1
0
Fork 0

Merge pull request #1790 from actions/bdehamer/attest-headers

support for headers param in attest functions
pull/1796/head
Brian DeHamer 2024-08-16 07:21:46 -07:00 committed by GitHub
commit 279e891118
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 26 additions and 6 deletions

View File

@ -63,6 +63,8 @@ export type AttestOptions = {
// Sigstore instance to use for signing. Must be one of "public-good" or // Sigstore instance to use for signing. Must be one of "public-good" or
// "github". // "github".
sigstore?: 'public-good' | 'github' sigstore?: 'public-good' | 'github'
// HTTP headers to include in request to attestations API.
headers?: {[header: string]: string | number | undefined}
// Whether to skip writing the attestation to the GH attestations API. // Whether to skip writing the attestation to the GH attestations API.
skipWrite?: boolean skipWrite?: boolean
} }
@ -113,6 +115,8 @@ export type AttestProvenanceOptions = {
// Sigstore instance to use for signing. Must be one of "public-good" or // Sigstore instance to use for signing. Must be one of "public-good" or
// "github". // "github".
sigstore?: 'public-good' | 'github' sigstore?: 'public-good' | 'github'
// HTTP headers to include in request to attestations API.
headers?: {[header: string]: string | number | undefined}
// Whether to skip writing the attestation to the GH attestations API. // Whether to skip writing the attestation to the GH attestations API.
skipWrite?: boolean skipWrite?: boolean
// Issuer URL responsible for minting the OIDC token from which the // Issuer URL responsible for minting the OIDC token from which the

View File

@ -1,5 +1,9 @@
# @actions/attest Releases # @actions/attest Releases
### 1.4.0
- Add new `headers` parameter to the `attest` and `attestProvenance` functions.
### 1.3.1 ### 1.3.1
- Fix bug with proxy support when retrieving JWKS for OIDC issuer - Fix bug with proxy support when retrieving JWKS for OIDC issuer

View File

@ -5,6 +5,7 @@ describe('writeAttestation', () => {
const originalEnv = process.env const originalEnv = process.env
const attestation = {foo: 'bar '} const attestation = {foo: 'bar '}
const token = 'token' const token = 'token'
const headers = {'X-GitHub-Foo': 'true'}
const mockAgent = new MockAgent() const mockAgent = new MockAgent()
setGlobalDispatcher(mockAgent) setGlobalDispatcher(mockAgent)
@ -27,14 +28,16 @@ describe('writeAttestation', () => {
.intercept({ .intercept({
path: '/repos/foo/bar/attestations', path: '/repos/foo/bar/attestations',
method: 'POST', method: 'POST',
headers: {authorization: `token ${token}`}, headers: {authorization: `token ${token}`, ...headers},
body: JSON.stringify({bundle: attestation}) body: JSON.stringify({bundle: attestation})
}) })
.reply(201, {id: '123'}) .reply(201, {id: '123'})
}) })
it('persists the attestation', async () => { it('persists the attestation', async () => {
await expect(writeAttestation(attestation, token)).resolves.toEqual('123') await expect(
writeAttestation(attestation, token, {headers})
).resolves.toEqual('123')
}) })
}) })

View File

@ -1,12 +1,12 @@
{ {
"name": "@actions/attest", "name": "@actions/attest",
"version": "1.3.1", "version": "1.4.0",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "@actions/attest", "name": "@actions/attest",
"version": "1.3.1", "version": "1.4.0",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/core": "^1.10.1", "@actions/core": "^1.10.1",

View File

@ -1,6 +1,6 @@
{ {
"name": "@actions/attest", "name": "@actions/attest",
"version": "1.3.1", "version": "1.4.0",
"description": "Actions attestation lib", "description": "Actions attestation lib",
"keywords": [ "keywords": [
"github", "github",

View File

@ -28,6 +28,8 @@ export type AttestOptions = {
// Sigstore instance to use for signing. Must be one of "public-good" or // Sigstore instance to use for signing. Must be one of "public-good" or
// "github". // "github".
sigstore?: SigstoreInstance sigstore?: SigstoreInstance
// HTTP headers to include in request to attestations API.
headers?: {[header: string]: string | number | undefined}
// Whether to skip writing the attestation to the GH attestations API. // Whether to skip writing the attestation to the GH attestations API.
skipWrite?: boolean skipWrite?: boolean
} }
@ -61,7 +63,11 @@ export async function attest(options: AttestOptions): Promise<Attestation> {
// Store the attestation // Store the attestation
let attestationID: string | undefined let attestationID: string | undefined
if (options.skipWrite !== true) { if (options.skipWrite !== true) {
attestationID = await writeAttestation(bundleToJSON(bundle), options.token) attestationID = await writeAttestation(
bundleToJSON(bundle),
options.token,
{headers: options.headers}
)
} }
return toAttestation(bundle, attestationID) return toAttestation(bundle, attestationID)

View File

@ -1,11 +1,13 @@
import * as github from '@actions/github' import * as github from '@actions/github'
import {retry} from '@octokit/plugin-retry' import {retry} from '@octokit/plugin-retry'
import {RequestHeaders} from '@octokit/types'
const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations' const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations'
const DEFAULT_RETRY_COUNT = 5 const DEFAULT_RETRY_COUNT = 5
export type WriteOptions = { export type WriteOptions = {
retry?: number retry?: number
headers?: RequestHeaders
} }
/** /**
* Writes an attestation to the repository's attestations endpoint. * Writes an attestation to the repository's attestations endpoint.
@ -26,6 +28,7 @@ export const writeAttestation = async (
const response = await octokit.request(CREATE_ATTESTATION_REQUEST, { const response = await octokit.request(CREATE_ATTESTATION_REQUEST, {
owner: github.context.repo.owner, owner: github.context.repo.owner,
repo: github.context.repo.repo, repo: github.context.repo.repo,
headers: options.headers,
data: {bundle: attestation} data: {bundle: attestation}
}) })