CrazyMax
4ec46bb673
artifact(download): skip non-zip files
2024-11-14 13:40:31 +01:00
Josh Gross
bb2278e5cf
Extend Node version test coverage ( #1843 )
...
* Extend Node version test coverage
* Remove Node 16
2024-11-08 10:30:18 -05:00
Josh Gross
77f247b2f3
Prepare `@actions/cache` 3.3.0 release ( #1871 )
2024-11-01 13:32:42 -04:00
Brian DeHamer
d13839fcf4
Merge pull request #1870 from actions/bdehamer/attest-1.5-release-notes
...
`@actions/attest`: Release notes for v1.5.0 release
2024-11-01 09:55:13 -07:00
Brian DeHamer
7e54468896
update release notes for @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 09:45:11 -07:00
Brian DeHamer
339447c5d3
Merge pull request #1863 from meriadec/attest-provenance-tags
...
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
2024-11-01 09:35:13 -07:00
Brian DeHamer
43ce96d373
Merge pull request #1865 from actions/bdehamer/multi-subject
...
`@actions/attest`: Support multi-subject attestations
2024-11-01 09:33:11 -07:00
Brian DeHamer
265a5be8bc
support multi-subject attestations
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 09:08:19 -07:00
Brian DeHamer
65ee4d33af
use macos-latest-large in test/release workflows ( #1869 )
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-11-01 11:59:55 -04:00
Meriadec Pillet
717ba9d9a4
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
...
When using some monorepo-related tools (like [changesets](https://github.com/changesets/changesets )),
the produced tags have a special format that includes `@` character.
For example, a `foo` package on a monorepo will produce Git tags looking
like `foo@1.0.0` if using changesets.
When used in combination with `actions/attest-build-provenance`, the
action was not properly re-crafting the tag in `buildSLSAProvenancePredicate` because
it was always splitting the workflow ref by `@` and taking the second
element.
This result in this error on CI:
```
Error: Error: Failed to persist attestation: Invalid Argument - values do not match: refs/tags/foo != refs/tags/foo@1.0.0 - https://docs.github.com/rest/repos/repos#create-an-attestation
````
This PR slightly update the logic there, and rather take "everything
located after the first '@'". This shouldn't introduce any breaking
change, while giving support for custom tags.
I've added the corresponding test case, it passes, however I couldn't
successfully run the full test suite (neither on `main`). Looking
forward for CI outcome.
Thanks in advance for the review 🙏 .
2024-10-30 14:29:42 +01:00
Josh Gross
7f5921cddd
Document unreleased changes in `cache` and `tool-cache` ( #1856 )
2024-10-22 12:01:31 -04:00
Brian DeHamer
29d342f176
Merge pull request #1848 from actions/bdehamer/attest-prep-1-5
...
`@actions/attest`: prep release of @actions/attest v1.5.0
2024-10-14 12:49:33 -07:00
Brian DeHamer
72113fe791
Merge pull request #1847 from actions/bdehamer/attest-update-core
...
`@actions/attest`: bump @actions/core from 1.10.1 to 1.11.1
2024-10-14 12:49:15 -07:00
Brian DeHamer
7b4d9763cc
Merge pull request #1846 from actions/bdehamer/sigstore-3-0-0
...
`@actions/attest`: bump @sigstore/sign from 2.3.2 to 3.0.0
2024-10-14 12:48:55 -07:00
Brian DeHamer
26c752f562
prep release of @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:33:10 -07:00
Brian DeHamer
ac1332a8e2
bump @actions/core from 1.10.1 to 1.11.1
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:16:09 -07:00
Brian DeHamer
c6c5ef6b8e
bump @sigstore/sign from 2.3.2 to 3.0.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:06:26 -07:00
Rob Herley
ee93b05ee9
Merge pull request #1845 from actions/robherley/update-release-notes
...
Update artifact release notes
2024-10-08 14:11:08 -04:00
Rob Herley
799f8f5f3d
Update artifact release notes
...
Includes:
- #1815
2024-10-08 14:06:04 -04:00
Rob Herley
201b082ce1
Merge pull request #1844 from actions/robherley/artifact-2.1.11
...
Properly resolve relative symlinks
2024-10-08 13:08:45 -04:00
Rob Herley
49cbbbcd99
Update symlink bug fix reference number
2024-10-08 13:02:06 -04:00
Rob Herley
545e0e6b95
properly resolve relative symlinks
2024-10-08 12:35:48 -04:00
JoannaaKL
c18a7d2f73
Merge pull request #1815 from mydea/fn/remove-crypto
...
Use native `crypto` package from node
2024-10-07 11:06:38 +02:00
Josh Gross
d14afd7973
Explicitly import `crypto` ( #1842 )
...
* Explicitly import `crypto`
* Add release notes for 1.11.1
* Fix crypto mock in test
* Fix `crypto` mock
* Lint
2024-10-04 17:23:42 -04:00
Josh Gross
22a72ac3d7
Include #1551 in `@actions/core` 1.11.0 release notes ( #1840 )
2024-10-02 14:30:25 -04:00
Josh Gross
6ca0d9b637
Release `@actions/core v1.11.0` ( #1839 )
2024-10-02 13:49:03 -04:00
Rob Herley
650f7c6aa3
Merge pull request #1830 from actions/robherley/artifact-2.1.10
...
Fix regression, auto readlink on symlinks again
2024-10-02 13:06:15 -04:00
Josh Gross
78af634e7e
Remove dependency on `uuid` package ( #1824 )
2024-10-02 12:28:06 -04:00
Rob Herley
2a8f1c5ddd
bump package lock version
2024-10-01 16:43:30 -04:00
Rob Herley
5a62022195
/
2024-09-20 17:52:14 -04:00
Rob Herley
8551843690
fix assertion
2024-09-20 17:45:55 -04:00
Rob Herley
d6694e491d
update release notes
2024-09-20 17:31:40 -04:00
Rob Herley
7f19a7886a
fix regression, auto readlink on symlinks again
2024-09-20 17:23:43 -04:00
Brian DeHamer
6dd369c0e6
Merge pull request #1823 from actions/bdehamer/enterprise-issuer
...
[@actions/attest] Fix bug with customized OIDC issuer
2024-09-05 09:17:37 -07:00
Brian DeHamer
2a07de1333
fix bug with customized oidc issuer
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-09-04 10:24:28 -07:00
Francesco Novy
2e1998fc42
update lockfile
2024-08-30 09:41:33 +02:00
Francesco Novy
b7a914b73b
Use native `crypto` package from node
2024-08-30 09:30:02 +02:00
Brian DeHamer
6c4e082c18
Merge pull request #1805 from actions/bdehamer/update-http-client
...
bump @actions/http-client from 2.2.1 to 2.2.3
2024-08-22 08:39:26 -07:00
Brian DeHamer
1e69bffbba
bump @actions/http-client from 2.2.1 to 2.2.3
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-22 07:52:03 -07:00
Thomas Boop
d1aa255c7f
HTTP Client 2.2.3 Release ( #1804 )
...
* http-client 2.2.3
* fix audit
* Revert "fix audit"
724956ffa7
* update versions
* Revert "update versions"
139b3391a0
* exclude dev dependencies while we work on removing lerna
2024-08-22 10:13:36 -04:00
Brian DeHamer
7298ff3219
Merge pull request #1799 from actions/bdehamer/http-client-proxy-auth
...
fix encoding for proxy auth token
2024-08-21 06:41:49 -07:00
Brian DeHamer
571d782946
Merge pull request #1797 from actions/bdehamer/attester-release-notes
...
improve release notes for @actions/attest
2024-08-19 07:38:36 -07:00
Brian DeHamer
ada9e00cda
fix encoding for proxy auth token
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 15:03:40 -07:00
Josh Gross
faf9cb2ea2
Include the package name in the Publish Workflow run ( #1793 )
2024-08-16 16:15:14 -04:00
Brian DeHamer
ac3a063583
improve release notes for @actions/attest
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:43:39 -07:00
Brian DeHamer
7cc96bb976
Merge pull request #1796 from actions/bdehamer/attest-issuer
...
derive default OIDC issuer from current tenant
2024-08-16 12:21:00 -07:00
Brian DeHamer
fa6cc53297
derive default OIDC issuer from current tenant
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:07:23 -07:00
Thomas Boop
f299e8ba1e
HTTP Client 2.2.2 Release ( #1794 )
...
* 2.2.2 release
* update nodes
2024-08-16 13:11:10 -04:00
Yu
1b9927d1c7
Handle Encoded URL for Proxy Username and Password in HTTP Client ( #1782 )
...
* uri-decode-fix
Signed-off-by: Yu <yu.yang@anz.com>
* http-client URLdecode fix
Signed-off-by: Yu <yu.yang@anz.com>
* http-client URLdecode test typo fix
Signed-off-by: Yu <yu.yang@anz.com>
---------
Signed-off-by: Yu <yu.yang@anz.com>
2024-08-16 12:43:10 -04:00
Brian DeHamer
279e891118
Merge pull request #1790 from actions/bdehamer/attest-headers
...
support for headers param in attest functions
2024-08-16 07:21:46 -07:00