mirror of
https://github.com/actions/attest-build-provenance.git
synced 2025-12-14 03:12:20 +00:00
47 lines
1.5 KiB
JavaScript
47 lines
1.5 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.signPayload = void 0;
|
|
const sign_1 = require("@sigstore/sign");
|
|
const OIDC_AUDIENCE = 'sigstore';
|
|
const DEFAULT_TIMEOUT = 10000;
|
|
const DEFAULT_RETRIES = 3;
|
|
// Signs the provided payload with Sigstore.
|
|
const signPayload = async (payload, options) => {
|
|
const artifact = {
|
|
data: payload.body,
|
|
type: payload.type
|
|
};
|
|
// Sign the artifact and build the bundle
|
|
return initBundleBuilder(options).create(artifact);
|
|
};
|
|
exports.signPayload = signPayload;
|
|
// Assembles the Sigstore bundle builder with the appropriate options
|
|
const initBundleBuilder = (opts) => {
|
|
const identityProvider = opts.identityProvider || new sign_1.CIContextProvider(OIDC_AUDIENCE);
|
|
const timeout = opts.timeout || DEFAULT_TIMEOUT;
|
|
const retry = opts.retry || DEFAULT_RETRIES;
|
|
const witnesses = [];
|
|
const signer = new sign_1.FulcioSigner({
|
|
identityProvider: identityProvider,
|
|
fulcioBaseURL: opts.fulcioURL,
|
|
timeout: timeout,
|
|
retry: retry
|
|
});
|
|
if (opts.rekorURL) {
|
|
witnesses.push(new sign_1.RekorWitness({
|
|
rekorBaseURL: opts.rekorURL,
|
|
entryType: 'dsse',
|
|
timeout: timeout,
|
|
retry: retry
|
|
}));
|
|
}
|
|
if (opts.tsaServerURL) {
|
|
witnesses.push(new sign_1.TSAWitness({
|
|
tsaBaseURL: opts.tsaServerURL,
|
|
timeout: timeout,
|
|
retry: retry
|
|
}));
|
|
}
|
|
return new sign_1.DSSEBundleBuilder({ signer, witnesses });
|
|
};
|