Meriadec Pillet
717ba9d9a4
Handle tags containing "@" character in `buildSLSAProvenancePredicate`
...
When using some monorepo-related tools (like [changesets](https://github.com/changesets/changesets )),
the produced tags have a special format that includes `@` character.
For example, a `foo` package on a monorepo will produce Git tags looking
like `foo@1.0.0` if using changesets.
When used in combination with `actions/attest-build-provenance`, the
action was not properly re-crafting the tag in `buildSLSAProvenancePredicate` because
it was always splitting the workflow ref by `@` and taking the second
element.
This result in this error on CI:
```
Error: Error: Failed to persist attestation: Invalid Argument - values do not match: refs/tags/foo != refs/tags/foo@1.0.0 - https://docs.github.com/rest/repos/repos#create-an-attestation
````
This PR slightly update the logic there, and rather take "everything
located after the first '@'". This shouldn't introduce any breaking
change, while giving support for custom tags.
I've added the corresponding test case, it passes, however I couldn't
successfully run the full test suite (neither on `main`). Looking
forward for CI outcome.
Thanks in advance for the review 🙏 .
2024-10-30 14:29:42 +01:00
Josh Gross
7f5921cddd
Document unreleased changes in `cache` and `tool-cache` ( #1856 )
2024-10-22 12:01:31 -04:00
Brian DeHamer
29d342f176
Merge pull request #1848 from actions/bdehamer/attest-prep-1-5
...
`@actions/attest`: prep release of @actions/attest v1.5.0
2024-10-14 12:49:33 -07:00
Brian DeHamer
72113fe791
Merge pull request #1847 from actions/bdehamer/attest-update-core
...
`@actions/attest`: bump @actions/core from 1.10.1 to 1.11.1
2024-10-14 12:49:15 -07:00
Brian DeHamer
26c752f562
prep release of @actions/attest v1.5.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:33:10 -07:00
Brian DeHamer
ac1332a8e2
bump @actions/core from 1.10.1 to 1.11.1
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:16:09 -07:00
Brian DeHamer
c6c5ef6b8e
bump @sigstore/sign from 2.3.2 to 3.0.0
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-10-14 12:06:26 -07:00
Rob Herley
799f8f5f3d
Update artifact release notes
...
Includes:
- #1815
2024-10-08 14:06:04 -04:00
Rob Herley
49cbbbcd99
Update symlink bug fix reference number
2024-10-08 13:02:06 -04:00
Rob Herley
545e0e6b95
properly resolve relative symlinks
2024-10-08 12:35:48 -04:00
JoannaaKL
c18a7d2f73
Merge pull request #1815 from mydea/fn/remove-crypto
...
Use native `crypto` package from node
2024-10-07 11:06:38 +02:00
Josh Gross
d14afd7973
Explicitly import `crypto` ( #1842 )
...
* Explicitly import `crypto`
* Add release notes for 1.11.1
* Fix crypto mock in test
* Fix `crypto` mock
* Lint
2024-10-04 17:23:42 -04:00
Josh Gross
22a72ac3d7
Include #1551 in `@actions/core` 1.11.0 release notes ( #1840 )
2024-10-02 14:30:25 -04:00
Josh Gross
6ca0d9b637
Release `@actions/core v1.11.0` ( #1839 )
2024-10-02 13:49:03 -04:00
Rob Herley
650f7c6aa3
Merge pull request #1830 from actions/robherley/artifact-2.1.10
...
Fix regression, auto readlink on symlinks again
2024-10-02 13:06:15 -04:00
Josh Gross
78af634e7e
Remove dependency on `uuid` package ( #1824 )
2024-10-02 12:28:06 -04:00
Rob Herley
2a8f1c5ddd
bump package lock version
2024-10-01 16:43:30 -04:00
Rob Herley
5a62022195
/
2024-09-20 17:52:14 -04:00
Rob Herley
8551843690
fix assertion
2024-09-20 17:45:55 -04:00
Rob Herley
d6694e491d
update release notes
2024-09-20 17:31:40 -04:00
Rob Herley
7f19a7886a
fix regression, auto readlink on symlinks again
2024-09-20 17:23:43 -04:00
Brian DeHamer
2a07de1333
fix bug with customized oidc issuer
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-09-04 10:24:28 -07:00
Francesco Novy
2e1998fc42
update lockfile
2024-08-30 09:41:33 +02:00
Francesco Novy
b7a914b73b
Use native `crypto` package from node
2024-08-30 09:30:02 +02:00
Brian DeHamer
1e69bffbba
bump @actions/http-client from 2.2.1 to 2.2.3
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-22 07:52:03 -07:00
Thomas Boop
d1aa255c7f
HTTP Client 2.2.3 Release ( #1804 )
...
* http-client 2.2.3
* fix audit
* Revert "fix audit"
724956ffa7
* update versions
* Revert "update versions"
139b3391a0
* exclude dev dependencies while we work on removing lerna
2024-08-22 10:13:36 -04:00
Brian DeHamer
7298ff3219
Merge pull request #1799 from actions/bdehamer/http-client-proxy-auth
...
fix encoding for proxy auth token
2024-08-21 06:41:49 -07:00
Brian DeHamer
ada9e00cda
fix encoding for proxy auth token
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 15:03:40 -07:00
Brian DeHamer
ac3a063583
improve release notes for @actions/attest
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:43:39 -07:00
Brian DeHamer
7cc96bb976
Merge pull request #1796 from actions/bdehamer/attest-issuer
...
derive default OIDC issuer from current tenant
2024-08-16 12:21:00 -07:00
Brian DeHamer
fa6cc53297
derive default OIDC issuer from current tenant
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-16 12:07:23 -07:00
Thomas Boop
f299e8ba1e
HTTP Client 2.2.2 Release ( #1794 )
...
* 2.2.2 release
* update nodes
2024-08-16 13:11:10 -04:00
Yu
1b9927d1c7
Handle Encoded URL for Proxy Username and Password in HTTP Client ( #1782 )
...
* uri-decode-fix
Signed-off-by: Yu <yu.yang@anz.com>
* http-client URLdecode fix
Signed-off-by: Yu <yu.yang@anz.com>
* http-client URLdecode test typo fix
Signed-off-by: Yu <yu.yang@anz.com>
---------
Signed-off-by: Yu <yu.yang@anz.com>
2024-08-16 12:43:10 -04:00
Brian DeHamer
340a1033a5
support for headers param in attest functions
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-08-15 15:35:32 -07:00
Josh Gross
50f2977cce
Add glob option to ignore hidden files ( #1791 )
...
* Add glob option to ignore hidden files
* Use the basename of the file/directory to check for `.`
* Ensure the `excludeHiddenFiles` is properly copied
* Allow the root directory to be matched
* Fix description of `excludeHiddenFiles`
* Document Windows hidden attribute limitation
* Bump version
* `lint`
* Document 0.5.0 release
* Lint again
2024-08-15 17:13:49 -04:00
Thomas Boop
48a65377c0
Fix HTTP client tests ( #1792 )
...
* fix tests and update dependencies
2024-08-15 16:53:06 -04:00
Sébastien Morais
3a33cca851
FIX: Set chunk timeout back to 5 minutes
2024-08-06 10:27:41 +02:00
Rob Herley
76b6e24aee
bump pkg lock
2024-07-31 10:12:04 -04:00
Rob Herley
58d14c4ef5
prep for @actions/artifact v2.1.9
2024-07-31 10:05:34 -04:00
Rob Herley
7463cf3da6
Merge pull request #1771 from rmunn/fix-too-many-open-files
...
Prevent "too many open files" in artifact upload
2024-07-31 09:20:36 -04:00
Robin Munn
7c61054649
Remove unused import
2024-07-27 17:00:02 +07:00
Brian DeHamer
b28406bd1f
fix proxy support for jwks retrieval
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-07-26 15:03:40 -07:00
Robin Munn
9517cdf52d
Prevent "too many open files" in artifact upload
...
See https://www.archiverjs.com/docs/archiver/#file
2024-07-26 08:49:34 +07:00
Rob Herley
3e34f6d19c
add comment for chunk timeout
2024-07-24 12:40:57 -04:00
Rob Herley
182702d2df
fix chunk timeout + update tests
2024-07-23 21:57:39 -04:00
Rob Herley
56832696fc
npm audit fix
2024-07-03 17:03:40 +00:00
Rob Herley
176b40a888
allow localhost hostnames for artifact checks
2024-07-03 16:55:53 +00:00
Brian DeHamer
dddc440d56
config rekor to fetch on conflict
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-06-12 11:57:18 -07:00
Brian DeHamer
73100a7f85
new GHA build provenance
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-06-05 14:54:34 -07:00
Brian DeHamer
8735a7e2da
prep 1.3.0 release of @actions/attest
...
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-05-21 13:11:37 -07:00