1
0
Fork 0
Commit Graph

17 Commits (571d782946ae1115bc2711912b5d5d85bf5ce405)

Author SHA1 Message Date
Brian DeHamer ac3a063583
improve release notes for @actions/attest
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:43:39 -07:00
Brian DeHamer fa6cc53297
derive default OIDC issuer from current tenant
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:07:23 -07:00
Brian DeHamer 340a1033a5
support for headers param in attest functions
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-15 15:35:32 -07:00
Brian DeHamer b28406bd1f
fix proxy support for jwks retrieval
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-07-26 15:03:40 -07:00
Brian DeHamer dddc440d56
config rekor to fetch on conflict
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-06-12 11:57:18 -07:00
Brian DeHamer 73100a7f85
new GHA build provenance
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-06-05 14:54:34 -07:00
Brian DeHamer 8735a7e2da
prep 1.3.0 release of @actions/attest
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-05-21 13:11:37 -07:00
Fredrik Skogman d3d7736bae
Fixed a spelling error 2024-05-20 07:57:44 +02:00
Fredrik Skogman 7d18e7aa0d
PR feedback. Juse more JS idiomatic code 2024-05-20 07:52:36 +02:00
Fredrik Skogman e60694077d
Read the server url from the environment variable.
Instead of having the urls hardcoded, read them from the environment.
I opted to read from the environment variable instead of the github context
because it would be easier to test.
2024-05-16 17:00:35 +02:00
Brian DeHamer abb586d71e
add doc link in @actions/attest readme
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-05-01 11:30:45 -07:00
Brian DeHamer 0e8fe8af62
retry request on failure to save attestation
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-04-24 15:07:39 -07:00
Brian DeHamer 2961d73391
remove dep on make-fetch-happen
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-04-23 09:39:17 -07:00
Brian DeHamer f8d95a85df
generate v0.3 bundles in attest package
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-04-03 12:12:26 -07:00
Brian DeHamer a0e6af1e53
build provenance stmt from OIDC claims
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-03-22 12:34:42 -07:00
Brian DeHamer 37a562b194
bump @actions/attest to 1.0.0
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-02-26 10:21:47 -08:00
Brian DeHamer 6079dea4c4
add new @actions/attest package
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-02-26 08:52:20 -08:00