Bassem Dghaidi
ab8110fa2f
Remove unecessary packages from top level package.json
2024-11-14 06:36:42 -08:00
Bassem Dghaidi
5e9ef8532f
Lint fixes
2024-11-14 04:47:27 -08:00
Bassem Dghaidi
ea4bf4810a
Remove unnecessary debug information
2024-11-14 04:39:30 -08:00
Bassem Dghaidi
c3e354da23
Remove unnecessary debug information
2024-11-14 04:33:31 -08:00
Bassem Dghaidi
2ee77e654f
Add missing function return types
2024-11-14 03:42:14 -08:00
Bassem Dghaidi
19cdd5f210
Linter cleanups
2024-11-14 03:34:13 -08:00
Bassem Dghaidi
b2557ac90c
Formatting and stylistic cleanup
2024-11-14 03:22:03 -08:00
Bassem Dghaidi
69409b3acd
Fix broken test
2024-11-14 03:10:48 -08:00
Bassem Dghaidi
9dff82c727
Port dependencies & remove dependency on toolkit/artifacts
2024-11-14 03:01:04 -08:00
Bassem Dghaidi
d109d9c03e
Handle ACTIONS_CACHE_SERVICE_V2 feature flag
2024-11-14 03:00:43 -08:00
Bassem Dghaidi
4e1912a3c3
Restore __tests__
2024-11-14 02:08:24 -08:00
Bassem Dghaidi
9da70ffbd7
Post merge cleanup
2024-11-14 02:04:20 -08:00
Bassem Dghaidi
75cdb2c08f
Merge branch 'main' into neo-cache-service
2024-11-14 02:02:55 -08:00
Josh Gross
77f247b2f3
Prepare `@actions/cache` 3.3.0 release ( #1871 )
2024-11-01 13:32:42 -04:00
Brian DeHamer
7e54468896
update release notes for @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 09:45:11 -07:00
Brian DeHamer
339447c5d3
Merge pull request #1863 from meriadec/attest-provenance-tags
...
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
2024-11-01 09:35:13 -07:00
Brian DeHamer
265a5be8bc
support multi-subject attestations
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 09:08:19 -07:00
Meriadec Pillet
717ba9d9a4
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
...
When using some monorepo-related tools (like [changesets](https://github.com/changesets/changesets )),
the produced tags have a special format that includes `@` character.
For example, a `foo` package on a monorepo will produce Git tags looking
like `foo@1.0.0` if using changesets.
When used in combination with `actions/attest-build-provenance`, the
action was not properly re-crafting the tag in `buildSLSAProvenancePredicate` because
it was always splitting the workflow ref by `@` and taking the second
element.
This result in this error on CI:
```
Error: Error: Failed to persist attestation: Invalid Argument - values do not match: refs/tags/foo != refs/tags/foo@1.0.0 - https://docs.github.com/rest/repos/repos#create-an-attestation
````
This PR slightly update the logic there, and rather take "everything
located after the first '@'". This shouldn't introduce any breaking
change, while giving support for custom tags.
I've added the corresponding test case, it passes, however I couldn't
successfully run the full test suite (neither on `main`). Looking
forward for CI outcome.
Thanks in advance for the review 🙏 .
2024-10-30 14:29:42 +01:00
Bassem Dghaidi
01bf918aa5
Refactoring & cleanup
2024-10-24 06:09:23 -07:00
Bassem Dghaidi
28dbd8ff93
Cleanups and package refactoring
2024-10-24 05:19:48 -07:00
Josh Gross
7f5921cddd
Document unreleased changes in `cache` and `tool-cache` ( #1856 )
2024-10-22 12:01:31 -04:00
Bassem Dghaidi
89354f6540
Cleanup implementation and use tarballs instead of streaming zip
2024-10-21 05:21:32 -07:00
Bassem Dghaidi
d399e33060
Merge branch 'main' into neo-cache-service
2024-10-21 02:25:12 -07:00
Brian DeHamer
29d342f176
Merge pull request #1848 from actions/bdehamer/attest-prep-1-5
...
`@actions/attest`: prep release of @actions/attest v1.5.0
2024-10-14 12:49:33 -07:00
Brian DeHamer
72113fe791
Merge pull request #1847 from actions/bdehamer/attest-update-core
...
`@actions/attest`: bump @actions/core from 1.10.1 to 1.11.1
2024-10-14 12:49:15 -07:00
Brian DeHamer
26c752f562
prep release of @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:33:10 -07:00
Brian DeHamer
ac1332a8e2
bump @actions/core from 1.10.1 to 1.11.1
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:16:09 -07:00
Brian DeHamer
c6c5ef6b8e
bump @sigstore/sign from 2.3.2 to 3.0.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:06:26 -07:00
Bassem Dghaidi
4d1dedf2c7
Merge branch 'main' into neo-cache-service
2024-10-09 07:45:11 -07:00
Bassem Dghaidi
13abc95165
Port restoreCache to new service
2024-10-09 04:32:57 -07:00
Rob Herley
799f8f5f3d
Update artifact release notes
...
Includes:
- #1815
2024-10-08 14:06:04 -04:00
Rob Herley
49cbbbcd99
Update symlink bug fix reference number
2024-10-08 13:02:06 -04:00
Rob Herley
545e0e6b95
properly resolve relative symlinks
2024-10-08 12:35:48 -04:00
JoannaaKL
c18a7d2f73
Merge pull request #1815 from mydea/fn/remove-crypto
...
Use native `crypto` package from node
2024-10-07 11:06:38 +02:00
Josh Gross
d14afd7973
Explicitly import `crypto` ( #1842 )
...
* Explicitly import `crypto`
* Add release notes for 1.11.1
* Fix crypto mock in test
* Fix `crypto` mock
* Lint
2024-10-04 17:23:42 -04:00
Josh Gross
22a72ac3d7
Include #1551 in `@actions/core` 1.11.0 release notes ( #1840 )
2024-10-02 14:30:25 -04:00
Josh Gross
6ca0d9b637
Release `@actions/core v1.11.0` ( #1839 )
2024-10-02 13:49:03 -04:00
Rob Herley
650f7c6aa3
Merge pull request #1830 from actions/robherley/artifact-2.1.10
...
Fix regression, auto readlink on symlinks again
2024-10-02 13:06:15 -04:00
Josh Gross
78af634e7e
Remove dependency on `uuid` package ( #1824 )
2024-10-02 12:28:06 -04:00
Rob Herley
2a8f1c5ddd
bump package lock version
2024-10-01 16:43:30 -04:00
Bassem Dghaidi
e62c6428e7
Fix service urls
2024-09-24 03:29:14 -07:00
Bassem Dghaidi
07e51a445e
Add cache service v2 client
2024-09-24 03:17:44 -07:00
Bassem Dghaidi
70e5684b1f
Merge branch 'main' into neo-cache-service
2024-09-24 02:36:02 -07:00
Rob Herley
5a62022195
/
2024-09-20 17:52:14 -04:00
Rob Herley
8551843690
fix assertion
2024-09-20 17:45:55 -04:00
Rob Herley
d6694e491d
update release notes
2024-09-20 17:31:40 -04:00
Rob Herley
7f19a7886a
fix regression, auto readlink on symlinks again
2024-09-20 17:23:43 -04:00
Brian DeHamer
2a07de1333
fix bug with customized oidc issuer
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-09-04 10:24:28 -07:00
Francesco Novy
2e1998fc42
update lockfile
2024-08-30 09:41:33 +02:00
Francesco Novy
b7a914b73b
Use native `crypto` package from node
2024-08-30 09:30:02 +02:00
Brian DeHamer
1e69bffbba
bump @actions/http-client from 2.2.1 to 2.2.3
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-22 07:52:03 -07:00
Thomas Boop
d1aa255c7f
HTTP Client 2.2.3 Release ( #1804 )
...
* http-client 2.2.3
* fix audit
* Revert "fix audit"
724956ffa7
* update versions
* Revert "update versions"
139b3391a0
* exclude dev dependencies while we work on removing lerna
2024-08-22 10:13:36 -04:00
Brian DeHamer
7298ff3219
Merge pull request #1799 from actions/bdehamer/http-client-proxy-auth
...
fix encoding for proxy auth token
2024-08-21 06:41:49 -07:00
Brian DeHamer
ada9e00cda
fix encoding for proxy auth token
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 15:03:40 -07:00
Brian DeHamer
ac3a063583
improve release notes for @actions/attest
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:43:39 -07:00
Brian DeHamer
7cc96bb976
Merge pull request #1796 from actions/bdehamer/attest-issuer
...
derive default OIDC issuer from current tenant
2024-08-16 12:21:00 -07:00
Brian DeHamer
fa6cc53297
derive default OIDC issuer from current tenant
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:07:23 -07:00
Thomas Boop
f299e8ba1e
HTTP Client 2.2.2 Release ( #1794 )
...
* 2.2.2 release
* update nodes
2024-08-16 13:11:10 -04:00
Yu
1b9927d1c7
Handle Encoded URL for Proxy Username and Password in HTTP Client ( #1782 )
...
* uri-decode-fix
Signed-off-by: Yu <yu.yang@anz.com>
* http-client URLdecode fix
Signed-off-by: Yu <yu.yang@anz.com>
* http-client URLdecode test typo fix
Signed-off-by: Yu <yu.yang@anz.com>
---------
Signed-off-by: Yu <yu.yang@anz.com>
2024-08-16 12:43:10 -04:00
Brian DeHamer
340a1033a5
support for headers param in attest functions
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-15 15:35:32 -07:00
Josh Gross
50f2977cce
Add glob option to ignore hidden files ( #1791 )
...
* Add glob option to ignore hidden files
* Use the basename of the file/directory to check for `.`
* Ensure the `excludeHiddenFiles` is properly copied
* Allow the root directory to be matched
* Fix description of `excludeHiddenFiles`
* Document Windows hidden attribute limitation
* Bump version
* `lint`
* Document 0.5.0 release
* Lint again
2024-08-15 17:13:49 -04:00
Thomas Boop
48a65377c0
Fix HTTP client tests ( #1792 )
...
* fix tests and update dependencies
2024-08-15 16:53:06 -04:00
Sébastien Morais
3a33cca851
FIX: Set chunk timeout back to 5 minutes
2024-08-06 10:27:41 +02:00
Rob Herley
76b6e24aee
bump pkg lock
2024-07-31 10:12:04 -04:00
Rob Herley
58d14c4ef5
prep for @actions/artifact v2.1.9
2024-07-31 10:05:34 -04:00
Rob Herley
7463cf3da6
Merge pull request #1771 from rmunn/fix-too-many-open-files
...
Prevent "too many open files" in artifact upload
2024-07-31 09:20:36 -04:00
Robin Munn
7c61054649
Remove unused import
2024-07-27 17:00:02 +07:00
Brian DeHamer
b28406bd1f
fix proxy support for jwks retrieval
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-07-26 15:03:40 -07:00
Robin Munn
9517cdf52d
Prevent "too many open files" in artifact upload
...
See https://www.archiverjs.com/docs/archiver/#file
2024-07-26 08:49:34 +07:00
Rob Herley
3e34f6d19c
add comment for chunk timeout
2024-07-24 12:40:57 -04:00
Rob Herley
182702d2df
fix chunk timeout + update tests
2024-07-23 21:57:39 -04:00
Rob Herley
56832696fc
npm audit fix
2024-07-03 17:03:40 +00:00
Rob Herley
176b40a888
allow localhost hostnames for artifact checks
2024-07-03 16:55:53 +00:00
Bassem Dghaidi
4902d3a118
Add backend ids
2024-06-24 01:16:11 -07:00
Bassem Dghaidi
04d1a7ec3c
Add fix cache paths
2024-06-17 03:36:06 -07:00
Bassem Dghaidi
e1b7e78d60
Fix cache misses
2024-06-17 02:39:45 -07:00
Bassem Dghaidi
7640cf17c1
Fix cache misses
2024-06-17 02:35:25 -07:00
Bassem Dghaidi
8d7ed4fb57
Fix cache service url bug
2024-06-17 01:32:41 -07:00
Bassem Dghaidi
5afc042a74
Add download cache v2
2024-06-17 01:17:10 -07:00
Bassem Dghaidi
5e5faf73fc
Use zlib for compression
2024-06-13 03:16:59 -07:00
Brian DeHamer
dddc440d56
config rekor to fetch on conflict
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-06-12 11:57:18 -07:00
Bassem Dghaidi
9e63a77e7a
Implement cache v2
2024-06-10 12:19:52 -07:00
Bassem Dghaidi
146143a9b4
Implement cache v2
2024-06-10 11:55:28 -07:00
Bassem Dghaidi
6635d12ce0
Implement cache v2
2024-06-10 11:36:37 -07:00
Bassem Dghaidi
dccc3f7f1c
Fix upload mechanics
2024-06-10 11:01:01 -07:00
Bassem Dghaidi
66d5434f23
Add v2 cache upload
2024-06-10 10:56:20 -07:00
Brian DeHamer
73100a7f85
new GHA build provenance
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-06-05 14:54:34 -07:00
Bassem Dghaidi
c8466d1fac
Add twirp client
2024-05-29 08:31:54 -07:00
Bassem Dghaidi
264230c2c5
add debug
2024-05-23 09:04:37 -07:00
Bassem Dghaidi
32dbccb77b
Add debug message
2024-05-23 07:25:17 -07:00
Brian DeHamer
8735a7e2da
prep 1.3.0 release of @actions/attest
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-05-21 13:11:37 -07:00
Fredrik Skogman
d3d7736bae
Fixed a spelling error
2024-05-20 07:57:44 +02:00
Fredrik Skogman
7d18e7aa0d
PR feedback. Juse more JS idiomatic code
2024-05-20 07:52:36 +02:00
Fredrik Skogman
e60694077d
Read the server url from the environment variable.
...
Instead of having the urls hardcoded, read them from the environment.
I opted to read from the environment variable instead of the github context
because it would be easier to test.
2024-05-16 17:00:35 +02:00
Brian DeHamer
abb586d71e
add doc link in @actions/attest readme
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-05-01 11:30:45 -07:00
Brian DeHamer
0e8fe8af62
retry request on failure to save attestation
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-04-24 15:07:39 -07:00
bethanyj28
9eb3d3a673
lint
2024-04-23 16:10:57 -04:00
bethanyj28
6e642f628f
lint
2024-04-23 16:06:02 -04:00
bethanyj28
0159bbe7f2
bump version
2024-04-23 16:03:52 -04:00
bethanyj28
476276bf98
use latest unzip-stream
2024-04-23 15:54:54 -04:00