Merge pull request #1846 from actions/bdehamer/sigstore-3-0-0

`@actions/attest`: bump @sigstore/sign from 2.3.2 to 3.0.0
2024-10-14 12:48:55 -07:00 · 2024-10-14 12:48:55 -07:00 · 7b4d9763cc
parent ee93b05ee9 c6c5ef6b8e
commit 7b4d9763cc
3 changed files with 707 additions and 656 deletions
--- a/packages/attest/package-lock.json
+++ b/packages/attest/package-lock.json
--- a/packages/attest/package.json
+++ b/packages/attest/package.json
@ -35,8 +35,8 @@
    "url": "https://github.com/actions/toolkit/issues"
  },
  "devDependencies": {
-    "@sigstore/mock": "^0.7.4",
-    "@sigstore/rekor-types": "^2.0.0",
+    "@sigstore/mock": "^0.8.0",
+    "@sigstore/rekor-types": "^3.0.0",
    "@types/jsonwebtoken": "^9.0.6",
    "nock": "^13.5.1",
    "undici": "^5.28.4"
@ -46,8 +46,8 @@
    "@actions/github": "^6.0.0",
    "@actions/http-client": "^2.2.3",
    "@octokit/plugin-retry": "^6.0.1",
-    "@sigstore/bundle": "^2.3.2",
-    "@sigstore/sign": "^2.3.2",
+    "@sigstore/bundle": "^3.0.0",
+    "@sigstore/sign": "^3.0.0",
    "jose": "^5.2.3"
  },
  "overrides": {
--- a/packages/attest/src/sign.ts
+++ b/packages/attest/src/sign.ts
@ -86,7 +86,6 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
    witnesses.push(
      new RekorWitness({
        rekorBaseURL: opts.rekorURL,
-        entryType: 'dsse',
        fetchOnConflict: true,
        timeout,
        retry
@ -106,5 +105,5 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {

  // Build the bundle with the singleCertificate option which will
  // trigger the creation of v0.3 DSSE bundles
-  return new DSSEBundleBuilder({signer, witnesses, singleCertificate: true})
+  return new DSSEBundleBuilder({signer, witnesses})
 }