@actions/attest
Advanced tools
@@ -1,35 +0,1 @@ | ||
| "use strict"; | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| var desc = Object.getOwnPropertyDescriptor(m, k); | ||
| if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { | ||
| desc = { enumerable: true, get: function() { return m[k]; } }; | ||
| } | ||
| Object.defineProperty(o, k2, desc); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { | ||
| Object.defineProperty(o, "default", { enumerable: true, value: v }); | ||
| }) : function(o, v) { | ||
| o["default"] = v; | ||
| }); | ||
| var __importStar = (this && this.__importStar) || (function () { | ||
| var ownKeys = function(o) { | ||
| ownKeys = Object.getOwnPropertyNames || function (o) { | ||
| var ar = []; | ||
| for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; | ||
| return ar; | ||
| }; | ||
| return ownKeys(o); | ||
| }; | ||
| return function (mod) { | ||
| if (mod && mod.__esModule) return mod; | ||
| var result = {}; | ||
| if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); | ||
| __setModuleDefault(result, mod); | ||
| return result; | ||
| }; | ||
| })(); | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
@@ -55,6 +21,4 @@ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.createStorageRecord = createStorageRecord; | ||
| const github = __importStar(require("@actions/github")); | ||
| const plugin_retry_1 = require("@octokit/plugin-retry"); | ||
| import * as github from '@actions/github'; | ||
| import { retry } from '@octokit/plugin-retry'; | ||
| const CREATE_STORAGE_RECORD_REQUEST = 'POST /orgs/{owner}/artifacts/metadata/storage-record'; | ||
@@ -73,6 +37,6 @@ const DEFAULT_RETRY_COUNT = 5; | ||
| */ | ||
| function createStorageRecord(artifactOptions, packageRegistryOptions, token, retryAttempts, headers) { | ||
| export function createStorageRecord(artifactOptions, packageRegistryOptions, token, retryAttempts, headers) { | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
| const retries = retryAttempts !== null && retryAttempts !== void 0 ? retryAttempts : DEFAULT_RETRY_COUNT; | ||
| const octokit = github.getOctokit(token, { retry: { retries } }, plugin_retry_1.retry); | ||
| const octokit = github.getOctokit(token, { retry: { retries } }, retry); | ||
| try { | ||
@@ -79,0 +43,0 @@ const response = yield octokit.request(CREATE_STORAGE_RECORD_REQUEST, Object.assign({ owner: github.context.repo.owner, headers }, buildRequestParams(artifactOptions, packageRegistryOptions))); |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"artifactMetadata.js","sourceRoot":"","sources":["../src/artifactMetadata.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,kDA0BC;AAvED,wDAAyC;AACzC,wDAA2C;AAG3C,MAAM,6BAA6B,GACjC,sDAAsD,CAAA;AACxD,MAAM,mBAAmB,GAAG,CAAC,CAAA;AA4B7B;;;;;;;;;;GAUG;AACH,SAAsB,mBAAmB,CACvC,eAAgC,EAChC,sBAA8C,EAC9C,KAAa,EACb,aAAsB,EACtB,OAAwB;;QAExB,MAAM,OAAO,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,mBAAmB,CAAA;QACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,EAAC,OAAO,EAAC,EAAC,EAAE,oBAAK,CAAC,CAAA;QACnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,6BAA6B,kBAClE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAChC,OAAO,IACJ,kBAAkB,CAAC,eAAe,EAAE,sBAAsB,CAAC,EAC9D,CAAA;YAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;gBAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;YAEnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;QAC7D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;YACxD,MAAM,IAAI,KAAK,CAAC,qCAAqC,OAAO,EAAE,CAAC,CAAA;QACjE,CAAC;IACH,CAAC;CAAA;AAED,SAAS,kBAAkB,CACzB,eAAgC,EAChC,sBAA8C;IAE9C,MAAM,EAAC,WAAW,EAAE,WAAW,KAAa,sBAAsB,EAA9B,IAAI,UAAI,sBAAsB,EAA5D,8BAAmC,CAAyB,CAAA;IAClE,qDACK,eAAe,KAClB,YAAY,EAAE,WAAW,EACzB,YAAY,EAAE,WAAW,KACtB,IAAI,EACR;AACH,CAAC"} | ||
| {"version":3,"file":"artifactMetadata.js","sourceRoot":"","sources":["../src/artifactMetadata.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAC,KAAK,EAAC,MAAM,uBAAuB,CAAA;AAG3C,MAAM,6BAA6B,GACjC,sDAAsD,CAAA;AACxD,MAAM,mBAAmB,GAAG,CAAC,CAAA;AA4B7B;;;;;;;;;;GAUG;AACH,MAAM,UAAgB,mBAAmB,CACvC,eAAgC,EAChC,sBAA8C,EAC9C,KAAa,EACb,aAAsB,EACtB,OAAwB;;QAExB,MAAM,OAAO,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,mBAAmB,CAAA;QACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,EAAC,OAAO,EAAC,EAAC,EAAE,KAAK,CAAC,CAAA;QACnE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,6BAA6B,kBAClE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAChC,OAAO,IACJ,kBAAkB,CAAC,eAAe,EAAE,sBAAsB,CAAC,EAC9D,CAAA;YAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;gBAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;YAEnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;QAC7D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;YACxD,MAAM,IAAI,KAAK,CAAC,qCAAqC,OAAO,EAAE,CAAC,CAAA;QACjE,CAAC;IACH,CAAC;CAAA;AAED,SAAS,kBAAkB,CACzB,eAAgC,EAChC,sBAA8C;IAE9C,MAAM,EAAC,WAAW,EAAE,WAAW,KAAa,sBAAsB,EAA9B,IAAI,UAAI,sBAAsB,EAA5D,8BAAmC,CAAyB,CAAA;IAClE,qDACK,eAAe,KAClB,YAAY,EAAE,WAAW,EACzB,YAAY,EAAE,WAAW,KACtB,IAAI,EACR;AACH,CAAC"} |
+2
-2
@@ -1,3 +0,3 @@ | ||
| import { SigstoreInstance } from './endpoints'; | ||
| import type { Attestation, Subject } from './shared.types'; | ||
| import { SigstoreInstance } from './endpoints.js'; | ||
| import type { Attestation, Subject } from './shared.types.js'; | ||
| /** | ||
@@ -4,0 +4,0 @@ * Options for attesting a subject / predicate. |
+13
-16
@@ -1,2 +0,1 @@ | ||
| "use strict"; | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
@@ -11,10 +10,8 @@ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.attest = attest; | ||
| const bundle_1 = require("@sigstore/bundle"); | ||
| const crypto_1 = require("crypto"); | ||
| const endpoints_1 = require("./endpoints"); | ||
| const intoto_1 = require("./intoto"); | ||
| const sign_1 = require("./sign"); | ||
| const store_1 = require("./store"); | ||
| import { bundleToJSON } from '@sigstore/bundle'; | ||
| import { X509Certificate } from 'crypto'; | ||
| import { signingEndpoints } from './endpoints.js'; | ||
| import { buildIntotoStatement } from './intoto.js'; | ||
| import { signPayload } from './sign.js'; | ||
| import { writeAttestation } from './store.js'; | ||
| const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'; | ||
@@ -28,3 +25,3 @@ /** | ||
| */ | ||
| function attest(options) { | ||
| export function attest(options) { | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
@@ -45,3 +42,3 @@ let subjects; | ||
| }; | ||
| const statement = (0, intoto_1.buildIntotoStatement)(subjects, predicate); | ||
| const statement = buildIntotoStatement(subjects, predicate); | ||
| // Sign the provenance statement | ||
@@ -52,8 +49,8 @@ const payload = { | ||
| }; | ||
| const endpoints = (0, endpoints_1.signingEndpoints)(options.sigstore); | ||
| const bundle = yield (0, sign_1.signPayload)(payload, endpoints); | ||
| const endpoints = signingEndpoints(options.sigstore); | ||
| const bundle = yield signPayload(payload, endpoints); | ||
| // Store the attestation | ||
| let attestationID; | ||
| if (options.skipWrite !== true) { | ||
| attestationID = yield (0, store_1.writeAttestation)((0, bundle_1.bundleToJSON)(bundle), options.token, { headers: options.headers }); | ||
| attestationID = yield writeAttestation(bundleToJSON(bundle), options.token, { headers: options.headers }); | ||
| } | ||
@@ -77,3 +74,3 @@ return toAttestation(bundle, attestationID); | ||
| } | ||
| const signingCert = new crypto_1.X509Certificate(certBytes); | ||
| const signingCert = new X509Certificate(certBytes); | ||
| // Collect transparency log ID if available | ||
@@ -83,3 +80,3 @@ const tlogEntries = bundle.verificationMaterial.tlogEntries; | ||
| return { | ||
| bundle: (0, bundle_1.bundleToJSON)(bundle), | ||
| bundle: bundleToJSON(bundle), | ||
| certificate: signingCert.toString(), | ||
@@ -86,0 +83,0 @@ tlogID, |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;;;AAgDA,wBAuCC;AAvFD,6CAA6C;AAC7C,mCAAsC;AACtC,2CAA8D;AAC9D,qCAA6C;AAC7C,iCAA2C;AAC3C,mCAAwC;AAKxC,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;AA+B1D;;;;;;GAMG;AACH,SAAsB,MAAM,CAAC,OAAsB;;QACjD,IAAI,QAAmB,CAAA;QAEvB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;QAC7B,CAAC;aAAM,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACxD,QAAQ,GAAG,CAAC,EAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,aAAa,EAAC,CAAC,CAAA;QACzE,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAA;QACH,CAAC;QAED,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,OAAO,CAAC,aAAa;YAC3B,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAA;QAED,MAAM,SAAS,GAAG,IAAA,6BAAoB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAE3D,gCAAgC;QAChC,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,EAAE,mBAAmB;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,IAAA,4BAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAW,EAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAEpD,wBAAwB;QACxB,IAAI,aAAiC,CAAA;QACrC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC/B,aAAa,GAAG,MAAM,IAAA,wBAAgB,EACpC,IAAA,qBAAY,EAAC,MAAM,CAAC,EACpB,OAAO,CAAC,KAAK,EACb,EAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAC,CAC3B,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC7C,CAAC;CAAA;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,aAAsB;IAC3D,IAAI,SAAiB,CAAA;IACrB,QAAQ,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAClD,KAAK,sBAAsB;YACzB,SAAS;gBACP,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC;qBACrE,QAAQ,CAAA;YACb,MAAK;QACP,KAAK,aAAa;YAChB,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAA;YACpE,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,wBAAe,CAAC,SAAS,CAAC,CAAA;IAElD,2CAA2C;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAA;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,OAAO;QACL,MAAM,EAAE,IAAA,qBAAY,EAAC,MAAM,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE;QACnC,MAAM;QACN,aAAa;KACd,CAAA;AACH,CAAC"} | ||
| {"version":3,"file":"attest.js","sourceRoot":"","sources":["../src/attest.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAC,eAAe,EAAC,MAAM,QAAQ,CAAA;AACtC,OAAO,EAAmB,gBAAgB,EAAC,MAAM,gBAAgB,CAAA;AACjE,OAAO,EAAC,oBAAoB,EAAC,MAAM,aAAa,CAAA;AAChD,OAAO,EAAU,WAAW,EAAC,MAAM,WAAW,CAAA;AAC9C,OAAO,EAAC,gBAAgB,EAAC,MAAM,YAAY,CAAA;AAK3C,MAAM,mBAAmB,GAAG,8BAA8B,CAAA;AA+B1D;;;;;;GAMG;AACH,MAAM,UAAgB,MAAM,CAAC,OAAsB;;QACjD,IAAI,QAAmB,CAAA;QAEvB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;QAC7B,CAAC;aAAM,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACxD,QAAQ,GAAG,CAAC,EAAC,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,aAAa,EAAC,CAAC,CAAA;QACzE,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAA;QACH,CAAC;QAED,MAAM,SAAS,GAAc;YAC3B,IAAI,EAAE,OAAO,CAAC,aAAa;YAC3B,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAA;QAED,MAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAE3D,gCAAgC;QAChC,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,IAAI,EAAE,mBAAmB;SAC1B,CAAA;QACD,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACpD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;QAEpD,wBAAwB;QACxB,IAAI,aAAiC,CAAA;QACrC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC/B,aAAa,GAAG,MAAM,gBAAgB,CACpC,YAAY,CAAC,MAAM,CAAC,EACpB,OAAO,CAAC,KAAK,EACb,EAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAC,CAC3B,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC7C,CAAC;CAAA;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,aAAsB;IAC3D,IAAI,SAAiB,CAAA;IACrB,QAAQ,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QAClD,KAAK,sBAAsB;YACzB,SAAS;gBACP,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,CAAC;qBACrE,QAAQ,CAAA;YACb,MAAK;QACP,KAAK,aAAa;YAChB,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAA;YACpE,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,SAAS,CAAC,CAAA;IAElD,2CAA2C;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,oBAAoB,CAAC,WAAW,CAAA;IAC3D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;IAE3E,OAAO;QACL,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC;QAC5B,WAAW,EAAE,WAAW,CAAC,QAAQ,EAAE;QACnC,MAAM;QACN,aAAa;KACd,CAAA;AACH,CAAC"} |
+4
-41
@@ -1,38 +0,2 @@ | ||
| "use strict"; | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| var desc = Object.getOwnPropertyDescriptor(m, k); | ||
| if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { | ||
| desc = { enumerable: true, get: function() { return m[k]; } }; | ||
| } | ||
| Object.defineProperty(o, k2, desc); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { | ||
| Object.defineProperty(o, "default", { enumerable: true, value: v }); | ||
| }) : function(o, v) { | ||
| o["default"] = v; | ||
| }); | ||
| var __importStar = (this && this.__importStar) || (function () { | ||
| var ownKeys = function(o) { | ||
| ownKeys = Object.getOwnPropertyNames || function (o) { | ||
| var ar = []; | ||
| for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; | ||
| return ar; | ||
| }; | ||
| return ownKeys(o); | ||
| }; | ||
| return function (mod) { | ||
| if (mod && mod.__esModule) return mod; | ||
| var result = {}; | ||
| if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); | ||
| __setModuleDefault(result, mod); | ||
| return result; | ||
| }; | ||
| })(); | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.signingEndpoints = exports.SIGSTORE_PUBLIC_GOOD = void 0; | ||
| const github = __importStar(require("@actions/github")); | ||
| import * as github from '@actions/github'; | ||
| const PUBLIC_GOOD_ID = 'public-good'; | ||
@@ -42,7 +6,7 @@ const GITHUB_ID = 'github'; | ||
| const REKOR_PUBLIC_GOOD_URL = 'https://rekor.sigstore.dev'; | ||
| exports.SIGSTORE_PUBLIC_GOOD = { | ||
| export const SIGSTORE_PUBLIC_GOOD = { | ||
| fulcioURL: FULCIO_PUBLIC_GOOD_URL, | ||
| rekorURL: REKOR_PUBLIC_GOOD_URL | ||
| }; | ||
| const signingEndpoints = (sigstore) => { | ||
| export const signingEndpoints = (sigstore) => { | ||
| var _a; | ||
@@ -63,3 +27,3 @@ let instance; | ||
| case PUBLIC_GOOD_ID: | ||
| return exports.SIGSTORE_PUBLIC_GOOD; | ||
| return SIGSTORE_PUBLIC_GOOD; | ||
| case GITHUB_ID: | ||
@@ -69,3 +33,2 @@ return buildGitHubEndpoints(); | ||
| }; | ||
| exports.signingEndpoints = signingEndpoints; | ||
| function buildGitHubEndpoints() { | ||
@@ -72,0 +35,0 @@ const serverURL = process.env.GITHUB_SERVER_URL || 'https://github.com'; |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"endpoints.js","sourceRoot":"","sources":["../src/endpoints.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AAEzC,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,SAAS,GAAG,QAAQ,CAAA;AAE1B,MAAM,sBAAsB,GAAG,6BAA6B,CAAA;AAC5D,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAU7C,QAAA,oBAAoB,GAAc;IAC7C,SAAS,EAAE,sBAAsB;IACjC,QAAQ,EAAE,qBAAqB;CAChC,CAAA;AAEM,MAAM,gBAAgB,GAAG,CAAC,QAA2B,EAAa,EAAE;;IACzE,IAAI,QAA0B,CAAA;IAE9B,4EAA4E;IAC5E,0DAA0D;IAC1D,IAAI,QAAQ,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/D,QAAQ,GAAG,QAAQ,CAAA;IACrB,CAAC;SAAM,CAAC;QACN,QAAQ;YACN,CAAA,MAAA,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,0CAAE,UAAU,MAAK,QAAQ;gBACxD,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,CAAA;IACjB,CAAC;IAED,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,cAAc;YACjB,OAAO,4BAAoB,CAAA;QAC7B,KAAK,SAAS;YACZ,OAAO,oBAAoB,EAAE,CAAA;IACjC,CAAC;AACH,CAAC,CAAA;AApBY,QAAA,gBAAgB,oBAoB5B;AAED,SAAS,oBAAoB;IAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IACvE,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,IAAI,GAAG,eAAe,CAAA;IACxB,CAAC;IACD,OAAO;QACL,SAAS,EAAE,kBAAkB,IAAI,EAAE;QACnC,YAAY,EAAE,qBAAqB,IAAI,EAAE;KAC1C,CAAA;AACH,CAAC"} | ||
| {"version":3,"file":"endpoints.js","sourceRoot":"","sources":["../src/endpoints.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AAEzC,MAAM,cAAc,GAAG,aAAa,CAAA;AACpC,MAAM,SAAS,GAAG,QAAQ,CAAA;AAE1B,MAAM,sBAAsB,GAAG,6BAA6B,CAAA;AAC5D,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAU1D,MAAM,CAAC,MAAM,oBAAoB,GAAc;IAC7C,SAAS,EAAE,sBAAsB;IACjC,QAAQ,EAAE,qBAAqB;CAChC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,QAA2B,EAAa,EAAE;;IACzE,IAAI,QAA0B,CAAA;IAE9B,4EAA4E;IAC5E,0DAA0D;IAC1D,IAAI,QAAQ,IAAI,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/D,QAAQ,GAAG,QAAQ,CAAA;IACrB,CAAC;SAAM,CAAC;QACN,QAAQ;YACN,CAAA,MAAA,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,0CAAE,UAAU,MAAK,QAAQ;gBACxD,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,CAAA;IACjB,CAAC;IAED,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,cAAc;YACjB,OAAO,oBAAoB,CAAA;QAC7B,KAAK,SAAS;YACZ,OAAO,oBAAoB,EAAE,CAAA;IACjC,CAAC;AACH,CAAC,CAAA;AAED,SAAS,oBAAoB;IAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IACvE,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,IAAI,GAAG,eAAe,CAAA;IACxB,CAAC;IACD,OAAO;QACL,SAAS,EAAE,kBAAkB,IAAI,EAAE;QACnC,YAAY,EAAE,qBAAqB,IAAI,EAAE;KAC1C,CAAA;AACH,CAAC"} |
+5
-4
@@ -1,5 +0,6 @@ | ||
| export { createStorageRecord } from './artifactMetadata'; | ||
| export { AttestOptions, attest } from './attest'; | ||
| export { AttestProvenanceOptions, attestProvenance, buildSLSAProvenancePredicate } from './provenance'; | ||
| export { createStorageRecord, ArtifactOptions, PackageRegistryOptions } from './artifactMetadata.js'; | ||
| export { AttestOptions, attest } from './attest.js'; | ||
| export { AttestProvenanceOptions, attestProvenance, buildSLSAProvenancePredicate } from './provenance.js'; | ||
| export type { SerializedBundle } from '@sigstore/bundle'; | ||
| export type { Attestation, Predicate, Subject } from './shared.types'; | ||
| export type { Attestation, Predicate, Subject } from './shared.types.js'; | ||
| export type { SigstoreInstance } from './endpoints.js'; |
+3
-10
@@ -1,11 +0,4 @@ | ||
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.buildSLSAProvenancePredicate = exports.attestProvenance = exports.attest = exports.createStorageRecord = void 0; | ||
| var artifactMetadata_1 = require("./artifactMetadata"); | ||
| Object.defineProperty(exports, "createStorageRecord", { enumerable: true, get: function () { return artifactMetadata_1.createStorageRecord; } }); | ||
| var attest_1 = require("./attest"); | ||
| Object.defineProperty(exports, "attest", { enumerable: true, get: function () { return attest_1.attest; } }); | ||
| var provenance_1 = require("./provenance"); | ||
| Object.defineProperty(exports, "attestProvenance", { enumerable: true, get: function () { return provenance_1.attestProvenance; } }); | ||
| Object.defineProperty(exports, "buildSLSAProvenancePredicate", { enumerable: true, get: function () { return provenance_1.buildSLSAProvenancePredicate; } }); | ||
| export { createStorageRecord } from './artifactMetadata.js'; | ||
| export { attest } from './attest.js'; | ||
| export { attestProvenance, buildSLSAProvenancePredicate } from './provenance.js'; | ||
| //# sourceMappingURL=index.js.map |
+1
-1
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,uDAAsD;AAA9C,uHAAA,mBAAmB,OAAA;AAC3B,mCAA8C;AAAvB,gGAAA,MAAM,OAAA;AAC7B,2CAIqB;AAFnB,8GAAA,gBAAgB,OAAA;AAChB,0HAAA,4BAA4B,OAAA"} | ||
| {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EAGpB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAgB,MAAM,EAAC,MAAM,aAAa,CAAA;AACjD,OAAO,EAEL,gBAAgB,EAChB,4BAA4B,EAC7B,MAAM,iBAAiB,CAAA"} |
+1
-1
@@ -1,2 +0,2 @@ | ||
| import { Predicate, Subject } from './shared.types'; | ||
| import { Predicate, Subject } from './shared.types.js'; | ||
| /** | ||
@@ -3,0 +3,0 @@ * An in-toto statement. |
+1
-5
@@ -1,4 +0,1 @@ | ||
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.buildIntotoStatement = void 0; | ||
| const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1'; | ||
@@ -11,3 +8,3 @@ /** | ||
| */ | ||
| const buildIntotoStatement = (subjects, predicate) => { | ||
| export const buildIntotoStatement = (subjects, predicate) => { | ||
| return { | ||
@@ -20,3 +17,2 @@ _type: INTOTO_STATEMENT_V1_TYPE, | ||
| }; | ||
| exports.buildIntotoStatement = buildIntotoStatement; | ||
| //# sourceMappingURL=intoto.js.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"intoto.js","sourceRoot":"","sources":["../src/intoto.ts"],"names":[],"mappings":";;;AAEA,MAAM,wBAAwB,GAAG,iCAAiC,CAAA;AAalE;;;;;GAKG;AACI,MAAM,oBAAoB,GAAG,CAClC,QAAmB,EACnB,SAAoB,EACH,EAAE;IACnB,OAAO;QACL,KAAK,EAAE,wBAAwB;QAC/B,OAAO,EAAE,QAAQ;QACjB,aAAa,EAAE,SAAS,CAAC,IAAI;QAC7B,SAAS,EAAE,SAAS,CAAC,MAAM;KAC5B,CAAA;AACH,CAAC,CAAA;AAVY,QAAA,oBAAoB,wBAUhC"} | ||
| {"version":3,"file":"intoto.js","sourceRoot":"","sources":["../src/intoto.ts"],"names":[],"mappings":"AAEA,MAAM,wBAAwB,GAAG,iCAAiC,CAAA;AAalE;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,QAAmB,EACnB,SAAoB,EACH,EAAE;IACnB,OAAO;QACL,KAAK,EAAE,wBAAwB;QAC/B,OAAO,EAAE,QAAQ;QACjB,aAAa,EAAE,SAAS,CAAC,IAAI;QAC7B,SAAS,EAAE,SAAS,CAAC,MAAM;KAC5B,CAAA;AACH,CAAC,CAAA"} |
+6
-43
@@ -1,35 +0,1 @@ | ||
| "use strict"; | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| var desc = Object.getOwnPropertyDescriptor(m, k); | ||
| if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { | ||
| desc = { enumerable: true, get: function() { return m[k]; } }; | ||
| } | ||
| Object.defineProperty(o, k2, desc); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { | ||
| Object.defineProperty(o, "default", { enumerable: true, value: v }); | ||
| }) : function(o, v) { | ||
| o["default"] = v; | ||
| }); | ||
| var __importStar = (this && this.__importStar) || (function () { | ||
| var ownKeys = function(o) { | ||
| ownKeys = Object.getOwnPropertyNames || function (o) { | ||
| var ar = []; | ||
| for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; | ||
| return ar; | ||
| }; | ||
| return ownKeys(o); | ||
| }; | ||
| return function (mod) { | ||
| if (mod && mod.__esModule) return mod; | ||
| var result = {}; | ||
| if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); | ||
| __setModuleDefault(result, mod); | ||
| return result; | ||
| }; | ||
| })(); | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
@@ -44,7 +10,5 @@ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.getIDTokenClaims = void 0; | ||
| const core_1 = require("@actions/core"); | ||
| const http_client_1 = require("@actions/http-client"); | ||
| const jose = __importStar(require("jose")); | ||
| import { getIDToken } from '@actions/core'; | ||
| import { HttpClient } from '@actions/http-client'; | ||
| import * as jose from 'jose'; | ||
| const OIDC_AUDIENCE = 'nobody'; | ||
@@ -69,6 +33,6 @@ const VALID_SERVER_URLS = [ | ||
| ]; | ||
| const getIDTokenClaims = (issuer) => __awaiter(void 0, void 0, void 0, function* () { | ||
| export const getIDTokenClaims = (issuer) => __awaiter(void 0, void 0, void 0, function* () { | ||
| issuer = issuer || getIssuer(); | ||
| try { | ||
| const token = yield (0, core_1.getIDToken)(OIDC_AUDIENCE); | ||
| const token = yield getIDToken(OIDC_AUDIENCE); | ||
| const claims = yield decodeOIDCToken(token, issuer); | ||
@@ -82,3 +46,2 @@ assertClaimSet(claims); | ||
| }); | ||
| exports.getIDTokenClaims = getIDTokenClaims; | ||
| const decodeOIDCToken = (token, issuer) => __awaiter(void 0, void 0, void 0, function* () { | ||
@@ -101,3 +64,3 @@ // Verify and decode token | ||
| const getJWKS = (issuer) => __awaiter(void 0, void 0, void 0, function* () { | ||
| const client = new http_client_1.HttpClient('@actions/attest'); | ||
| const client = new HttpClient('@actions/attest'); | ||
| const config = yield client.getJson(`${issuer}/.well-known/openid-configuration`); | ||
@@ -104,0 +67,0 @@ if (!config.result) { |
+1
-1
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAwC;AACxC,sDAA+C;AAC/C,2CAA4B;AAE5B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,iBAAiB,GAAG;IACxB,oBAAoB;IACpB,IAAI,MAAM,CAAC,kCAAkC,CAAC;CACtC,CAAA;AAEV,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQH,MAAM,gBAAgB,GAAG,CAAO,MAAe,EAAqB,EAAE;IAC3E,MAAM,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAC9B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC,CAAA,CAAA;AAVY,QAAA,gBAAgB,oBAU5B;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACY,EAAE;IAC5B,0BAA0B;IAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,CAAA;IAC1D,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;QAClD,QAAQ,EAAE,aAAa;KACxB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IAED,2EAA2E;IAC3E,kEAAkE;IAClE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,2BAA2B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;IAC3D,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA,CAAA;AAED,MAAM,OAAO,GAAG,CAAO,MAAc,EAA+B,EAAE;IACpE,MAAM,MAAM,GAAG,IAAI,wBAAU,CAAC,iBAAiB,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CACjC,GAAG,MAAM,mCAAmC,CAC7C,CAAA;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAqB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAE7E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,CAAA;AACpB,CAAC,CAAA,CAAA;AAED,SAAS,cAAc,CAAC,MAAuB;IAC7C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAChE,CAAC;AACH,CAAC;AAED,yDAAyD;AACzD,SAAS,SAAS;IAChB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IAEvE,qDAAqD;IACrD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,IAAI,GAAG,uBAAuB,CAAA;IAChC,CAAC;IAED,OAAO,yBAAyB,IAAI,EAAE,CAAA;AACxC,CAAC"} | ||
| {"version":3,"file":"oidc.js","sourceRoot":"","sources":["../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAC,UAAU,EAAC,MAAM,eAAe,CAAA;AACxC,OAAO,EAAC,UAAU,EAAC,MAAM,sBAAsB,CAAA;AAC/C,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,MAAM,aAAa,GAAG,QAAQ,CAAA;AAE9B,MAAM,iBAAiB,GAAG;IACxB,oBAAoB;IACpB,IAAI,MAAM,CAAC,kCAAkC,CAAC;CACtC,CAAA;AAEV,MAAM,eAAe,GAAG;IACtB,KAAK;IACL,KAAK;IACL,KAAK;IACL,YAAY;IACZ,YAAY;IACZ,kBAAkB;IAClB,cAAc;IACd,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,QAAQ;IACR,aAAa;CACL,CAAA;AAQV,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAO,MAAe,EAAqB,EAAE;IAC3E,MAAM,GAAG,MAAM,IAAI,SAAS,EAAE,CAAA;IAC9B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,CAAA;QAC7C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QACnD,cAAc,CAAC,MAAM,CAAC,CAAA;QACtB,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC,CAAA,CAAA;AAED,MAAM,eAAe,GAAG,CACtB,KAAa,EACb,MAAc,EACY,EAAE;IAC5B,0BAA0B;IAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,CAAA;IAC1D,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;QAClD,QAAQ,EAAE,aAAa;KACxB,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;IACxC,CAAC;IAED,2EAA2E;IAC3E,kEAAkE;IAClE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,2BAA2B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;IAC3D,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA,CAAA;AAED,MAAM,OAAO,GAAG,CAAO,MAAc,EAA+B,EAAE;IACpE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CACjC,GAAG,MAAM,mCAAmC,CAC7C,CAAA;IAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAqB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAE7E,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAC7C,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,CAAA;AACpB,CAAC,CAAA,CAAA;AAED,SAAS,cAAc,CAAC,MAAuB;IAC7C,MAAM,aAAa,GAAa,EAAE,CAAA;IAElC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAChE,CAAC;AACH,CAAC;AAED,yDAAyD;AACzD,SAAS,SAAS;IAChB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAA;IAEvE,qDAAqD;IACrD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,EAAE,CAAC,CAAA;IACrD,CAAC;IAED,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAA;IAEtC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,IAAI,GAAG,uBAAuB,CAAA;IAChC,CAAC;IAED,OAAO,yBAAyB,IAAI,EAAE,CAAA;AACxC,CAAC"} |
@@ -1,3 +0,3 @@ | ||
| import { AttestOptions } from './attest'; | ||
| import type { Attestation, Predicate } from './shared.types'; | ||
| import { AttestOptions } from './attest.js'; | ||
| import type { Attestation, Predicate } from './shared.types.js'; | ||
| export type AttestProvenanceOptions = Omit<AttestOptions, 'predicate' | 'predicateType'> & { | ||
@@ -4,0 +4,0 @@ issuer?: string; |
+7
-12
@@ -1,2 +0,1 @@ | ||
| "use strict"; | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
@@ -11,7 +10,4 @@ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.buildSLSAProvenancePredicate = void 0; | ||
| exports.attestProvenance = attestProvenance; | ||
| const attest_1 = require("./attest"); | ||
| const oidc_1 = require("./oidc"); | ||
| import { attest } from './attest.js'; | ||
| import { getIDTokenClaims } from './oidc.js'; | ||
| const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1'; | ||
@@ -28,5 +24,5 @@ const GITHUB_BUILD_TYPE = 'https://actions.github.io/buildtypes/workflow/v1'; | ||
| */ | ||
| const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void 0, function* () { | ||
| export const buildSLSAProvenancePredicate = (issuer) => __awaiter(void 0, void 0, void 0, function* () { | ||
| const serverURL = process.env.GITHUB_SERVER_URL; | ||
| const claims = yield (0, oidc_1.getIDTokenClaims)(issuer); | ||
| const claims = yield getIDTokenClaims(issuer); | ||
| // Split just the path and ref from the workflow string. | ||
@@ -78,3 +74,2 @@ // owner/repo/.github/workflows/main.yml@main => | ||
| }); | ||
| exports.buildSLSAProvenancePredicate = buildSLSAProvenancePredicate; | ||
| /** | ||
@@ -88,8 +83,8 @@ * Attests the build provenance of the provided subject. Generates the SLSA | ||
| */ | ||
| function attestProvenance(options) { | ||
| export function attestProvenance(options) { | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
| const predicate = yield (0, exports.buildSLSAProvenancePredicate)(options.issuer); | ||
| return (0, attest_1.attest)(Object.assign(Object.assign({}, options), { predicateType: predicate.type, predicate: predicate.params })); | ||
| const predicate = yield buildSLSAProvenancePredicate(options.issuer); | ||
| return attest(Object.assign(Object.assign({}, options), { predicateType: predicate.type, predicate: predicate.params })); | ||
| }); | ||
| } | ||
| //# sourceMappingURL=provenance.js.map |
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;;;;AAqFA,4CASC;AA9FD,qCAA8C;AAC9C,iCAAuC;AAGvC,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAS5E;;;;;;;;GAQG;AACI,MAAM,4BAA4B,GAAG,CAC1C,MAAe,EACK,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC,YAAY;SACvC,OAAO,CAAC,GAAG,MAAM,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;SACpC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEb,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE;YACN,eAAe,EAAE;gBACf,SAAS,EAAE,iBAAiB;gBAC5B,kBAAkB,EAAE;oBAClB,QAAQ,EAAE;wBACR,GAAG,EAAE,MAAM,CAAC,GAAG;wBACf,UAAU,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;wBAC/C,IAAI,EAAE,YAAY;qBACnB;iBACF;gBACD,kBAAkB,EAAE;oBAClB,MAAM,EAAE;wBACN,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;wBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;wBAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;qBAC9C;iBACF;gBACD,oBAAoB,EAAE;oBACpB;wBACE,GAAG,EAAE,OAAO,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG,EAAE;wBAC1D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,GAAG;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,EAAE,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,gBAAgB,EAAE;iBAC9C;gBACD,QAAQ,EAAE;oBACR,YAAY,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,iBAAiB,MAAM,CAAC,MAAM,aAAa,MAAM,CAAC,WAAW,EAAE;iBAC/G;aACF;SACF;KACF,CAAA;AACH,CAAC,CAAA,CAAA;AApDY,QAAA,4BAA4B,gCAoDxC;AAED;;;;;;;GAOG;AACH,SAAsB,gBAAgB,CACpC,OAAgC;;QAEhC,MAAM,SAAS,GAAG,MAAM,IAAA,oCAA4B,EAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpE,OAAO,IAAA,eAAM,kCACR,OAAO,KACV,aAAa,EAAE,SAAS,CAAC,IAAI,EAC7B,SAAS,EAAE,SAAS,CAAC,MAAM,IAC3B,CAAA;IACJ,CAAC;CAAA"} | ||
| {"version":3,"file":"provenance.js","sourceRoot":"","sources":["../src/provenance.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAgB,MAAM,aAAa,CAAA;AACjD,OAAO,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAA;AAG1C,MAAM,sBAAsB,GAAG,gCAAgC,CAAA;AAC/D,MAAM,iBAAiB,GAAG,kDAAkD,CAAA;AAS5E;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAC1C,MAAe,EACK,EAAE;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC/C,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,CAAA;IAE7C,wDAAwD;IACxD,gDAAgD;IAChD,qCAAqC;IACrC,MAAM,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC,YAAY;SACvC,OAAO,CAAC,GAAG,MAAM,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;SACpC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEb,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,MAAM,EAAE;YACN,eAAe,EAAE;gBACf,SAAS,EAAE,iBAAiB;gBAC5B,kBAAkB,EAAE;oBAClB,QAAQ,EAAE;wBACR,GAAG,EAAE,MAAM,CAAC,GAAG;wBACf,UAAU,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE;wBAC/C,IAAI,EAAE,YAAY;qBACnB;iBACF;gBACD,kBAAkB,EAAE;oBAClB,MAAM,EAAE;wBACN,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;wBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;wBAC/C,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;qBAC9C;iBACF;gBACD,oBAAoB,EAAE;oBACpB;wBACE,GAAG,EAAE,OAAO,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,GAAG,EAAE;wBAC1D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,GAAG;yBACtB;qBACF;iBACF;aACF;YACD,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,EAAE,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,gBAAgB,EAAE;iBAC9C;gBACD,QAAQ,EAAE;oBACR,YAAY,EAAE,GAAG,SAAS,IAAI,MAAM,CAAC,UAAU,iBAAiB,MAAM,CAAC,MAAM,aAAa,MAAM,CAAC,WAAW,EAAE;iBAC/G;aACF;SACF;KACF,CAAA;AACH,CAAC,CAAA,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,UAAgB,gBAAgB,CACpC,OAAgC;;QAEhC,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QACpE,OAAO,MAAM,iCACR,OAAO,KACV,aAAa,EAAE,SAAS,CAAC,IAAI,EAC7B,SAAS,EAAE,SAAS,CAAC,MAAM,IAC3B,CAAA;IACJ,CAAC;CAAA"} |
@@ -1,3 +0,2 @@ | ||
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| export {}; | ||
| //# sourceMappingURL=shared.types.js.map |
+7
-11
@@ -1,2 +0,1 @@ | ||
| "use strict"; | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
@@ -11,5 +10,3 @@ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.signPayload = void 0; | ||
| const sign_1 = require("@sigstore/sign"); | ||
| import { CIContextProvider, DSSEBundleBuilder, FulcioSigner, RekorWitness, TSAWitness } from '@sigstore/sign'; | ||
| const OIDC_AUDIENCE = 'sigstore'; | ||
@@ -25,3 +22,3 @@ const DEFAULT_TIMEOUT = 10000; | ||
| */ | ||
| const signPayload = (payload, options) => __awaiter(void 0, void 0, void 0, function* () { | ||
| export const signPayload = (payload, options) => __awaiter(void 0, void 0, void 0, function* () { | ||
| const artifact = { | ||
@@ -34,10 +31,9 @@ data: payload.body, | ||
| }); | ||
| exports.signPayload = signPayload; | ||
| // Assembles the Sigstore bundle builder with the appropriate options | ||
| const initBundleBuilder = (opts) => { | ||
| const identityProvider = new sign_1.CIContextProvider(OIDC_AUDIENCE); | ||
| const identityProvider = new CIContextProvider(OIDC_AUDIENCE); | ||
| const timeout = opts.timeout || DEFAULT_TIMEOUT; | ||
| const retry = opts.retry || DEFAULT_RETRIES; | ||
| const witnesses = []; | ||
| const signer = new sign_1.FulcioSigner({ | ||
| const signer = new FulcioSigner({ | ||
| identityProvider, | ||
@@ -49,3 +45,3 @@ fulcioBaseURL: opts.fulcioURL, | ||
| if (opts.rekorURL) { | ||
| witnesses.push(new sign_1.RekorWitness({ | ||
| witnesses.push(new RekorWitness({ | ||
| rekorBaseURL: opts.rekorURL, | ||
@@ -58,3 +54,3 @@ fetchOnConflict: true, | ||
| if (opts.tsaServerURL) { | ||
| witnesses.push(new sign_1.TSAWitness({ | ||
| witnesses.push(new TSAWitness({ | ||
| tsaBaseURL: opts.tsaServerURL, | ||
@@ -67,4 +63,4 @@ timeout, | ||
| // trigger the creation of v0.3 DSSE bundles | ||
| return new sign_1.DSSEBundleBuilder({ signer, witnesses }); | ||
| return new DSSEBundleBuilder({ signer, witnesses }); | ||
| }; | ||
| //# sourceMappingURL=sign.js.map |
+1
-1
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCASuB;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACI,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAXY,QAAA,WAAW,eAWvB;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,wBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,mBAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,SAAS,CAAC,IAAI,CACZ,IAAI,mBAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,eAAe,EAAE,IAAI;YACrB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;IACH,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,SAAS,CAAC,IAAI,CACZ,IAAI,iBAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;IACH,CAAC;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,wBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAC,CAAC,CAAA;AACnD,CAAC,CAAA"} | ||
| {"version":3,"file":"sign.js","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAGL,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACZ,UAAU,EAEX,MAAM,gBAAgB,CAAA;AAEvB,MAAM,aAAa,GAAG,UAAU,CAAA;AAChC,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAA;AAqCzB;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,OAAgB,EAChB,OAAoB,EACH,EAAE;IACnB,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;IAED,yCAAyC;IACzC,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;AACpD,CAAC,CAAA,CAAA;AAED,qEAAqE;AACrE,MAAM,iBAAiB,GAAG,CAAC,IAAiB,EAAiB,EAAE;IAC7D,MAAM,gBAAgB,GAAG,IAAI,iBAAiB,CAAC,aAAa,CAAC,CAAA;IAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,eAAe,CAAA;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,eAAe,CAAA;IAC3C,MAAM,SAAS,GAAc,EAAE,CAAA;IAE/B,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC;QAC9B,gBAAgB;QAChB,aAAa,EAAE,IAAI,CAAC,SAAS;QAC7B,OAAO;QACP,KAAK;KACN,CAAC,CAAA;IAEF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,SAAS,CAAC,IAAI,CACZ,IAAI,YAAY,CAAC;YACf,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,eAAe,EAAE,IAAI;YACrB,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;IACH,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,SAAS,CAAC,IAAI,CACZ,IAAI,UAAU,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,YAAY;YAC7B,OAAO;YACP,KAAK;SACN,CAAC,CACH,CAAA;IACH,CAAC;IAED,gEAAgE;IAChE,4CAA4C;IAC5C,OAAO,IAAI,iBAAiB,CAAC,EAAC,MAAM,EAAE,SAAS,EAAC,CAAC,CAAA;AACnD,CAAC,CAAA"} |
+4
-41
@@ -1,35 +0,1 @@ | ||
| "use strict"; | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| var desc = Object.getOwnPropertyDescriptor(m, k); | ||
| if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { | ||
| desc = { enumerable: true, get: function() { return m[k]; } }; | ||
| } | ||
| Object.defineProperty(o, k2, desc); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { | ||
| Object.defineProperty(o, "default", { enumerable: true, value: v }); | ||
| }) : function(o, v) { | ||
| o["default"] = v; | ||
| }); | ||
| var __importStar = (this && this.__importStar) || (function () { | ||
| var ownKeys = function(o) { | ||
| ownKeys = Object.getOwnPropertyNames || function (o) { | ||
| var ar = []; | ||
| for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; | ||
| return ar; | ||
| }; | ||
| return ownKeys(o); | ||
| }; | ||
| return function (mod) { | ||
| if (mod && mod.__esModule) return mod; | ||
| var result = {}; | ||
| if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); | ||
| __setModuleDefault(result, mod); | ||
| return result; | ||
| }; | ||
| })(); | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
@@ -44,6 +10,4 @@ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.writeAttestation = void 0; | ||
| const github = __importStar(require("@actions/github")); | ||
| const plugin_retry_1 = require("@octokit/plugin-retry"); | ||
| import * as github from '@actions/github'; | ||
| import { retry } from '@octokit/plugin-retry'; | ||
| const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations'; | ||
@@ -58,6 +22,6 @@ const DEFAULT_RETRY_COUNT = 5; | ||
| */ | ||
| const writeAttestation = (attestation_1, token_1, ...args_1) => __awaiter(void 0, [attestation_1, token_1, ...args_1], void 0, function* (attestation, token, options = {}) { | ||
| export const writeAttestation = (attestation_1, token_1, ...args_1) => __awaiter(void 0, [attestation_1, token_1, ...args_1], void 0, function* (attestation, token, options = {}) { | ||
| var _a; | ||
| const retries = (_a = options.retry) !== null && _a !== void 0 ? _a : DEFAULT_RETRY_COUNT; | ||
| const octokit = github.getOctokit(token, { retry: { retries } }, plugin_retry_1.retry); | ||
| const octokit = github.getOctokit(token, { retry: { retries } }, retry); | ||
| try { | ||
@@ -80,3 +44,2 @@ const response = yield octokit.request(CREATE_ATTESTATION_REQUEST, { | ||
| }); | ||
| exports.writeAttestation = writeAttestation; | ||
| //# sourceMappingURL=store.js.map |
+1
-1
@@ -1,1 +0,1 @@ | ||
| {"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAyC;AACzC,wDAA2C;AAG3C,MAAM,0BAA0B,GAAG,yCAAyC,CAAA;AAC5E,MAAM,mBAAmB,GAAG,CAAC,CAAA;AAM7B;;;;;;GAMG;AACI,MAAM,gBAAgB,GAAG,oCAIb,EAAE,2EAHnB,WAAoB,EACpB,KAAa,EACb,UAAwB,EAAE;;IAE1B,MAAM,OAAO,GAAG,MAAA,OAAO,CAAC,KAAK,mCAAI,mBAAmB,CAAA;IACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,EAAC,OAAO,EAAC,EAAC,EAAE,oBAAK,CAAC,CAAA;IAEnE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;YAChC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,WAIP;SACF,CAAC,CAAA;QAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;YAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;QACnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE,CAAA;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;QACxD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAA;IAC9D,CAAC;AACH,CAAC,CAAA,CAAA;AA7BY,QAAA,gBAAgB,oBA6B5B"} | ||
| {"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAC,KAAK,EAAC,MAAM,uBAAuB,CAAA;AAG3C,MAAM,0BAA0B,GAAG,yCAAyC,CAAA;AAC5E,MAAM,mBAAmB,GAAG,CAAC,CAAA;AAM7B;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,oCAIb,EAAE,2EAHnB,WAAoB,EACpB,KAAa,EACb,UAAwB,EAAE;;IAE1B,MAAM,OAAO,GAAG,MAAA,OAAO,CAAC,KAAK,mCAAI,mBAAmB,CAAA;IACpD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAC,KAAK,EAAE,EAAC,OAAO,EAAC,EAAC,EAAE,KAAK,CAAC,CAAA;IAEnE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,0BAA0B,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK;YAChC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI;YAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,WAIP;SACF,CAAC,CAAA;QAEF,MAAM,IAAI,GACR,OAAO,QAAQ,CAAC,IAAI,IAAI,QAAQ;YAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;QACnB,OAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,EAAE,CAAA;IACjB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAA;QACxD,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAA;IAC9D,CAAC;AACH,CAAC,CAAA,CAAA"} |
+12
-10
| { | ||
| "name": "@actions/attest", | ||
| "version": "2.2.1", | ||
| "version": "3.0.0", | ||
| "description": "Actions attestation lib", | ||
@@ -12,4 +12,11 @@ "keywords": [ | ||
| "license": "MIT", | ||
| "type": "module", | ||
| "main": "lib/index.js", | ||
| "types": "lib/index.d.ts", | ||
| "exports": { | ||
| ".": { | ||
| "types": "./lib/index.d.ts", | ||
| "import": "./lib/index.js" | ||
| } | ||
| }, | ||
| "directories": { | ||
@@ -46,15 +53,10 @@ "lib": "lib", | ||
| "dependencies": { | ||
| "@actions/core": "^2.0.2", | ||
| "@actions/github": "^7.0.0", | ||
| "@actions/http-client": "^3.0.2", | ||
| "@octokit/plugin-retry": "^6.0.1", | ||
| "@actions/core": "^3.0.0", | ||
| "@actions/github": "^9.0.0", | ||
| "@actions/http-client": "^4.0.0", | ||
| "@octokit/plugin-retry": "^8.0.3", | ||
| "@sigstore/bundle": "^3.1.0", | ||
| "@sigstore/sign": "^3.1.0", | ||
| "jose": "^5.10.0" | ||
| }, | ||
| "overrides": { | ||
| "@octokit/plugin-retry": { | ||
| "@octokit/core": "^5.2.0" | ||
| } | ||
| } | ||
| } |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Yes
NaN52236
-12.13%671
-20.21%+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
+ Added
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
Updated
Updated
Updated
Updated