actions/docker-attest-build-provenance
1
0
Fork 0
mirror of https://github.com/actions/attest-build-provenance.git synced 2025-12-17 04:39:29 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Compare commits

base: actions:main
Branches Tags
actions:main
actions:dependabot/npm_and_yarn/actions/core-2.0.1
actions:bdehamer/oci-native-fetch
actions:experimental/header-auth
actions:bdehamer/demo
actions:bdehamer/e2e
actions:test
actions:v3
actions:v3.0.0
actions:predicate@2.0.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.3
actions:v2.2.2
actions:predicate@1.1.5
actions:v2.2.1
actions:v2.2.0
actions:v2
actions:v2.1.0
actions:v2.0.1
actions:v2.0.0
actions:v1
actions:v1.4.4
actions:predicate@1.1.4
actions:v1.4.3
actions:predicate@1.1.3
actions:v1.4.2
actions:v1.4.1
actions:predicate@1.1.2
actions:fa
actions:v1.4.0
actions:predicate@1.1.1
actions:v1.3.3
actions:v1.3.2
actions:v1.3.1
actions:v1.3.0
actions:predicate@1.1.0
actions:v1.2.0
actions:v1.1.2
actions:v1.1.1
actions:v1.1.0
actions:v1.0.0
actions:predicate@1.0.0
actions:v0.2.0
actions:predicate@0.2.0
actions:v0.1.1
actions:v0.1.0
actions:predicate@0.1.0
..
compare: actions:v3
Branches Tags
actions:dependabot/npm_and_yarn/actions/core-2.0.1
actions:main
actions:bdehamer/oci-native-fetch
actions:experimental/header-auth
actions:bdehamer/demo
actions:bdehamer/e2e
actions:test
actions:v3
actions:v3.0.0
actions:predicate@2.0.0
actions:v2.4.0
actions:v2.3.0
actions:v2.2.3
actions:v2.2.2
actions:predicate@1.1.5
actions:v2.2.1
actions:v2.2.0
actions:v2
actions:v2.1.0
actions:v2.0.1
actions:v2.0.0
actions:v1
actions:v1.4.4
actions:predicate@1.1.4
actions:v1.4.3
actions:predicate@1.1.3
actions:v1.4.2
actions:v1.4.1
actions:predicate@1.1.2
actions:fa
actions:v1.4.0
actions:predicate@1.1.1
actions:v1.3.3
actions:v1.3.2
actions:v1.3.1
actions:v1.3.0
actions:predicate@1.1.0
actions:v1.2.0
actions:v1.1.2
actions:v1.1.1
actions:v1.1.0
actions:v1.0.0
actions:predicate@1.0.0
actions:v0.2.0
actions:predicate@0.2.0
actions:v0.1.1
actions:v0.1.0
actions:predicate@0.1.0

No commits in common. "main" and "v3" have entirely different histories.
main ... v3

10 changed files with 880 additions and 758 deletions
Show Stats Expand all files Collapse all files

6
.github/workflows/check-dist.yml vendored
View File

@ -28,11 +28,11 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js - name: Setup Node.js
id: setup-node id: setup-node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@ -60,7 +60,7 @@ jobs:
- if: ${{ failure() && steps.diff.outcome == 'failure' }} - if: ${{ failure() && steps.diff.outcome == 'failure' }}
name: Upload Artifact name: Upload Artifact
id: upload id: upload
uses: actions/upload-artifact@v6.0.0 uses: actions/upload-artifact@v4
with: with:
name: dist name: dist
path: dist/ path: dist/

6
.github/workflows/ci.yml vendored
View File

@ -21,11 +21,11 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js - name: Setup Node.js
id: setup-node id: setup-node
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with: with:
node-version-file: .node-version node-version-file: .node-version
cache: npm cache: npm
@ -57,7 +57,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run attest-provenance - name: Run attest-provenance
id: attest-provenance id: attest-provenance
uses: ./ uses: ./

8
.github/workflows/codeql-analysis.yml vendored
View File

@ -32,19 +32,19 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL - name: Initialize CodeQL
id: initialize id: initialize
uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
source-root: src source-root: src
- name: Autobuild - name: Autobuild
id: autobuild id: autobuild
uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
id: analyze id: analyze
uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9

8
.github/workflows/prober.yml vendored
View File

@ -29,7 +29,7 @@ jobs:
date > artifact date > artifact
- name: Attest build provenance - name: Attest build provenance
uses: actions/attest-build-provenance@v3 uses: actions/attest-build-provenance@v2
env: env:
INPUT_PRIVATE-SIGNING: ${{ inputs.sigstore == 'github' && 'true' || 'false' }} INPUT_PRIVATE-SIGNING: ${{ inputs.sigstore == 'github' && 'true' || 'false' }}
with: with:
@ -42,13 +42,13 @@ jobs:
gh attestation verify ./artifact --owner "$GITHUB_REPOSITORY_OWNER" gh attestation verify ./artifact --owner "$GITHUB_REPOSITORY_OWNER"
- name: Upload build artifact - name: Upload build artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with: with:
path: "artifact" path: "artifact"
- name: Report attestation prober success - name: Report attestation prober success
if: ${{ success() }} if: ${{ success() }}
uses: masci/datadog@a3f481d2ed0f4e1edde2be2f564b94719d6d4bc2 # v1.9.3 uses: masci/datadog@f0cad7cba58a34e65535732564c9bf174ee89006 # v1.9.2
with: with:
api-key: "${{ secrets.DATADOG_API_KEY }}" api-key: "${{ secrets.DATADOG_API_KEY }}"
service-checks: | service-checks: |
@ -66,7 +66,7 @@ jobs:
- name: Report attestation prober failure - name: Report attestation prober failure
if: ${{ failure() }} if: ${{ failure() }}
uses: masci/datadog@a3f481d2ed0f4e1edde2be2f564b94719d6d4bc2 # v1.9.3 uses: masci/datadog@f0cad7cba58a34e65535732564c9bf174ee89006 # v1.9.2
with: with:
api-key: "${{ secrets.DATADOG_API_KEY }}" api-key: "${{ secrets.DATADOG_API_KEY }}"
service-checks: | service-checks: |

18
README.md
View File

@ -55,7 +55,7 @@ attest:
1. Add the following to your workflow after your artifact has been built: 1. Add the following to your workflow after your artifact has been built:
```yaml ```yaml
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
subject-path: '<PATH TO ARTIFACT>' subject-path: '<PATH TO ARTIFACT>'
``` ```
@ -68,7 +68,7 @@ attest:
See [action.yml](action.yml) See [action.yml](action.yml)
```yaml ```yaml
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
# Path to the artifact serving as the subject of the attestation. Must # Path to the artifact serving as the subject of the attestation. Must
# specify exactly one of "subject-path", "subject-digest", or # specify exactly one of "subject-path", "subject-digest", or
@ -159,7 +159,7 @@ jobs:
- name: Build artifact - name: Build artifact
run: make my-app run: make my-app
- name: Attest - name: Attest
uses: actions/attest-build-provenance@v3 uses: actions/attest-build-provenance@v2
with: with:
subject-path: '${{ github.workspace }}/my-app' subject-path: '${{ github.workspace }}/my-app'
``` ```
@ -170,7 +170,7 @@ If you are generating multiple artifacts, you can attest all of them at the same
time by using a wildcard in the `subject-path` input. time by using a wildcard in the `subject-path` input.
```yaml ```yaml
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
subject-path: 'dist/**/my-bin-*' subject-path: 'dist/**/my-bin-*'
``` ```
@ -182,13 +182,13 @@ Alternatively, you can explicitly list multiple subjects with either a comma or
newline delimited list: newline delimited list:
```yaml ```yaml
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
subject-path: 'dist/foo, dist/bar' subject-path: 'dist/foo, dist/bar'
``` ```
```yaml ```yaml
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
subject-path: | subject-path: |
dist/foo dist/foo
@ -209,7 +209,7 @@ attestation.
- name: Calculate artifact digests - name: Calculate artifact digests
run: | run: |
shasum -a 256 foo_0.0.1_* > subject.checksums.txt shasum -a 256 foo_0.0.1_* > subject.checksums.txt
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
subject-checksums: subject.checksums.txt subject-checksums: subject.checksums.txt
``` ```
@ -282,7 +282,7 @@ jobs:
push: true push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Attest - name: Attest
uses: actions/attest-build-provenance@v3 uses: actions/attest-build-provenance@v2
id: attest id: attest
with: with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@ -304,7 +304,7 @@ artifact directly into the `subject-digest` input of the attestation action.
path: dist/* path: dist/*
name: artifact.zip name: artifact.zip
- uses: actions/attest-build-provenance@v3 - uses: actions/attest-build-provenance@v2
with: with:
subject-name: artifact.zip subject-name: artifact.zip
subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }} subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}

2
__tests__/__snapshots__/main.test.ts.snap
View File

@ -1,4 +1,4 @@
// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing // Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`main when a non-default OIDC issuer is used successfully run main 1`] = ` exports[`main when a non-default OIDC issuer is used successfully run main 1`] = `
{ {

BIN
dist/606.index.js generated vendored
View File

Binary file not shown.

BIN
dist/index.js generated vendored
View File

Binary file not shown.

1564
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

26
package.json
View File

@ -70,24 +70,24 @@
] ]
}, },
"dependencies": { "dependencies": {
"@actions/attest": "^2.1.0", "@actions/attest": "^1.6.0",
"@actions/core": "^1.11.1" "@actions/core": "^1.11.1"
}, },
"devDependencies": { "devDependencies": {
"@eslint/js": "^9.39.2", "@eslint/js": "^9.33.0",
"@types/jest": "^30.0.0", "@types/jest": "^30.0.0",
"@types/node": "^25.0.2", "@types/node": "^24.2.1",
"@vercel/ncc": "^0.38.4", "@vercel/ncc": "^0.38.3",
"eslint": "^9.39.2", "eslint": "^9.33.0",
"eslint-plugin-import": "^2.32.0", "eslint-plugin-import": "^2.32.0",
"eslint-plugin-jest": "^29.5.0", "eslint-plugin-jest": "^29.0.1",
"jest": "^30.2.0", "jest": "^30.0.5",
"jose": "^5.9.6", "jose": "^5.9.6",
"markdownlint-cli": "^0.47.0", "markdownlint-cli": "^0.45.0",
"nock": "^14.0.10", "nock": "^14.0.9",
"prettier": "^3.7.4", "prettier": "^3.6.2",
"ts-jest": "^29.4.6", "ts-jest": "^29.4.1",
"typescript": "^5.9.3", "typescript": "^5.9.2",
"typescript-eslint": "^8.49.0" "typescript-eslint": "^8.39.0"
} }
} }