@actions/attest - npm Package Compare versions

Comparing version 1.4.2 to 1.5.0

lib/attest.d.ts

		import { SigstoreInstance } from './endpoints';
		import type { Attestation } from './shared.types';
		import type { Attestation, Subject } from './shared.types';
		/**
		@@ -7,4 +7,11 @@ * Options for attesting a subject / predicate.
		export type AttestOptions = {
		subjectName: string;
		subjectDigest: Record<string, string>;
		/**
		* @deprecated Use `subjects` instead.
		**/
		subjectName?: string;
		/**
		* @deprecated Use `subjects` instead.
		**/
		subjectDigest?: Record<string, string>;
		subjects?: Subject[];
		predicateType: string;
		@@ -11,0 +18,0 @@ predicate: object;

lib/attest.js

		@@ -29,6 +29,12 @@ "use strict";
		return __awaiter(this, void 0, void 0, function* () {
		const subject = {
		name: options.subjectName,
		digest: options.subjectDigest
		};
		let subjects;
		if (options.subjects) {
		subjects = options.subjects;
		}
		else if (options.subjectName && options.subjectDigest) {
		subjects = [{ name: options.subjectName, digest: options.subjectDigest }];
		}
		else {
		throw new Error('Must provide either subjectName and subjectDigest or subjects');
		}
		const predicate = {
		@@ -38,3 +44,3 @@ type: options.predicateType,
		};
		const statement = (0, intoto_1.buildIntotoStatement)(subject, predicate);
		const statement = (0, intoto_1.buildIntotoStatement)(subjects, predicate);
		// Sign the provenance statement
		@@ -41,0 +47,0 @@ const payload = {

lib/intoto.d.ts

		@@ -18,2 +18,2 @@ import { Predicate, Subject } from './shared.types';
		*/
		export declare const buildIntotoStatement: (subject: Subject, predicate: Predicate) => InTotoStatement;
		export declare const buildIntotoStatement: (subjects: Subject[], predicate: Predicate) => InTotoStatement;

lib/intoto.js

		@@ -11,6 +11,6 @@ "use strict";
		*/
		const buildIntotoStatement = (subject, predicate) => {
		const buildIntotoStatement = (subjects, predicate) => {
		return {
		_type: INTOTO_STATEMENT_V1_TYPE,
		subject: [subject],
		subject: subjects,
		predicateType: predicate.type,
		@@ -17,0 +17,0 @@ predicate: predicate.params

lib/provenance.js

		@@ -32,5 +32,7 @@ "use strict";
		// .github/workflows/main.yml, main
		const [workflowPath, workflowRef] = claims.workflow_ref
		const [workflowPath, ...workflowRefChunks] = claims.workflow_ref
		.replace(`${claims.repository}/`, '')
		.split('@');
		// Handle case where tag contains `@` (e.g: when using changesets in a monorepo context),
		const workflowRef = workflowRefChunks.join('@');
		return {
		@@ -37,0 +39,0 @@ type: SLSA_PREDICATE_V1_TYPE,

lib/sign.js

		@@ -48,3 +48,2 @@ "use strict";
		rekorBaseURL: opts.rekorURL,
		entryType: 'dsse',
		fetchOnConflict: true,
		@@ -64,4 +63,4 @@ timeout,
		// trigger the creation of v0.3 DSSE bundles
		return new sign_1.DSSEBundleBuilder({ signer, witnesses, singleCertificate: true });
		return new sign_1.DSSEBundleBuilder({ signer, witnesses });
		};
		//# sourceMappingURL=sign.js.map

package.json

		{
		"name": "@actions/attest",
		"version": "1.4.2",
		"version": "1.5.0",
		"description": "Actions attestation lib",
		@@ -38,4 +38,4 @@ "keywords": [
		"devDependencies": {
		"@sigstore/mock": "^0.7.4",
		"@sigstore/rekor-types": "^2.0.0",
		"@sigstore/mock": "^0.8.0",
		"@sigstore/rekor-types": "^3.0.0",
		"@types/jsonwebtoken": "^9.0.6",
		@@ -46,8 +46,8 @@ "nock": "^13.5.1",
		"dependencies": {
		"@actions/core": "^1.10.1",
		"@actions/core": "^1.11.1",
		"@actions/github": "^6.0.0",
		"@actions/http-client": "^2.2.3",
		"@octokit/plugin-retry": "^6.0.1",
		"@sigstore/bundle": "^2.3.2",
		"@sigstore/sign": "^2.3.2",
		"@sigstore/bundle": "^3.0.0",
		"@sigstore/sign": "^3.0.0",
		"jose": "^5.2.3"
		@@ -54,0 +54,0 @@ },

README.md

		@@ -35,4 +35,3 @@ # `@actions/attest`
		const attestation = await attest({
		subjectName: 'my-artifact-name',
		subjectDigest: { 'sha256': '36ab4667...'},
		subjects: [{name: 'my-artifact-name', digest: { 'sha256': '36ab4667...'}}],
		predicateType: 'https://in-toto.io/attestation/release',
		@@ -53,7 +52,8 @@ predicate: { . . . },
		export type AttestOptions = {
		// The name of the subject to be attested.
		subjectName: string
		// The digest of the subject to be attested. Should be a map of digest
		// algorithms to their hex-encoded values.
		subjectDigest: Record<string, string>
		// Deprecated. Use 'subjects' instead.
		subjectName?: string
		// Deprecated. Use 'subjects' instead.
		subjectDigest?: Record<string, string>
		// Collection of subjects to be attested
		subjects?: Subject[]
		// URI identifying the content type of the predicate being attested.
		@@ -73,2 +73,9 @@ predicateType: string
		}

		export type Subject = {
		// Name of the subject.
		name: string
		// Digests of the subject. Should be a map of digest algorithms to their hex-encoded values.
		digest: Record<string, string>
		}
		```
		@@ -111,8 +118,9 @@
		export type AttestProvenanceOptions = {
		// The name of the subject to be attested.
		subjectName: string
		// The digest of the subject to be attested. Should be a map of digest
		// algorithms to their hex-encoded values.
		subjectDigest: Record<string, string>
		// GitHub token for writing attestations.
		// Deprecated. Use 'subjects' instead.
		subjectName?: string
		// Deprecated. Use 'subjects' instead.
		subjectDigest?: Record<string, string>
		// Collection of subjects to be attested
		subjects?: Subject[]
		// URI identifying the content type of the predicate being attested.
		token: string
		@@ -119,0 +127,0 @@ // Sigstore instance to use for signing. Must be one of "public-good" or

lib/attest.js.map

Sorry, the diff of this file is not supported yet

lib/intoto.js.map

Sorry, the diff of this file is not supported yet

lib/provenance.js.map

Sorry, the diff of this file is not supported yet

lib/sign.js.map

Sorry, the diff of this file is not supported yet

@actions/attest - npm Package Compare versions

Improved metrics

Dependency changes