diff --git a/README.md b/README.md index 84bba695..4a01b006 100644 --- a/README.md +++ b/README.md @@ -1,231 +1,272 @@ -# Create a GitHub Action Using TypeScript +# attest -[![GitHub Super-Linter](https://github.com/actions/typescript-action/actions/workflows/linter.yml/badge.svg)](https://github.com/super-linter/super-linter) -![CI](https://github.com/actions/typescript-action/actions/workflows/ci.yml/badge.svg) -[![Check dist/](https://github.com/actions/typescript-action/actions/workflows/check-dist.yml/badge.svg)](https://github.com/actions/typescript-action/actions/workflows/check-dist.yml) -[![CodeQL](https://github.com/actions/typescript-action/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/actions/typescript-action/actions/workflows/codeql-analysis.yml) -[![Coverage](./badges/coverage.svg)](./badges/coverage.svg) +GitHub Action to sign and upload [in-toto Attestation Predicates][0] for +artifacts as part of a workflow. -Use this template to bootstrap the creation of a TypeScript action. :rocket: +## Usage -This template includes compilation support, tests, a validation workflow, -publishing, and versioning guidance. +Within the GitHub Actions workflow which builds some artifact you would like to +attest, -If you are new, there's also a simpler introduction in the -[Hello world JavaScript action repository](https://github.com/actions/hello-world-javascript-action). +1. Ensure that the following permissions are set: -## Create Your Own Action + ```yaml + permissions: + id-token: write + contents: write + ``` -To create your own action, you can use this repository as a template! Just -follow the below instructions: + The `id-token` permission gives the action the ability to mint the OIDC token + necessary to request a Sigstore signing certificate. The `contents` + permission is necessary to persist the attestation. -1. Click the **Use this template** button at the top of the repository -1. Select **Create a new repository** -1. Select an owner and name for your new repository -1. Click **Create repository** -1. Clone your new repository + > **NOTE**: The set of required permissions will be refined in a future + > release. -> [!IMPORTANT] -> -> Make sure to remove or update the [`CODEOWNERS`](./CODEOWNERS) file! For -> details on how to use this file, see -> [About code owners](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). +1. After your artifact build step, add the following: -## Initial Setup + ```yaml + - uses: actions/attest@main + with: + predicate-path: './predicate.json' + predicate-type: 'https://in-toto.io/attestation/release/v0.1' + subject-path: '${{ github.workspace }}/PATH_TO_FILE' + ``` -After you've cloned the repository to your local machine or codespace, you'll -need to perform some initial setup steps before you can develop your action. + The `subject-path` parameter should identity the artifact for which you want + to generate an attestation. -> [!NOTE] -> -> You'll need to have a reasonably modern version of -> [Node.js](https://nodejs.org) handy (20.x or later should work!). If you are -> using a version manager like [`nodenv`](https://github.com/nodenv/nodenv) or -> [`nvm`](https://github.com/nvm-sh/nvm), this template has a `.node-version` -> file at the root of the repository that will be used to automatically switch -> to the correct version when you `cd` into the repository. Additionally, this -> `.node-version` file is used by GitHub Actions in any `actions/setup-node` -> actions. +### What is being attested? -1. :hammer_and_wrench: Install the dependencies +The generated attestation is based on the inputs of `predicate-path` and `predicate-type` - ```bash - npm install - ``` +```json +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "name": "subject", + "digest": { + "sha256": "7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32" + } + } + ], + "predicateType": $predicateType, + "predicate": { + ... + } +} +``` -1. :building_construction: Package the TypeScript for distribution +The predicate statement is signed with a short-lived, [Sigstore][1]-issued +certificate. - ```bash - npm run bundle - ``` +If the repository initiating the GitHub Actions workflow is public, the public +instance of Sigstore will be used to generate the attestation signature. If the +repository is private, it will use the GitHub private Sigstore instance. -1. :white_check_mark: Run the tests +### Where does the attestation go? - ```bash - $ npm test +On the actions summary page for a repository you'll see an "Attestations" link +which will take you to a list of all the attestations generated by workflows in +that repository. - PASS ./index.test.js - ✓ throws invalid number (3ms) - ✓ wait 500 ms (504ms) - ✓ test runs (95ms) +![Actions summary view](./.github/attestations.png) - ... - ``` +### How are attestations verified? -## Update the Action Metadata +Attestations can be verified using the [gh-attestation][2] extension for the +[GitHub CLI][3]. -The [`action.yml`](action.yml) file defines metadata about your action, such as -input(s) and output(s). For details about this file, see -[Metadata syntax for GitHub Actions](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions). +## Customization -When you copy this repository, update `action.yml` with the name, description, -inputs, and outputs for your action. +See [action.yml](action.yml) -## Update the Action Code +### Inputs -The [`src/`](./src/) directory is the heart of your action! This contains the -source code that will be run when your action is invoked. You can replace the -contents of this directory with your own code. +- `predicate` - String containing the value for the attestation predicate. -There are a few things to keep in mind when writing your action code: + Must supply exactly one of "predicate-path" or "predicate". -- Most GitHub Actions toolkit and CI/CD operations are processed asynchronously. - In `main.ts`, you will see that the action is run in an `async` function. +- `predicate-path` - Path to the file which contains the content for the + attestation predicate. + + Must supply exactly one of "predicate-path" or "predicate". - ```javascript - import * as core from '@actions/core' - //... +- `predicate-type` - URI identifying the type of the predicate. - async function run() { - try { - //... - } catch (error) { - core.setFailed(error.message) - } - } - ``` +- `subject-path` - Path to the artifact for which the predicate statement will be + generated. - For more information about the GitHub Actions toolkit, see the - [documentation](https://github.com/actions/toolkit/blob/master/README.md). + Must specify exactly one of `subject-path` or `subject-digest`. Wildcards can + be used to identify more than one artifact. -So, what are you waiting for? Go ahead and start customizing your action! +- `subject-digest` - Digest of the subject for which the predicate statement + will be generated. -1. Create a new branch + Only SHA-256 digests are accepted and the supplied value must be in the form + "sha256:\". Must specify exactly one of `subject-path` or + `subject-digest`. - ```bash - git checkout -b releases/v1 - ``` +- `subject-name` - Subject name as it should appear in the predicate statement. -1. Replace the contents of `src/` with your action code -1. Add tests to `__tests__/` for your source code -1. Format, test, and build the action + Required when the subject is identified by the `subject-digest` parameter. + When attesting container images, the name should be the fully qualified image + name. - ```bash - npm run all - ``` +- `push-to-registry` - If true, the signed attestation is pushed to the + container registry identified by the `subject-name`. Default: `false`. - > [!WARNING] - > - > This step is important! It will run [`ncc`](https://github.com/vercel/ncc) - > to build the final JavaScript action code with all dependencies included. - > If you do not run this step, your action will not work correctly when it is - > used in a workflow. This step also includes the `--license` option for - > `ncc`, which will create a license file for all of the production node - > modules used in your project. +- `github-token` - Token used to make authenticated requests to the GitHub API. + Default: `${{ github.token }}`. -1. Commit your changes + The supplied token must have the permissions necessary to write attestations + to the repository. - ```bash - git add . - git commit -m "My first action is ready!" - ``` +### Outputs -1. Push them to your repository +- `bundle-path` - The file path of JSON-serialized [Sigstore bundle][4] + containing the attestation and related verification material. - ```bash - git push -u origin releases/v1 - ``` +## Sample Workflows -1. Create a pull request and get feedback on your action -1. Merge the pull request into the `main` branch +### Identify Artifact by Path -Your action is now published! :rocket: +For the basic use case, simply add the `attest` action to +your workflow and supply the path to the artifact for which you want to generate +attestation. -For information about versioning your action, see -[Versioning](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) -in the GitHub Actions toolkit. +```yaml +name: attest + +on: + workflow_dispatch: + +jobs: + build: + permissions: + id-token: write + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build artifact + run: make some-app + - name: Attest + uses: actions/attest@main + with: + predicate: | + '{ "purl": $YOUR_PURL, "releaseId": $YOUR_RELEASE_ID }' + predicate-type: 'https://in-toto.io/attestation/release/v0.1' + subject-path: '${{ github.workspace }}/some-app' +``` -## Validate the Action +### Identify Artifacts by Wildcard -You can now validate the action by referencing it in a workflow file. For -example, [`ci.yml`](./.github/workflows/ci.yml) demonstrates how to reference an -action in the same repository. +If you are generating multiple artifacts, you can generate attest for +each artifact by using a wildcard in the `subject-path` input. ```yaml -steps: - - name: Checkout - id: checkout - uses: actions/checkout@v4 - - - name: Test Local Action - id: test-action - uses: ./ - with: - milliseconds: 1000 - - - name: Print Output - id: output - run: echo "${{ steps.test-action.outputs.time }}" +name: build-wildcard-with-attest + +on: + workflow_dispatch: + +jobs: + build: + permissions: + id-token: write + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v4 + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Attest artifact + uses: actions/attest@main + with: + predicate: | + '{ "purl": $YOUR_PURL, "releaseId": $YOUR_RELEASE_ID }' + predicate-type: 'https://in-toto.io/attestation/release/v0.1' + subject-path: 'dist/**/my-bin-*' ``` -For example workflow runs, check out the -[Actions tab](https://github.com/actions/typescript-action/actions)! :rocket: +For supported wildcards along with behavior and documentation, see +[@actions/glob][5] which is used internally to search for files. -## Usage +### Container Image + +When working with container images you may not have a `subject-path` value you +can supply. In this case you can invoke the action with the `subject-name` and +`subject-digest` inputs. -After testing, you can create version tag(s) that developers can use to -reference different stable versions of your action. For more information, see -[Versioning](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) -in the GitHub Actions toolkit. +If you want to publish the attestation to the container registry with the +`push-to-registry` option, it is important that the `subject-name` specify the +fully-qualified image name (e.g. "ghcr.io/user/app" or +"acme.azurecr.io/user/app"). Do NOT include a tag as part of the image name -- +the specific image being attested is identified by the supplied digest. -To include the action in a workflow in another repository, you can use the -`uses` syntax with the `@` symbol to reference a specific branch, tag, or commit -hash. +> **NOTE**: When pushing to Docker Hub, please use "index.docker.io" as the +> registry portion of the image name. ```yaml -steps: - - name: Checkout - id: checkout - uses: actions/checkout@v4 - - - name: Test Local Action - id: test-action - uses: actions/typescript-action@v1 # Commit with the `v1` tag - with: - milliseconds: 1000 - - - name: Print Output - id: output - run: echo "${{ steps.test-action.outputs.time }}" +name: build-image-with-attest + +on: + push: + branches: [main] + +jobs: + build: + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + contents: write + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push image + id: push + uses: docker/build-push-action@v5.0.0 + with: + context: . + push: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + - name: Attest + uses: actions/attest@main + id: attest + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + predicate: | + '{ "purl": $YOUR_PURL, "releaseId": $YOUR_RELEASE_ID }' + predicate-type: 'https://in-toto.io/attestation/release/v0.1' ``` -## Publishing a New Release - -This project includes a helper script, [`script/release`](./script/release) -designed to streamline the process of tagging and pushing new releases for -GitHub Actions. - -GitHub Actions allows users to select a specific version of the action to use, -based on release tags. This script simplifies this process by performing the -following steps: - -1. **Retrieving the latest release tag:** The script starts by fetching the most - recent release tag by looking at the local data available in your repository. -1. **Prompting for a new release tag:** The user is then prompted to enter a new - release tag. To assist with this, the script displays the latest release tag - and provides a regular expression to validate the format of the new tag. -1. **Tagging the new release:** Once a valid new tag is entered, the script tags - the new release. -1. **Pushing the new tag to the remote:** Finally, the script pushes the new tag - to the remote repository. From here, you will need to create a new release in - GitHub and users can easily reference the new tag in their workflows. +[0]: https://github.com/in-toto/attestation/blob/main/spec/predicates/README.md +[1]: https://www.sigstore.dev/ +[2]: https://github.com/github-early-access/gh-attestation +[3]: https://cli.github.com/ +[4]: https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto +[5]: https://github.com/actions/toolkit/tree/main/packages/glob#patterns diff --git a/package-lock.json b/package-lock.json index a3d878c5..2ce0de2e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -28,6 +28,7 @@ "eslint-plugin-prettier": "^5.1.3", "jest": "^29.7.0", "js-yaml": "^4.1.0", + "markdownlint-cli": "^0.39.0", "nock": "^13.5.4", "prettier": "^3.2.5", "prettier-eslint": "^16.3.0", @@ -2846,6 +2847,15 @@ "node": ">= 0.8" } }, + "node_modules/commander": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", + "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", + "dev": true, + "engines": { + "node": ">=16" + } + }, "node_modules/common-tags": { "version": "1.8.2", "dev": true, @@ -2928,6 +2938,15 @@ } } }, + "node_modules/deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "dev": true, + "engines": { + "node": ">=4.0.0" + } + }, "node_modules/deep-is": { "version": "0.1.4", "dev": true, @@ -3051,6 +3070,18 @@ "iconv-lite": "^0.6.2" } }, + "node_modules/entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "dev": true, + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, "node_modules/err-code": { "version": "2.0.3", "license": "MIT" @@ -4087,6 +4118,18 @@ "node": ">=8.0.0" } }, + "node_modules/get-stdin": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/get-stream": { "version": "6.0.1", "dev": true, @@ -4355,9 +4398,10 @@ } }, "node_modules/ignore": { - "version": "5.2.4", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", "dev": true, - "license": "MIT", "engines": { "node": ">= 4" } @@ -4423,6 +4467,15 @@ "dev": true, "license": "ISC" }, + "node_modules/ini": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ini/-/ini-4.1.1.tgz", + "integrity": "sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==", + "dev": true, + "engines": { + "node": "^14.17.0 || ^16.13.0 || >=18.0.0" + } + }, "node_modules/internal-slot": { "version": "1.0.5", "dev": true, @@ -5416,6 +5469,12 @@ "url": "https://github.com/sponsors/ota-meshi" } }, + "node_modules/jsonc-parser": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz", + "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==", + "dev": true + }, "node_modules/jsx-ast-utils": { "version": "3.3.5", "dev": true, @@ -5484,6 +5543,15 @@ "dev": true, "license": "MIT" }, + "node_modules/linkify-it": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", + "dev": true, + "dependencies": { + "uc.micro": "^2.0.0" + } + }, "node_modules/locate-path": { "version": "6.0.0", "dev": true, @@ -5667,6 +5735,126 @@ "tmpl": "1.0.5" } }, + "node_modules/markdown-it": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.0.0.tgz", + "integrity": "sha512-seFjF0FIcPt4P9U39Bq1JYblX0KZCjDLFFQPHpL5AzHpqPEKtosxmdq/LTVZnjfH7tjt9BxStm+wXcDBNuYmzw==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1", + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.0.0" + }, + "bin": { + "markdown-it": "bin/markdown-it.mjs" + } + }, + "node_modules/markdownlint": { + "version": "0.33.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.33.0.tgz", + "integrity": "sha512-4lbtT14A3m0LPX1WS/3d1m7Blg+ZwiLq36WvjQqFGsX3Gik99NV+VXp/PW3n+Q62xyPdbvGOCfjPqjW+/SKMig==", + "dev": true, + "dependencies": { + "markdown-it": "14.0.0", + "markdownlint-micromark": "0.1.8" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" + } + }, + "node_modules/markdownlint-cli": { + "version": "0.39.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.39.0.tgz", + "integrity": "sha512-ZuFN7Xpsbn1Nbp0YYkeLOfXOMOfLQBik2lKRy8pVI/llmKQ2uW7x+8k5OMgF6o7XCsTDSYC/OOmeJ+3qplvnJQ==", + "dev": true, + "dependencies": { + "commander": "~11.1.0", + "get-stdin": "~9.0.0", + "glob": "~10.3.10", + "ignore": "~5.3.0", + "js-yaml": "^4.1.0", + "jsonc-parser": "~3.2.1", + "markdownlint": "~0.33.0", + "minimatch": "~9.0.3", + "run-con": "~1.3.2" + }, + "bin": { + "markdownlint": "markdownlint.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/markdownlint-cli/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/markdownlint-cli/node_modules/glob": { + "version": "10.3.10", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", + "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "dev": true, + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^2.3.5", + "minimatch": "^9.0.1", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", + "path-scurry": "^1.10.1" + }, + "bin": { + "glob": "dist/esm/bin.mjs" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/markdownlint-cli/node_modules/minimatch": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "dev": true, + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/markdownlint-micromark": { + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.8.tgz", + "integrity": "sha512-1ouYkMRo9/6gou9gObuMDnvZM8jC/ly3QCFQyoSPCS2XV1ZClU0xpKbL1Ar3bWWRT1RnBZkWUEiNKrI2CwiBQA==", + "dev": true, + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/DavidAnson" + } + }, + "node_modules/mdurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", + "dev": true + }, "node_modules/merge-stream": { "version": "2.0.0", "dev": true, @@ -6425,6 +6613,15 @@ "node": ">=6" } }, + "node_modules/punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, "node_modules/pure-rand": { "version": "6.0.3", "dev": true, @@ -6603,6 +6800,21 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/run-con": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz", + "integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==", + "dev": true, + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~4.1.0", + "minimist": "^1.2.8", + "strip-json-comments": "~3.1.1" + }, + "bin": { + "run-con": "cli.js" + } + }, "node_modules/run-parallel": { "version": "1.2.0", "dev": true, @@ -7322,6 +7534,12 @@ "node": ">=14.17" } }, + "node_modules/uc.micro": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.0.0.tgz", + "integrity": "sha512-DffL94LsNOccVn4hyfRe5rdKa273swqeA5DJpMOeFmEn1wCDc7nAbbB0gXlgBCL7TNzeTv6G7XVWzan7iJtfig==", + "dev": true + }, "node_modules/unbox-primitive": { "version": "1.0.2", "dev": true, @@ -9498,6 +9716,12 @@ "delayed-stream": "~1.0.0" } }, + "commander": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", + "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", + "dev": true + }, "common-tags": { "version": "1.8.2", "dev": true @@ -9545,6 +9769,12 @@ "dev": true, "requires": {} }, + "deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "dev": true + }, "deep-is": { "version": "0.1.4", "dev": true @@ -9619,6 +9849,12 @@ "iconv-lite": "^0.6.2" } }, + "entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "dev": true + }, "err-code": { "version": "2.0.3" }, @@ -10280,6 +10516,12 @@ "version": "0.1.0", "dev": true }, + "get-stdin": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", + "dev": true + }, "get-stream": { "version": "6.0.1", "dev": true @@ -10435,7 +10677,9 @@ } }, "ignore": { - "version": "5.2.4", + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", "dev": true }, "import-fresh": { @@ -10472,6 +10716,12 @@ "version": "2.0.4", "dev": true }, + "ini": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ini/-/ini-4.1.1.tgz", + "integrity": "sha512-QQnnxNyfvmHFIsj7gkPcYymR8Jdw/o7mp5ZFihxn6h8Ci6fh3Dx4E1gPjpQEpIuPo9XVNY/ZUwh4BPMjGyL01g==", + "dev": true + }, "internal-slot": { "version": "1.0.5", "dev": true, @@ -11117,6 +11367,12 @@ "semver": "^7.3.5" } }, + "jsonc-parser": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz", + "integrity": "sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA==", + "dev": true + }, "jsx-ast-utils": { "version": "3.3.5", "dev": true, @@ -11165,6 +11421,15 @@ "version": "1.2.4", "dev": true }, + "linkify-it": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", + "dev": true, + "requires": { + "uc.micro": "^2.0.0" + } + }, "locate-path": { "version": "6.0.0", "dev": true, @@ -11289,6 +11554,92 @@ "tmpl": "1.0.5" } }, + "markdown-it": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.0.0.tgz", + "integrity": "sha512-seFjF0FIcPt4P9U39Bq1JYblX0KZCjDLFFQPHpL5AzHpqPEKtosxmdq/LTVZnjfH7tjt9BxStm+wXcDBNuYmzw==", + "dev": true, + "requires": { + "argparse": "^2.0.1", + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.0.0" + } + }, + "markdownlint": { + "version": "0.33.0", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.33.0.tgz", + "integrity": "sha512-4lbtT14A3m0LPX1WS/3d1m7Blg+ZwiLq36WvjQqFGsX3Gik99NV+VXp/PW3n+Q62xyPdbvGOCfjPqjW+/SKMig==", + "dev": true, + "requires": { + "markdown-it": "14.0.0", + "markdownlint-micromark": "0.1.8" + } + }, + "markdownlint-cli": { + "version": "0.39.0", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.39.0.tgz", + "integrity": "sha512-ZuFN7Xpsbn1Nbp0YYkeLOfXOMOfLQBik2lKRy8pVI/llmKQ2uW7x+8k5OMgF6o7XCsTDSYC/OOmeJ+3qplvnJQ==", + "dev": true, + "requires": { + "commander": "~11.1.0", + "get-stdin": "~9.0.0", + "glob": "~10.3.10", + "ignore": "~5.3.0", + "js-yaml": "^4.1.0", + "jsonc-parser": "~3.2.1", + "markdownlint": "~0.33.0", + "minimatch": "~9.0.3", + "run-con": "~1.3.2" + }, + "dependencies": { + "brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0" + } + }, + "glob": { + "version": "10.3.10", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz", + "integrity": "sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g==", + "dev": true, + "requires": { + "foreground-child": "^3.1.0", + "jackspeak": "^2.3.5", + "minimatch": "^9.0.1", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0", + "path-scurry": "^1.10.1" + } + }, + "minimatch": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "dev": true, + "requires": { + "brace-expansion": "^2.0.1" + } + } + } + }, + "markdownlint-micromark": { + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/markdownlint-micromark/-/markdownlint-micromark-0.1.8.tgz", + "integrity": "sha512-1ouYkMRo9/6gou9gObuMDnvZM8jC/ly3QCFQyoSPCS2XV1ZClU0xpKbL1Ar3bWWRT1RnBZkWUEiNKrI2CwiBQA==", + "dev": true + }, + "mdurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", + "dev": true + }, "merge-stream": { "version": "2.0.0", "dev": true @@ -11748,6 +12099,12 @@ "version": "2.3.1", "dev": true }, + "punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "dev": true + }, "pure-rand": { "version": "6.0.3", "dev": true @@ -11846,6 +12203,18 @@ "glob": "^7.1.3" } }, + "run-con": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.3.2.tgz", + "integrity": "sha512-CcfE+mYiTcKEzg0IqS08+efdnH0oJ3zV0wSUFBNrMHMuxCtXvBCLzCJHatwuXDcu/RlhjTziTo/a1ruQik6/Yg==", + "dev": true, + "requires": { + "deep-extend": "^0.6.0", + "ini": "~4.1.0", + "minimist": "^1.2.8", + "strip-json-comments": "~3.1.1" + } + }, "run-parallel": { "version": "1.2.0", "dev": true, @@ -12282,6 +12651,12 @@ "version": "5.3.3", "dev": true }, + "uc.micro": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.0.0.tgz", + "integrity": "sha512-DffL94LsNOccVn4hyfRe5rdKa273swqeA5DJpMOeFmEn1wCDc7nAbbB0gXlgBCL7TNzeTv6G7XVWzan7iJtfig==", + "dev": true + }, "unbox-primitive": { "version": "1.0.2", "dev": true, diff --git a/package.json b/package.json index 08959e67..953251a8 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,9 @@ "ci-test": "jest", "format:write": "prettier --write **/*.ts", "format:check": "prettier --check **/*.ts", - "lint": "npx eslint . -c ./.github/linters/.eslintrc.yml", + "lint:eslint": "npx eslint . -c ./.github/linters/.eslintrc.yml", + "lint:markdown": "npx markdownlint --config .github/linters/.markdown-lint.yml \"*.md\"", + "lint": "npm run lint:eslint && npm run lint:markdown", "package": "ncc build src/index.ts --license licenses.txt", "package:watch": "npm run package -- --watch", "test": "jest", @@ -84,6 +86,7 @@ "eslint-plugin-prettier": "^5.1.3", "jest": "^29.7.0", "js-yaml": "^4.1.0", + "markdownlint-cli": "^0.39.0", "nock": "^13.5.4", "prettier": "^3.2.5", "prettier-eslint": "^16.3.0",