2
actions:v2.1.0
actions:v2.0.1
actions:v2.0.0
actions:v1
actions:v1.4.4
actions:predicate@1.1.4
actions:v1.4.3
actions:predicate@1.1.3
actions:v1.4.2
actions:v1.4.1
actions:predicate@1.1.2
actions:fa
actions:v1.4.0
actions:predicate@1.1.1
actions:v1.3.3
actions:v1.3.2
actions:v1.3.1
actions:v1.3.0
actions:predicate@1.1.0
actions:v1.2.0
actions:v1.1.2
actions:v1.1.1
actions:v1.1.0
actions:v1.0.0
actions:predicate@1.0.0
actions:v0.2.0
actions:predicate@0.2.0
actions:v0.1.1
actions:v0.1.0
actions:predicate@0.1.0

No commits in common. "main" and "predicate@2.0.0" have entirely different histories.
main ... predicate@

11 changed files with 881 additions and 759 deletions
Show Stats Expand all files Collapse all files

6
.github/workflows/check-dist.yml vendored
View File

@ -28,11 +28,11 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js
id: setup-node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version-file: .node-version
cache: npm
@ -60,7 +60,7 @@ jobs:
- if: ${{ failure() && steps.diff.outcome == 'failure' }}
name: Upload Artifact
id: upload
uses: actions/upload-artifact@v6.0.0
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/

6
.github/workflows/ci.yml vendored
View File

@ -21,11 +21,11 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js
id: setup-node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version-file: .node-version
cache: npm
@ -57,7 +57,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run attest-provenance
id: attest-provenance
uses: ./

8
.github/workflows/codeql-analysis.yml vendored
View File

@ -32,19 +32,19 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL
id: initialize
uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
with:
languages: ${{ matrix.language }}
source-root: src
- name: Autobuild
id: autobuild
uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
- name: Perform CodeQL Analysis
id: analyze
uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9

8
.github/workflows/prober.yml vendored
View File

@ -29,7 +29,7 @@ jobs:
date > artifact
- name: Attest build provenance
uses: actions/attest-build-provenance@v3
uses: actions/attest-build-provenance@v2
env:
INPUT_PRIVATE-SIGNING: ${{ inputs.sigstore == 'github' && 'true' || 'false' }}
with:
@ -42,13 +42,13 @@ jobs:
gh attestation verify ./artifact --owner "$GITHUB_REPOSITORY_OWNER"
- name: Upload build artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
path: "artifact"
- name: Report attestation prober success
if: ${{ success() }}
uses: masci/datadog@a3f481d2ed0f4e1edde2be2f564b94719d6d4bc2 # v1.9.3
uses: masci/datadog@f0cad7cba58a34e65535732564c9bf174ee89006 # v1.9.2
with:
api-key: "${{ secrets.DATADOG_API_KEY }}"
service-checks: |
@ -66,7 +66,7 @@ jobs:
- name: Report attestation prober failure
if: ${{ failure() }}
uses: masci/datadog@a3f481d2ed0f4e1edde2be2f564b94719d6d4bc2 # v1.9.3
uses: masci/datadog@f0cad7cba58a34e65535732564c9bf174ee89006 # v1.9.2
with:
api-key: "${{ secrets.DATADOG_API_KEY }}"
service-checks: |

18
README.md
View File

@ -55,7 +55,7 @@ attest:
1. Add the following to your workflow after your artifact has been built:
```yaml
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
subject-path: '<PATH TO ARTIFACT>'
```
@ -68,7 +68,7 @@ attest:
See [action.yml](action.yml)
```yaml
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
# Path to the artifact serving as the subject of the attestation. Must
# specify exactly one of "subject-path", "subject-digest", or
@ -159,7 +159,7 @@ jobs:
- name: Build artifact
run: make my-app
- name: Attest
uses: actions/attest-build-provenance@v3
uses: actions/attest-build-provenance@v2
with:
subject-path: '${{ github.workspace }}/my-app'
```
@ -170,7 +170,7 @@ If you are generating multiple artifacts, you can attest all of them at the same
time by using a wildcard in the `subject-path` input.
```yaml
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
subject-path: 'dist/**/my-bin-*'
```
@ -182,13 +182,13 @@ Alternatively, you can explicitly list multiple subjects with either a comma or
newline delimited list:
```yaml
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
subject-path: 'dist/foo, dist/bar'
```
```yaml
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
subject-path: |
dist/foo
@ -209,7 +209,7 @@ attestation.
- name: Calculate artifact digests
run: |
shasum -a 256 foo_0.0.1_* > subject.checksums.txt
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
subject-checksums: subject.checksums.txt
```
@ -282,7 +282,7 @@ jobs:
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Attest
uses: actions/attest-build-provenance@v3
uses: actions/attest-build-provenance@v2
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@ -304,7 +304,7 @@ artifact directly into the `subject-digest` input of the attestation action.
path: dist/*
name: artifact.zip
- uses: actions/attest-build-provenance@v3
- uses: actions/attest-build-provenance@v2
with:
subject-name: artifact.zip
subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}

2
__tests__/__snapshots__/main.test.ts.snap
View File

@ -1,4 +1,4 @@
// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing
// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`main when a non-default OIDC issuer is used successfully run main 1`] = `
{

2
action.yml
View File

@ -62,7 +62,7 @@ outputs:
runs:
using: 'composite'
steps:
- uses: actions/attest-build-provenance/predicate@864457a58d4733d7f1574bd8821fa24e02cf7538 # predicate@2.0.0
- uses: actions/attest-build-provenance/predicate@1176ef556905f349f669722abf30bce1a6e16e01 # predicate@1.1.5
id: generate-build-provenance-predicate
- uses: actions/attest@daf44fb950173508f38bd2406030372c1d1162b1 # v3.0.0
id: attest

BIN
dist/606.index.js generated vendored
View File

Binary file not shown.

BIN
dist/index.js generated vendored
View File

Binary file not shown.

1564
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

26
package.json
View File

@ -70,24 +70,24 @@
]
},
"dependencies": {
"@actions/attest": "^2.1.0",
"@actions/attest": "^1.6.0",
"@actions/core": "^1.11.1"
},
"devDependencies": {
"@eslint/js": "^9.39.2",
"@eslint/js": "^9.33.0",
"@types/jest": "^30.0.0",
"@types/node": "^25.0.2",
"@vercel/ncc": "^0.38.4",
"eslint": "^9.39.2",
"@types/node": "^24.2.1",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.33.0",
"eslint-plugin-import": "^2.32.0",
"eslint-plugin-jest": "^29.5.0",
"jest": "^30.2.0",
"eslint-plugin-jest": "^29.0.1",
"jest": "^30.0.5",
"jose": "^5.9.6",
"markdownlint-cli": "^0.47.0",
"nock": "^14.0.10",
"prettier": "^3.7.4",
"ts-jest": "^29.4.6",
"typescript": "^5.9.3",
"typescript-eslint": "^8.49.0"
"markdownlint-cli": "^0.45.0",
"nock": "^14.0.9",
"prettier": "^3.6.2",
"ts-jest": "^29.4.1",
"typescript": "^5.9.2",
"typescript-eslint": "^8.39.0"
}
}