From d3e0400371ad72af49cdc74c863ab10646d82f30 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Mon, 26 Feb 2024 14:46:15 -0800 Subject: [PATCH] reference @actions/attest package (#10) Signed-off-by: Brian DeHamer --- .eslintignore | 1 - .github/workflows/check-dist.yml | 3 - .github/workflows/ci.yml | 3 - .github/workflows/linter.yml | 3 - .gitignore | 3 - dist/index.js | 824 ++++++++++-------- dist/licenses.txt | 12 +- package-lock.json | 628 +------------ package.json | 9 +- packages/attest/jest.config.js | 5 - packages/attest/package.json | 44 - .../__snapshots__/provenance.test.ts.snap | 51 -- packages/attest/src/__tests__/attest.test.ts | 154 ---- packages/attest/src/__tests__/index.test.ts | 32 - .../attest/src/__tests__/provenance.test.ts | 30 - packages/attest/src/__tests__/sign.test.ts | 105 --- packages/attest/src/__tests__/store.test.ts | 45 - packages/attest/src/attest.ts | 88 -- packages/attest/src/index.ts | 10 - packages/attest/src/provenance.ts | 72 -- packages/attest/src/sbom.ts | 34 - packages/attest/src/shared.types.ts | 22 - packages/attest/src/sign.ts | 82 -- packages/attest/src/store.ts | 27 - packages/attest/tsconfig.json | 18 - tsconfig.json | 6 +- 26 files changed, 503 insertions(+), 1808 deletions(-) delete mode 100644 packages/attest/jest.config.js delete mode 100644 packages/attest/package.json delete mode 100644 packages/attest/src/__tests__/__snapshots__/provenance.test.ts.snap delete mode 100644 packages/attest/src/__tests__/attest.test.ts delete mode 100644 packages/attest/src/__tests__/index.test.ts delete mode 100644 packages/attest/src/__tests__/provenance.test.ts delete mode 100644 packages/attest/src/__tests__/sign.test.ts delete mode 100644 packages/attest/src/__tests__/store.test.ts delete mode 100644 packages/attest/src/attest.ts delete mode 100644 packages/attest/src/index.ts delete mode 100644 packages/attest/src/provenance.ts delete mode 100644 packages/attest/src/sbom.ts delete mode 100644 packages/attest/src/shared.types.ts delete mode 100644 packages/attest/src/sign.ts delete mode 100644 packages/attest/src/store.ts delete mode 100644 packages/attest/tsconfig.json diff --git a/.eslintignore b/.eslintignore index d6631cb1..9ff5c1c6 100644 --- a/.eslintignore +++ b/.eslintignore @@ -2,4 +2,3 @@ lib/ dist/ node_modules/ coverage/ -packages/ diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index a150620e..88579454 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -41,9 +41,6 @@ jobs: id: install run: npm ci - - name: Build @actions/attest - run: npm run build --workspace packages/attest - - name: Build dist/ Directory id: build run: npm run bundle diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6223ad8b..de9abc16 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,9 +34,6 @@ jobs: id: npm-ci run: npm ci - - name: Build @actions/attest - run: npm run build --workspace packages/attest - - name: Check Format id: npm-format-check run: npm run format:check diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 2206107b..7b72f4b2 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -36,9 +36,6 @@ jobs: id: install run: npm ci - - name: Build @actions/attest - run: npm run build --workspace packages/attest - - name: Lint Codebase id: super-linter uses: super-linter/super-linter/slim@v6 diff --git a/.gitignore b/.gitignore index 53ecb07b..47fb5033 100644 --- a/.gitignore +++ b/.gitignore @@ -101,6 +101,3 @@ __tests__/runner/* .idea .vscode *.code-workspace - -packages/**/dist -packages/attest/dist diff --git a/dist/index.js b/dist/index.js index 9c638354..a05e465b 100644 --- a/dist/index.js +++ b/dist/index.js @@ -1,6 +1,444 @@ /******/ (() => { // webpackBootstrap /******/ var __webpack_modules__ = ({ +/***/ 6373: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { + +"use strict"; + +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.attest = void 0; +const bundle_1 = __nccwpck_require__(9715); +const crypto_1 = __nccwpck_require__(6113); +const endpoints_1 = __nccwpck_require__(1205); +const intoto_1 = __nccwpck_require__(5184); +const sign_1 = __nccwpck_require__(9878); +const store_1 = __nccwpck_require__(5911); +const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'; +/** + * Generates an attestation for the given subject and predicate. The subject and + * predicate are combined into an in-toto statement, which is then signed using + * the identified Sigstore instance and stored as an attestation. + * @param options - The options for attestation. + * @returns A promise that resolves to the attestation. + */ +function attest(options) { + return __awaiter(this, void 0, void 0, function* () { + const subject = { + name: options.subjectName, + digest: options.subjectDigest + }; + const predicate = { + type: options.predicateType, + params: options.predicate + }; + const statement = (0, intoto_1.buildIntotoStatement)(subject, predicate); + // Sign the provenance statement + const payload = { + body: Buffer.from(JSON.stringify(statement)), + type: INTOTO_PAYLOAD_TYPE + }; + const endpoints = (0, endpoints_1.signingEndpoints)(options.sigstore); + const bundle = yield (0, sign_1.signPayload)(payload, endpoints); + // Store the attestation + let attestationID; + if (options.skipWrite !== true) { + attestationID = yield (0, store_1.writeAttestation)((0, bundle_1.bundleToJSON)(bundle), options.token); + } + return toAttestation(bundle, attestationID); + }); +} +exports.attest = attest; +function toAttestation(bundle, attestationID) { + let certBytes; + switch (bundle.verificationMaterial.content.$case) { + case 'x509CertificateChain': + certBytes = + bundle.verificationMaterial.content.x509CertificateChain.certificates[0] + .rawBytes; + break; + case 'certificate': + certBytes = bundle.verificationMaterial.content.certificate.rawBytes; + break; + default: + throw new Error('Bundle must contain an x509 certificate'); + } + const signingCert = new crypto_1.X509Certificate(certBytes); + // Collect transparency log ID if available + const tlogEntries = bundle.verificationMaterial.tlogEntries; + const tlogID = tlogEntries.length > 0 ? tlogEntries[0].logIndex : undefined; + return { + bundle: (0, bundle_1.bundleToJSON)(bundle), + certificate: signingCert.toString(), + tlogID, + attestationID + }; +} +//# sourceMappingURL=attest.js.map + +/***/ }), + +/***/ 1205: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { + +"use strict"; + +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.signingEndpoints = exports.SIGSTORE_GITHUB = exports.SIGSTORE_PUBLIC_GOOD = void 0; +const github = __importStar(__nccwpck_require__(5438)); +const PUBLIC_GOOD_ID = 'public-good'; +const GITHUB_ID = 'github'; +const FULCIO_PUBLIC_GOOD_URL = 'https://fulcio.sigstore.dev'; +const REKOR_PUBLIC_GOOD_URL = 'https://rekor.sigstore.dev'; +const FULCIO_INTERNAL_URL = 'https://fulcio.githubapp.com'; +const TSA_INTERNAL_URL = 'https://timestamp.githubapp.com'; +exports.SIGSTORE_PUBLIC_GOOD = { + fulcioURL: FULCIO_PUBLIC_GOOD_URL, + rekorURL: REKOR_PUBLIC_GOOD_URL +}; +exports.SIGSTORE_GITHUB = { + fulcioURL: FULCIO_INTERNAL_URL, + tsaServerURL: TSA_INTERNAL_URL +}; +const signingEndpoints = (sigstore) => { + var _a; + let instance; + // An explicitly set instance type takes precedence, but if not set, use the + // repository's visibility to determine the instance type. + if (sigstore && [PUBLIC_GOOD_ID, GITHUB_ID].includes(sigstore)) { + instance = sigstore; + } + else { + instance = + ((_a = github.context.payload.repository) === null || _a === void 0 ? void 0 : _a.visibility) === 'public' + ? PUBLIC_GOOD_ID + : GITHUB_ID; + } + switch (instance) { + case PUBLIC_GOOD_ID: + return exports.SIGSTORE_PUBLIC_GOOD; + case GITHUB_ID: + return exports.SIGSTORE_GITHUB; + } +}; +exports.signingEndpoints = signingEndpoints; +//# sourceMappingURL=endpoints.js.map + +/***/ }), + +/***/ 4113: +/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.buildSLSAProvenancePredicate = exports.attestProvenance = exports.attest = void 0; +var attest_1 = __nccwpck_require__(6373); +Object.defineProperty(exports, "attest", ({ enumerable: true, get: function () { return attest_1.attest; } })); +var provenance_1 = __nccwpck_require__(5703); +Object.defineProperty(exports, "attestProvenance", ({ enumerable: true, get: function () { return provenance_1.attestProvenance; } })); +Object.defineProperty(exports, "buildSLSAProvenancePredicate", ({ enumerable: true, get: function () { return provenance_1.buildSLSAProvenancePredicate; } })); +//# sourceMappingURL=index.js.map + +/***/ }), + +/***/ 5184: +/***/ ((__unused_webpack_module, exports) => { + +"use strict"; + +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.buildIntotoStatement = void 0; +const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1'; +/** + * Assembles the given subject and predicate into an in-toto statement. + * @param subject - The subject of the statement. + * @param predicate - The predicate of the statement. + * @returns The constructed in-toto statement. + */ +const buildIntotoStatement = (subject, predicate) => { + return { + _type: INTOTO_STATEMENT_V1_TYPE, + subject: [subject], + predicateType: predicate.type, + predicate: predicate.params + }; +}; +exports.buildIntotoStatement = buildIntotoStatement; +//# sourceMappingURL=intoto.js.map + +/***/ }), + +/***/ 5703: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { + +"use strict"; + +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.attestProvenance = exports.buildSLSAProvenancePredicate = void 0; +const attest_1 = __nccwpck_require__(6373); +const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1'; +const GITHUB_BUILDER_ID_PREFIX = 'https://github.com/actions/runner'; +const GITHUB_BUILD_TYPE = 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1'; +/** + * Builds an SLSA (Supply Chain Levels for Software Artifacts) provenance + * predicate using the GitHub Actions Workflow build type. + * https://slsa.dev/spec/v1.0/provenance + * https://github.com/slsa-framework/github-actions-buildtypes/tree/main/workflow/v1 + * @param env - The Node.js process environment variables. Defaults to + * `process.env`. + * @returns The SLSA provenance predicate. + */ +const buildSLSAProvenancePredicate = (env = process.env) => { + const workflow = env.GITHUB_WORKFLOW_REF || ''; + // Split just the path and ref from the workflow string. + // owner/repo/.github/workflows/main.yml@main => + // .github/workflows/main.yml, main + const [workflowPath, workflowRef] = workflow + .replace(`${env.GITHUB_REPOSITORY}/`, '') + .split('@'); + return { + type: SLSA_PREDICATE_V1_TYPE, + params: { + buildDefinition: { + buildType: GITHUB_BUILD_TYPE, + externalParameters: { + workflow: { + ref: workflowRef, + repository: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}`, + path: workflowPath + } + }, + internalParameters: { + github: { + event_name: env.GITHUB_EVENT_NAME, + repository_id: env.GITHUB_REPOSITORY_ID, + repository_owner_id: env.GITHUB_REPOSITORY_OWNER_ID + } + }, + resolvedDependencies: [ + { + uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`, + digest: { + gitCommit: env.GITHUB_SHA + } + } + ] + }, + runDetails: { + builder: { + id: `${GITHUB_BUILDER_ID_PREFIX}/${env.RUNNER_ENVIRONMENT}` + }, + metadata: { + invocationId: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}/actions/runs/${env.GITHUB_RUN_ID}/attempts/${env.GITHUB_RUN_ATTEMPT}` + } + } + } + }; +}; +exports.buildSLSAProvenancePredicate = buildSLSAProvenancePredicate; +/** + * Attests the build provenance of the provided subject. Generates the SLSA + * build provenance predicate, assembles it into an in-toto statement, and + * attests it. + * + * @param options - The options for attesting the provenance. + * @returns A promise that resolves to the attestation. + */ +function attestProvenance(options) { + return __awaiter(this, void 0, void 0, function* () { + const predicate = (0, exports.buildSLSAProvenancePredicate)(process.env); + return (0, attest_1.attest)(Object.assign(Object.assign({}, options), { predicateType: predicate.type, predicate: predicate.params })); + }); +} +exports.attestProvenance = attestProvenance; +//# sourceMappingURL=provenance.js.map + +/***/ }), + +/***/ 9878: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { + +"use strict"; + +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.signPayload = void 0; +const sign_1 = __nccwpck_require__(2071); +const OIDC_AUDIENCE = 'sigstore'; +const DEFAULT_TIMEOUT = 10000; +const DEFAULT_RETRIES = 3; +/** + * Signs the provided payload with a Sigstore-issued certificate and returns the + * signature bundle. + * @param payload Payload to be signed. + * @param options Signing options. + * @returns A promise that resolves to the Sigstore signature bundle. + */ +const signPayload = (payload, options) => __awaiter(void 0, void 0, void 0, function* () { + const artifact = { + data: payload.body, + type: payload.type + }; + // Sign the artifact and build the bundle + return initBundleBuilder(options).create(artifact); +}); +exports.signPayload = signPayload; +// Assembles the Sigstore bundle builder with the appropriate options +const initBundleBuilder = (opts) => { + const identityProvider = new sign_1.CIContextProvider(OIDC_AUDIENCE); + const timeout = opts.timeout || DEFAULT_TIMEOUT; + const retry = opts.retry || DEFAULT_RETRIES; + const witnesses = []; + const signer = new sign_1.FulcioSigner({ + identityProvider, + fulcioBaseURL: opts.fulcioURL, + timeout, + retry + }); + if (opts.rekorURL) { + witnesses.push(new sign_1.RekorWitness({ + rekorBaseURL: opts.rekorURL, + entryType: 'dsse', + timeout, + retry + })); + } + if (opts.tsaServerURL) { + witnesses.push(new sign_1.TSAWitness({ + tsaBaseURL: opts.tsaServerURL, + timeout, + retry + })); + } + return new sign_1.DSSEBundleBuilder({ signer, witnesses }); +}; +//# sourceMappingURL=sign.js.map + +/***/ }), + +/***/ 5911: +/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { + +"use strict"; + +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; +Object.defineProperty(exports, "__esModule", ({ value: true })); +exports.writeAttestation = void 0; +const github = __importStar(__nccwpck_require__(5438)); +const make_fetch_happen_1 = __importDefault(__nccwpck_require__(9525)); +const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations'; +/** + * Writes an attestation to the repository's attestations endpoint. + * @param attestation - The attestation to write. + * @param token - The GitHub token for authentication. + * @returns The ID of the attestation. + * @throws Error if the attestation fails to persist. + */ +const writeAttestation = (attestation, token) => __awaiter(void 0, void 0, void 0, function* () { + var _a; + const octokit = github.getOctokit(token, { request: { fetch: make_fetch_happen_1.default } }); + try { + const response = yield octokit.request(CREATE_ATTESTATION_REQUEST, { + owner: github.context.repo.owner, + repo: github.context.repo.repo, + data: { bundle: attestation } + }); + return (_a = response.data) === null || _a === void 0 ? void 0 : _a.id; + } + catch (err) { + const message = err instanceof Error ? err.message : err; + throw new Error(`Failed to persist attestation: ${message}`); + } +}); +exports.writeAttestation = writeAttestation; +//# sourceMappingURL=store.js.map + +/***/ }), + /***/ 7351: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { @@ -4698,7 +5136,7 @@ module.exports = withTempDir /***/ }), -/***/ 9379: +/***/ 334: /***/ ((module) => { "use strict"; @@ -4816,7 +5254,7 @@ var import_universal_user_agent = __nccwpck_require__(5030); var import_before_after_hook = __nccwpck_require__(3682); var import_request = __nccwpck_require__(6234); var import_graphql = __nccwpck_require__(8467); -var import_auth_token = __nccwpck_require__(9379); +var import_auth_token = __nccwpck_require__(334); // pkg/dist-src/version.js var VERSION = "5.1.0"; @@ -9804,7 +10242,7 @@ const asn1_1 = __nccwpck_require__(4095); const crypto = __importStar(__nccwpck_require__(3914)); const oid_1 = __nccwpck_require__(5960); const error_1 = __nccwpck_require__(4526); -const tstinfo_1 = __nccwpck_require__(852); +const tstinfo_1 = __nccwpck_require__(6368); const OID_PKCS9_CONTENT_TYPE_SIGNED_DATA = '1.2.840.113549.1.7.2'; const OID_PKCS9_CONTENT_TYPE_TSTINFO = '1.2.840.113549.1.9.16.1.4'; const OID_PKCS9_MESSAGE_DIGEST_KEY = '1.2.840.113549.1.9.4'; @@ -9964,7 +10402,7 @@ exports.RFC3161Timestamp = RFC3161Timestamp; /***/ }), -/***/ 852: +/***/ 6368: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; @@ -13201,7 +13639,7 @@ exports.checkStatus = checkStatus; /***/ }), -/***/ 2960: +/***/ 269: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; @@ -13572,7 +14010,7 @@ Object.defineProperty(exports, "TSAWitness", ({ enumerable: true, get: function /***/ }), -/***/ 334: +/***/ 4606: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; @@ -13595,7 +14033,7 @@ See the License for the specific language governing permissions and limitations under the License. */ const error_1 = __nccwpck_require__(532); -const fulcio_1 = __nccwpck_require__(2960); +const fulcio_1 = __nccwpck_require__(269); class CAClient { constructor(options) { this.fulcio = new fulcio_1.Fulcio({ @@ -13717,7 +14155,7 @@ limitations under the License. */ const error_1 = __nccwpck_require__(532); const util_1 = __nccwpck_require__(724); -const ca_1 = __nccwpck_require__(334); +const ca_1 = __nccwpck_require__(4606); const ephemeral_1 = __nccwpck_require__(8489); exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev'; // Signer implementation which can be used to decorate another signer @@ -20255,7 +20693,7 @@ module.exports = { 'gb18030': { type: '_dbcs', table: function() { return (__nccwpck_require__(3336).concat)(__nccwpck_require__(4346)) }, - gb18030: function() { return __nccwpck_require__(3121) }, + gb18030: function() { return __nccwpck_require__(6290) }, encodeSkipVals: [0x80], encodeAdd: {'€': 0xA2E3}, }, @@ -20311,14 +20749,14 @@ module.exports = { '950': 'cp950', 'cp950': { type: '_dbcs', - table: function() { return __nccwpck_require__(4284) }, + table: function() { return __nccwpck_require__(3270) }, }, // Big5 has many variations and is an extension of cp950. We use Encoding Standard's as a consensus. 'big5': 'big5hkscs', 'big5hkscs': { type: '_dbcs', - table: function() { return (__nccwpck_require__(4284).concat)(__nccwpck_require__(3480)) }, + table: function() { return (__nccwpck_require__(3270).concat)(__nccwpck_require__(3480)) }, encodeSkipVals: [ // Although Encoding Standard says we should avoid encoding to HKSCS area (See Step 1 of // https://encoding.spec.whatwg.org/#index-big5-pointer), we still do it to increase compatibility with ICU. @@ -34365,7 +34803,7 @@ module.exports = async ( var errcode = __nccwpck_require__(2997); -var retry = __nccwpck_require__(4347); +var retry = __nccwpck_require__(1604); var hasOwn = Object.prototype.hasOwnProperty; @@ -34418,7 +34856,7 @@ module.exports = promiseRetry; /***/ }), -/***/ 4347: +/***/ 1604: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = __nccwpck_require__(6244); @@ -41950,7 +42388,7 @@ if (util.nodeMajor >= 16) { } if (util.nodeMajor >= 18 && hasCrypto) { - const { WebSocket } = __nccwpck_require__(8470) + const { WebSocket } = __nccwpck_require__(4284) module.exports.WebSocket = WebSocket } @@ -42192,7 +42630,7 @@ module.exports = { "use strict"; -const { AsyncResource } = __nccwpck_require__(8705) +const { AsyncResource } = __nccwpck_require__(852) const { InvalidArgumentError, RequestAbortedError, SocketError } = __nccwpck_require__(8045) const util = __nccwpck_require__(3983) const { addSignal, removeSignal } = __nccwpck_require__(7032) @@ -42315,7 +42753,7 @@ const { RequestAbortedError } = __nccwpck_require__(8045) const util = __nccwpck_require__(3983) -const { AsyncResource } = __nccwpck_require__(8705) +const { AsyncResource } = __nccwpck_require__(852) const { addSignal, removeSignal } = __nccwpck_require__(7032) const assert = __nccwpck_require__(9491) @@ -42568,7 +43006,7 @@ const { } = __nccwpck_require__(8045) const util = __nccwpck_require__(3983) const { getResolveErrorBodyCallback } = __nccwpck_require__(7474) -const { AsyncResource } = __nccwpck_require__(8705) +const { AsyncResource } = __nccwpck_require__(852) const { addSignal, removeSignal } = __nccwpck_require__(7032) class RequestHandler extends AsyncResource { @@ -42757,7 +43195,7 @@ const { } = __nccwpck_require__(8045) const util = __nccwpck_require__(3983) const { getResolveErrorBodyCallback } = __nccwpck_require__(7474) -const { AsyncResource } = __nccwpck_require__(8705) +const { AsyncResource } = __nccwpck_require__(852) const { addSignal, removeSignal } = __nccwpck_require__(7032) class StreamHandler extends AsyncResource { @@ -42978,7 +43416,7 @@ module.exports = stream const { InvalidArgumentError, RequestAbortedError, SocketError } = __nccwpck_require__(8045) -const { AsyncResource } = __nccwpck_require__(8705) +const { AsyncResource } = __nccwpck_require__(852) const util = __nccwpck_require__(3983) const { addSignal, removeSignal } = __nccwpck_require__(7032) const assert = __nccwpck_require__(9491) @@ -47122,7 +47560,7 @@ module.exports = { const { parseSetCookie } = __nccwpck_require__(4408) -const { stringify, getHeadersList } = __nccwpck_require__(6576) +const { stringify, getHeadersList } = __nccwpck_require__(3121) const { webidl } = __nccwpck_require__(1744) const { Headers } = __nccwpck_require__(554) @@ -47314,7 +47752,7 @@ module.exports = { const { maxNameValuePairSize, maxAttributeValueSize } = __nccwpck_require__(663) -const { isCTLExcludingHtab } = __nccwpck_require__(6576) +const { isCTLExcludingHtab } = __nccwpck_require__(3121) const { collectASequenceOfCodePointsFast } = __nccwpck_require__(685) const assert = __nccwpck_require__(9491) @@ -47632,7 +48070,7 @@ module.exports = { /***/ }), -/***/ 6576: +/***/ 3121: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -59979,7 +60417,7 @@ const { kGetNetConnect, kOptions, kFactory -} = __nccwpck_require__(9106) +} = __nccwpck_require__(4347) const MockClient = __nccwpck_require__(8687) const MockPool = __nccwpck_require__(6193) const { matchValue, buildMockOptions } = __nccwpck_require__(9323) @@ -60157,7 +60595,7 @@ const { kOrigin, kOriginalDispatch, kConnected -} = __nccwpck_require__(9106) +} = __nccwpck_require__(4347) const { MockInterceptor } = __nccwpck_require__(410) const Symbols = __nccwpck_require__(2785) const { InvalidArgumentError } = __nccwpck_require__(8045) @@ -60246,7 +60684,7 @@ const { kDefaultTrailers, kContentLength, kMockDispatch -} = __nccwpck_require__(9106) +} = __nccwpck_require__(4347) const { InvalidArgumentError } = __nccwpck_require__(8045) const { buildURL } = __nccwpck_require__(3983) @@ -60463,7 +60901,7 @@ const { kOrigin, kOriginalDispatch, kConnected -} = __nccwpck_require__(9106) +} = __nccwpck_require__(4347) const { MockInterceptor } = __nccwpck_require__(410) const Symbols = __nccwpck_require__(2785) const { InvalidArgumentError } = __nccwpck_require__(8045) @@ -60513,7 +60951,7 @@ module.exports = MockPool /***/ }), -/***/ 9106: +/***/ 4347: /***/ ((module) => { "use strict"; @@ -60557,7 +60995,7 @@ const { kOriginalDispatch, kOrigin, kGetNetConnect -} = __nccwpck_require__(9106) +} = __nccwpck_require__(4347) const { buildURL, nop } = __nccwpck_require__(3983) const { STATUS_CODES } = __nccwpck_require__(3685) const { @@ -63090,7 +63528,7 @@ module.exports = { /***/ }), -/***/ 8470: +/***/ 4284: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -64482,320 +64920,6 @@ function wrappy (fn, cb) { } -/***/ }), - -/***/ 1556: -/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { - -"use strict"; - -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.attestProvenance = exports.attest = void 0; -const bundle_1 = __nccwpck_require__(9715); -const provenance_1 = __nccwpck_require__(3918); -const sign_1 = __nccwpck_require__(1759); -const store_1 = __nccwpck_require__(6951); -const assert_1 = __importDefault(__nccwpck_require__(9491)); -const crypto_1 = __nccwpck_require__(6113); -const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json'; -const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1'; -async function attest(options) { - const subject = { - name: options.subjectName, - digest: options.subjectDigest - }; - const statement = { - _type: INTOTO_STATEMENT_V1_TYPE, - subject: [subject], - predicateType: options.predicateType, - predicate: options.predicate - }; - // Sign the provenance statement - const payload = { - body: Buffer.from(JSON.stringify(statement)), - type: INTOTO_PAYLOAD_TYPE - }; - const bundle = await (0, sign_1.signPayload)(payload, options); - // Store the attestation - let attestationID; - if (options.skipWrite !== true) { - attestationID = await (0, store_1.writeAttestation)((0, bundle_1.bundleToJSON)(bundle), options.token); - } - return toAttestation(bundle, attestationID); -} -exports.attest = attest; -async function attestProvenance(options) { - const predicate = (0, provenance_1.generateProvenancePredicate)(process.env); - return attest({ - ...options, - predicateType: predicate.type, - predicate: predicate.params - }); -} -exports.attestProvenance = attestProvenance; -function toAttestation(bundle, attestationID) { - // Extract the signing certificate from the bundle - (0, assert_1.default)(bundle.verificationMaterial.content.$case === 'x509CertificateChain', 'Bundle must contain an x509 certificate chain'); - const signingCert = new crypto_1.X509Certificate(bundle.verificationMaterial.content.x509CertificateChain.certificates[0].rawBytes); - // Determine if we can provide a link to the transparency log - const tlogEntries = bundle.verificationMaterial.tlogEntries; - const tlogID = tlogEntries.length > 0 ? tlogEntries[0].logIndex : undefined; - return { - bundle: (0, bundle_1.bundleToJSON)(bundle), - certificate: signingCert.toString(), - tlogID, - attestationID - }; -} - - -/***/ }), - -/***/ 3697: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.generateSBOMPredicate = exports.generateProvenancePredicate = exports.attestProvenance = exports.attest = void 0; -var attest_1 = __nccwpck_require__(1556); -Object.defineProperty(exports, "attest", ({ enumerable: true, get: function () { return attest_1.attest; } })); -Object.defineProperty(exports, "attestProvenance", ({ enumerable: true, get: function () { return attest_1.attestProvenance; } })); -var provenance_1 = __nccwpck_require__(3918); -Object.defineProperty(exports, "generateProvenancePredicate", ({ enumerable: true, get: function () { return provenance_1.generateProvenancePredicate; } })); -var sbom_1 = __nccwpck_require__(1695); -Object.defineProperty(exports, "generateSBOMPredicate", ({ enumerable: true, get: function () { return sbom_1.generateSBOMPredicate; } })); - - -/***/ }), - -/***/ 3918: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.generateProvenance = exports.generateProvenancePredicate = exports.SLSA_PREDICATE_V1_TYPE = void 0; -const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1'; -exports.SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1'; -const GITHUB_BUILDER_ID_PREFIX = 'https://github.com/actions/runner'; -const GITHUB_BUILD_TYPE = 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1'; -const generateProvenancePredicate = (env) => { - const workflow = env.GITHUB_WORKFLOW_REF || /* istanbul ignore next */ ''; - // Split just the path and ref from the workflow string. - // owner/repo/.github/workflows/main.yml@main => - // .github/workflows/main.yml, main - const [workflowPath, workflowRef] = workflow - .replace(`${env.GITHUB_REPOSITORY}/`, '') - .split('@'); - return { - type: exports.SLSA_PREDICATE_V1_TYPE, - params: { - buildDefinition: { - buildType: GITHUB_BUILD_TYPE, - externalParameters: { - workflow: { - ref: workflowRef, - repository: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}`, - path: workflowPath - } - }, - internalParameters: { - github: { - event_name: env.GITHUB_EVENT_NAME, - repository_id: env.GITHUB_REPOSITORY_ID, - repository_owner_id: env.GITHUB_REPOSITORY_OWNER_ID - } - }, - resolvedDependencies: [ - { - uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`, - digest: { - gitCommit: env.GITHUB_SHA - } - } - ] - }, - runDetails: { - builder: { - id: `${GITHUB_BUILDER_ID_PREFIX}/${env.RUNNER_ENVIRONMENT}` - }, - metadata: { - invocationId: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}/actions/runs/${env.GITHUB_RUN_ID}/attempts/${env.GITHUB_RUN_ATTEMPT}` - } - } - } - }; -}; -exports.generateProvenancePredicate = generateProvenancePredicate; -const generateProvenance = (subject, env) => { - const predicate = (0, exports.generateProvenancePredicate)(env); - return { - _type: INTOTO_STATEMENT_V1_TYPE, - subject: [subject], - predicateType: predicate.type, - predicate: predicate.params - }; -}; -exports.generateProvenance = generateProvenance; - - -/***/ }), - -/***/ 1695: -/***/ ((__unused_webpack_module, exports) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.generateSBOMPredicate = void 0; -const generateSBOMPredicate = (sbom) => { - if (sbom.type === 'spdx') { - return generateSPDXIntoto(sbom.object); - } - if (sbom.type === 'cyclonedx') { - return generateCycloneDXIntoto(sbom.object); - } - throw new Error('Unsupported SBOM format'); -}; -exports.generateSBOMPredicate = generateSBOMPredicate; -// ref: https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md -const generateSPDXIntoto = (sbom) => { - const spdxVersion = sbom?.['spdxVersion']; - if (!spdxVersion) { - throw new Error('Cannot find spdxVersion in the SBOM'); - } - const version = spdxVersion.split('-')[1]; - return { - type: `https://spdx.dev/Document/v${version}`, - params: sbom - }; -}; -// ref: https://github.com/in-toto/attestation/blob/main/spec/predicates/cyclonedx.md -const generateCycloneDXIntoto = (sbom) => { - return { - type: 'https://cyclonedx.org/bom', - params: sbom - }; -}; - - -/***/ }), - -/***/ 1759: -/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { - -"use strict"; - -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.signPayload = void 0; -const sign_1 = __nccwpck_require__(2071); -const OIDC_AUDIENCE = 'sigstore'; -const DEFAULT_TIMEOUT = 10000; -const DEFAULT_RETRIES = 3; -// Signs the provided payload with Sigstore. -const signPayload = async (payload, options) => { - const artifact = { - data: payload.body, - type: payload.type - }; - // Sign the artifact and build the bundle - return initBundleBuilder(options).create(artifact); -}; -exports.signPayload = signPayload; -// Assembles the Sigstore bundle builder with the appropriate options -const initBundleBuilder = (opts) => { - const identityProvider = opts.identityProvider || new sign_1.CIContextProvider(OIDC_AUDIENCE); - const timeout = opts.timeout || DEFAULT_TIMEOUT; - const retry = opts.retry || DEFAULT_RETRIES; - const witnesses = []; - const signer = new sign_1.FulcioSigner({ - identityProvider: identityProvider, - fulcioBaseURL: opts.fulcioURL, - timeout: timeout, - retry: retry - }); - if (opts.rekorURL) { - witnesses.push(new sign_1.RekorWitness({ - rekorBaseURL: opts.rekorURL, - entryType: 'dsse', - timeout: timeout, - retry: retry - })); - } - if (opts.tsaServerURL) { - witnesses.push(new sign_1.TSAWitness({ - tsaBaseURL: opts.tsaServerURL, - timeout: timeout, - retry: retry - })); - } - return new sign_1.DSSEBundleBuilder({ signer, witnesses }); -}; - - -/***/ }), - -/***/ 6951: -/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { - -"use strict"; - -var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - var desc = Object.getOwnPropertyDescriptor(m, k); - if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { - desc = { enumerable: true, get: function() { return m[k]; } }; - } - Object.defineProperty(o, k2, desc); -}) : (function(o, m, k, k2) { - if (k2 === undefined) k2 = k; - o[k2] = m[k]; -})); -var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { - Object.defineProperty(o, "default", { enumerable: true, value: v }); -}) : function(o, v) { - o["default"] = v; -}); -var __importStar = (this && this.__importStar) || function (mod) { - if (mod && mod.__esModule) return mod; - var result = {}; - if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); - __setModuleDefault(result, mod); - return result; -}; -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; -Object.defineProperty(exports, "__esModule", ({ value: true })); -exports.writeAttestation = void 0; -const github = __importStar(__nccwpck_require__(5438)); -const make_fetch_happen_1 = __importDefault(__nccwpck_require__(9525)); -const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations'; -// Upload the attestation to the repository's attestations endpoint. Returns the -// ID of the uploaded attestation. -const writeAttestation = async (attestation, token) => { - const octokit = github.getOctokit(token, { request: { fetch: make_fetch_happen_1.default } }); - try { - const response = await octokit.request(CREATE_ATTESTATION_REQUEST, { - owner: github.context.repo.owner, - repo: github.context.repo.repo, - data: { bundle: attestation } - }); - return response.data?.id; - } - catch (err) { - /* istanbul ignore next */ - const message = err instanceof Error ? err.message : err; - throw new Error(`Failed to persist attestation: ${message}`); - } -}; -exports.writeAttestation = writeAttestation; - - /***/ }), /***/ 9112: @@ -64847,7 +64971,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) { }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.run = void 0; -const attest_1 = __nccwpck_require__(3697); +const attest_1 = __nccwpck_require__(4113); const core = __importStar(__nccwpck_require__(2186)); const github = __importStar(__nccwpck_require__(5438)); const bundle_1 = __nccwpck_require__(9715); @@ -65155,7 +65279,7 @@ module.exports = require("assert"); /***/ }), -/***/ 8705: +/***/ 852: /***/ ((module) => { "use strict"; @@ -65435,7 +65559,7 @@ module.exports = require("zlib"); /***/ }), -/***/ 9718: +/***/ 2960: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; @@ -66023,7 +66147,7 @@ module.exports = SBMH const WritableStream = (__nccwpck_require__(4492).Writable) const { inherits } = __nccwpck_require__(7261) -const Dicer = __nccwpck_require__(9718) +const Dicer = __nccwpck_require__(2960) const MultipartParser = __nccwpck_require__(2183) const UrlencodedParser = __nccwpck_require__(8306) @@ -66124,7 +66248,7 @@ module.exports.Dicer = Dicer const { Readable } = __nccwpck_require__(4492) const { inherits } = __nccwpck_require__(7261) -const Dicer = __nccwpck_require__(9718) +const Dicer = __nccwpck_require__(2960) const parseParams = __nccwpck_require__(1854) const decodeText = __nccwpck_require__(4619) @@ -77741,7 +77865,7 @@ module.exports = JSON.parse('[["0","\\u0000",127],["8141","갂갃갅갆갋",4," /***/ }), -/***/ 4284: +/***/ 3270: /***/ ((module) => { "use strict"; @@ -77757,7 +77881,7 @@ module.exports = JSON.parse('[["0","\\u0000",127],["8ea1","。",62],["a1a1","  /***/ }), -/***/ 3121: +/***/ 6290: /***/ ((module) => { "use strict"; diff --git a/dist/licenses.txt b/dist/licenses.txt index 225d683d..4a64773c 100644 --- a/dist/licenses.txt +++ b/dist/licenses.txt @@ -1,5 +1,15 @@ @actions/attest -Apache-2.0 +MIT +The MIT License (MIT) + +Copyright 2024 GitHub + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + @actions/core MIT diff --git a/package-lock.json b/package-lock.json index 51075d0e..3c3f6af4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,10 +8,8 @@ "name": "typescript-action", "version": "0.0.0", "license": "MIT", - "workspaces": [ - "./packages/*" - ], "dependencies": { + "@actions/attest": "^1.0.0", "@actions/core": "^1.10.1", "@actions/glob": "^0.4.0", "@sigstore/oci": "^0.1.0" @@ -48,8 +46,15 @@ } }, "node_modules/@actions/attest": { - "resolved": "packages/attest", - "link": true + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.0.0.tgz", + "integrity": "sha512-EGm631ap0ixJLA7NJPt7vQM7+bWAjGtwK/zpATJl1NMZdeBpGpX52TUCJJ5A5wL52ty1QFmE6qPMVPT5OZ96Xg==", + "dependencies": { + "@actions/github": "^6.0.0", + "@sigstore/bundle": "^2.2.0", + "@sigstore/sign": "^2.2.3", + "make-fetch-happen": "^13.0.0" + } }, "node_modules/@actions/core": { "version": "1.10.1", @@ -1457,167 +1462,6 @@ "@octokit/openapi-types": "^19.1.0" } }, - "node_modules/@peculiar/asn1-cms": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "@peculiar/asn1-x509-attr": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-csr": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-ecc": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-pfx": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-cms": "^2.3.8", - "@peculiar/asn1-pkcs8": "^2.3.8", - "@peculiar/asn1-rsa": "^2.3.8", - "@peculiar/asn1-schema": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-pkcs8": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-pkcs9": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-cms": "^2.3.8", - "@peculiar/asn1-pfx": "^2.3.8", - "@peculiar/asn1-pkcs8": "^2.3.8", - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "@peculiar/asn1-x509-attr": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-rsa": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-schema": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "asn1js": "^3.0.5", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-x509": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "asn1js": "^3.0.5", - "ipaddr.js": "^2.1.0", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/asn1-x509-attr": { - "version": "2.3.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "node_modules/@peculiar/json-schema": { - "version": "1.1.12", - "dev": true, - "license": "MIT", - "dependencies": { - "tslib": "^2.0.0" - }, - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/@peculiar/webcrypto": { - "version": "1.4.5", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/json-schema": "^1.1.12", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2", - "webcrypto-core": "^1.7.8" - }, - "engines": { - "node": ">=10.12.0" - } - }, - "node_modules/@peculiar/x509": { - "version": "1.9.7", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-cms": "^2.3.8", - "@peculiar/asn1-csr": "^2.3.8", - "@peculiar/asn1-ecc": "^2.3.8", - "@peculiar/asn1-pkcs9": "^2.3.8", - "@peculiar/asn1-rsa": "^2.3.8", - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "pvtsutils": "^1.3.5", - "reflect-metadata": "^0.2.1", - "tslib": "^2.6.2", - "tsyringe": "^4.8.0" - } - }, "node_modules/@pkgjs/parseargs": { "version": "0.11.0", "license": "MIT", @@ -1654,26 +1498,6 @@ "node": "^16.14.0 || >=18.0.0" } }, - "node_modules/@sigstore/mock": { - "version": "0.6.5", - "dev": true, - "license": "Apache-2.0", - "dependencies": { - "@peculiar/webcrypto": "^1.4.5", - "@peculiar/x509": "^1.9.7", - "@sigstore/protobuf-specs": "^0.3.0", - "asn1js": "^3.0.5", - "bytestreamjs": "^2.0.1", - "canonicalize": "^2.0.0", - "jose": "^5.2.2", - "nock": "^13.5.1", - "pkijs": "^3.0.15", - "pvutils": "^1.1.3" - }, - "engines": { - "node": "^16.14.0 || >=18.0.0" - } - }, "node_modules/@sigstore/oci": { "version": "0.1.0", "license": "Apache-2.0", @@ -1725,16 +1549,6 @@ "@sinonjs/commons": "^3.0.0" } }, - "node_modules/@total-typescript/shoehorn": { - "version": "0.1.1", - "dev": true, - "license": "MIT" - }, - "node_modules/@tsconfig/node18": { - "version": "18.2.2", - "dev": true, - "license": "MIT" - }, "node_modules/@types/babel__core": { "version": "7.20.1", "dev": true, @@ -2352,19 +2166,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/asn1js": { - "version": "3.0.5", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "pvtsutils": "^1.3.2", - "pvutils": "^1.1.3", - "tslib": "^2.4.0" - }, - "engines": { - "node": ">=12.0.0" - } - }, "node_modules/ast-types-flow": { "version": "0.0.7", "dev": true, @@ -2593,14 +2394,6 @@ "dev": true, "license": "MIT" }, - "node_modules/bytestreamjs": { - "version": "2.0.1", - "dev": true, - "license": "BSD-3-Clause", - "engines": { - "node": ">=6.0.0" - } - }, "node_modules/cacache": { "version": "18.0.2", "license": "ISC", @@ -2716,11 +2509,6 @@ ], "license": "CC-BY-4.0" }, - "node_modules/canonicalize": { - "version": "2.0.0", - "dev": true, - "license": "Apache-2.0" - }, "node_modules/chalk": { "version": "4.1.2", "dev": true, @@ -4433,14 +4221,6 @@ "version": "1.1.3", "license": "BSD-3-Clause" }, - "node_modules/ipaddr.js": { - "version": "2.1.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 10" - } - }, "node_modules/is-array-buffer": { "version": "3.0.2", "dev": true, @@ -5303,14 +5083,6 @@ "url": "https://github.com/chalk/supports-color?sponsor=1" } }, - "node_modules/jose": { - "version": "5.2.2", - "dev": true, - "license": "MIT", - "funding": { - "url": "https://github.com/sponsors/panva" - } - }, "node_modules/js-tokens": { "version": "4.0.0", "dev": true, @@ -5362,11 +5134,6 @@ "dev": true, "license": "MIT" }, - "node_modules/json-stringify-safe": { - "version": "5.0.1", - "dev": true, - "license": "ISC" - }, "node_modules/json5": { "version": "2.2.3", "dev": true, @@ -5894,19 +5661,6 @@ "node": ">= 0.6" } }, - "node_modules/nock": { - "version": "13.5.3", - "dev": true, - "license": "MIT", - "dependencies": { - "debug": "^4.1.0", - "json-stringify-safe": "^5.0.1", - "propagate": "^2.0.0" - }, - "engines": { - "node": ">= 10.13" - } - }, "node_modules/node-int64": { "version": "0.4.0", "dev": true, @@ -6279,21 +6033,6 @@ "node": ">=8" } }, - "node_modules/pkijs": { - "version": "3.0.15", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "asn1js": "^3.0.5", - "bytestreamjs": "^2.0.0", - "pvtsutils": "^1.3.2", - "pvutils": "^1.1.3", - "tslib": "^2.4.0" - }, - "engines": { - "node": ">=12.0.0" - } - }, "node_modules/prelude-ls": { "version": "1.2.1", "dev": true, @@ -6408,14 +6147,6 @@ "node": ">= 6" } }, - "node_modules/propagate": { - "version": "2.0.1", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 8" - } - }, "node_modules/punycode": { "version": "2.3.1", "dev": true, @@ -6439,22 +6170,6 @@ ], "license": "MIT" }, - "node_modules/pvtsutils": { - "version": "1.3.5", - "dev": true, - "license": "MIT", - "dependencies": { - "tslib": "^2.6.1" - } - }, - "node_modules/pvutils": { - "version": "1.1.3", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=6.0.0" - } - }, "node_modules/queue-microtask": { "version": "1.2.3", "dev": true, @@ -6479,11 +6194,6 @@ "dev": true, "license": "MIT" }, - "node_modules/reflect-metadata": { - "version": "0.2.1", - "dev": true, - "license": "Apache-2.0" - }, "node_modules/regenerator-runtime": { "version": "0.14.0", "dev": true, @@ -7190,22 +6900,6 @@ "dev": true, "license": "0BSD" }, - "node_modules/tsyringe": { - "version": "4.8.0", - "dev": true, - "license": "MIT", - "dependencies": { - "tslib": "^1.9.3" - }, - "engines": { - "node": ">= 6.0.0" - } - }, - "node_modules/tsyringe/node_modules/tslib": { - "version": "1.14.1", - "dev": true, - "license": "0BSD" - }, "node_modules/tunnel": { "version": "0.0.6", "license": "MIT", @@ -7462,18 +7156,6 @@ "makeerror": "1.0.12" } }, - "node_modules/webcrypto-core": { - "version": "1.7.8", - "dev": true, - "license": "MIT", - "dependencies": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/json-schema": "^1.1.12", - "asn1js": "^3.0.1", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2" - } - }, "node_modules/which": { "version": "2.0.2", "license": "ISC", @@ -7616,27 +7298,6 @@ "funding": { "url": "https://github.com/sponsors/sindresorhus" } - }, - "packages/attest": { - "name": "@actions/attest", - "version": "0.0.0", - "license": "Apache-2.0", - "dependencies": { - "@actions/github": "^6.0.0", - "@sigstore/bundle": "^2.2.0", - "@sigstore/sign": "^2.2.3", - "make-fetch-happen": "^13.0.0" - }, - "devDependencies": { - "@sigstore/mock": "^0.6.4", - "@total-typescript/shoehorn": "^0.1.1", - "@tsconfig/node18": "^18.2.2", - "@types/make-fetch-happen": "^10.0.4", - "nock": "^13.5.1" - }, - "engines": { - "node": "^18.17.0 || >=20.5.0" - } } }, "dependencies": { @@ -7645,17 +7306,14 @@ "dev": true }, "@actions/attest": { - "version": "file:packages/attest", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-1.0.0.tgz", + "integrity": "sha512-EGm631ap0ixJLA7NJPt7vQM7+bWAjGtwK/zpATJl1NMZdeBpGpX52TUCJJ5A5wL52ty1QFmE6qPMVPT5OZ96Xg==", "requires": { "@actions/github": "^6.0.0", "@sigstore/bundle": "^2.2.0", - "@sigstore/mock": "^0.6.4", "@sigstore/sign": "^2.2.3", - "@total-typescript/shoehorn": "^0.1.1", - "@tsconfig/node18": "^18.2.2", - "@types/make-fetch-happen": "^10.0.4", - "make-fetch-happen": "^13.0.0", - "nock": "^13.5.1" + "make-fetch-happen": "^13.0.0" } }, "@actions/core": { @@ -8582,148 +8240,6 @@ "@octokit/openapi-types": "^19.1.0" } }, - "@peculiar/asn1-cms": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "@peculiar/asn1-x509-attr": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-csr": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-ecc": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-pfx": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-cms": "^2.3.8", - "@peculiar/asn1-pkcs8": "^2.3.8", - "@peculiar/asn1-rsa": "^2.3.8", - "@peculiar/asn1-schema": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-pkcs8": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-pkcs9": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-cms": "^2.3.8", - "@peculiar/asn1-pfx": "^2.3.8", - "@peculiar/asn1-pkcs8": "^2.3.8", - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "@peculiar/asn1-x509-attr": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-rsa": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-schema": { - "version": "2.3.8", - "dev": true, - "requires": { - "asn1js": "^3.0.5", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-x509": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "asn1js": "^3.0.5", - "ipaddr.js": "^2.1.0", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/asn1-x509-attr": { - "version": "2.3.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "asn1js": "^3.0.5", - "tslib": "^2.6.2" - } - }, - "@peculiar/json-schema": { - "version": "1.1.12", - "dev": true, - "requires": { - "tslib": "^2.0.0" - } - }, - "@peculiar/webcrypto": { - "version": "1.4.5", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/json-schema": "^1.1.12", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2", - "webcrypto-core": "^1.7.8" - } - }, - "@peculiar/x509": { - "version": "1.9.7", - "dev": true, - "requires": { - "@peculiar/asn1-cms": "^2.3.8", - "@peculiar/asn1-csr": "^2.3.8", - "@peculiar/asn1-ecc": "^2.3.8", - "@peculiar/asn1-pkcs9": "^2.3.8", - "@peculiar/asn1-rsa": "^2.3.8", - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/asn1-x509": "^2.3.8", - "pvtsutils": "^1.3.5", - "reflect-metadata": "^0.2.1", - "tslib": "^2.6.2", - "tsyringe": "^4.8.0" - } - }, "@pkgjs/parseargs": { "version": "0.11.0", "optional": true @@ -8741,22 +8257,6 @@ "@sigstore/core": { "version": "1.0.0" }, - "@sigstore/mock": { - "version": "0.6.5", - "dev": true, - "requires": { - "@peculiar/webcrypto": "^1.4.5", - "@peculiar/x509": "^1.9.7", - "@sigstore/protobuf-specs": "^0.3.0", - "asn1js": "^3.0.5", - "bytestreamjs": "^2.0.1", - "canonicalize": "^2.0.0", - "jose": "^5.2.2", - "nock": "^13.5.1", - "pkijs": "^3.0.15", - "pvutils": "^1.1.3" - } - }, "@sigstore/oci": { "version": "0.1.0", "requires": { @@ -8793,14 +8293,6 @@ "@sinonjs/commons": "^3.0.0" } }, - "@total-typescript/shoehorn": { - "version": "0.1.1", - "dev": true - }, - "@tsconfig/node18": { - "version": "18.2.2", - "dev": true - }, "@types/babel__core": { "version": "7.20.1", "dev": true, @@ -9193,15 +8685,6 @@ "is-shared-array-buffer": "^1.0.2" } }, - "asn1js": { - "version": "3.0.5", - "dev": true, - "requires": { - "pvtsutils": "^1.3.2", - "pvutils": "^1.1.3", - "tslib": "^2.4.0" - } - }, "ast-types-flow": { "version": "0.0.7", "dev": true @@ -9350,10 +8833,6 @@ "version": "1.1.2", "dev": true }, - "bytestreamjs": { - "version": "2.0.1", - "dev": true - }, "cacache": { "version": "18.0.2", "requires": { @@ -9418,10 +8897,6 @@ "version": "1.0.30001524", "dev": true }, - "canonicalize": { - "version": "2.0.0", - "dev": true - }, "chalk": { "version": "4.1.2", "dev": true, @@ -10474,10 +9949,6 @@ } } }, - "ipaddr.js": { - "version": "2.1.0", - "dev": true - }, "is-array-buffer": { "version": "3.0.2", "dev": true, @@ -11036,10 +10507,6 @@ } } }, - "jose": { - "version": "5.2.2", - "dev": true - }, "js-tokens": { "version": "4.0.0", "dev": true @@ -11074,10 +10541,6 @@ "version": "1.0.1", "dev": true }, - "json-stringify-safe": { - "version": "5.0.1", - "dev": true - }, "json5": { "version": "2.2.3", "dev": true @@ -11416,15 +10879,6 @@ "negotiator": { "version": "0.6.3" }, - "nock": { - "version": "13.5.3", - "dev": true, - "requires": { - "debug": "^4.1.0", - "json-stringify-safe": "^5.0.1", - "propagate": "^2.0.0" - } - }, "node-int64": { "version": "0.4.0", "dev": true @@ -11646,17 +11100,6 @@ } } }, - "pkijs": { - "version": "3.0.15", - "dev": true, - "requires": { - "asn1js": "^3.0.5", - "bytestreamjs": "^2.0.0", - "pvtsutils": "^1.3.2", - "pvutils": "^1.1.3", - "tslib": "^2.4.0" - } - }, "prelude-ls": { "version": "1.2.1", "dev": true @@ -11720,10 +11163,6 @@ "sisteransi": "^1.0.5" } }, - "propagate": { - "version": "2.0.1", - "dev": true - }, "punycode": { "version": "2.3.1", "dev": true @@ -11732,17 +11171,6 @@ "version": "6.0.3", "dev": true }, - "pvtsutils": { - "version": "1.3.5", - "dev": true, - "requires": { - "tslib": "^2.6.1" - } - }, - "pvutils": { - "version": "1.1.3", - "dev": true - }, "queue-microtask": { "version": "1.2.3", "dev": true @@ -11751,10 +11179,6 @@ "version": "18.2.0", "dev": true }, - "reflect-metadata": { - "version": "0.2.1", - "dev": true - }, "regenerator-runtime": { "version": "0.14.0", "dev": true @@ -12178,19 +11602,6 @@ } } }, - "tsyringe": { - "version": "4.8.0", - "dev": true, - "requires": { - "tslib": "^1.9.3" - }, - "dependencies": { - "tslib": { - "version": "1.14.1", - "dev": true - } - } - }, "tunnel": { "version": "0.0.6" }, @@ -12340,17 +11751,6 @@ "makeerror": "1.0.12" } }, - "webcrypto-core": { - "version": "1.7.8", - "dev": true, - "requires": { - "@peculiar/asn1-schema": "^2.3.8", - "@peculiar/json-schema": "^1.1.12", - "asn1js": "^3.0.1", - "pvtsutils": "^1.3.5", - "tslib": "^2.6.2" - } - }, "which": { "version": "2.0.2", "requires": { diff --git a/package.json b/package.json index 049c810a..fdb201d1 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,6 @@ }, "scripts": { "bundle": "npm run format:write && npm run package", - "prepackage": "npm run build --workspace packages/attest", "ci-test": "jest", "coverage": "make-coverage-badge --output-path ./badges/coverage.svg", "format:write": "prettier --write **/*.ts", @@ -67,15 +66,16 @@ ] }, "dependencies": { + "@actions/attest": "^1.0.0", "@actions/core": "^1.10.1", "@actions/glob": "^0.4.0", "@sigstore/oci": "^0.1.0" }, "devDependencies": { "@types/jest": "^29.5.12", + "@types/make-fetch-happen": "^10.0.4", "@types/node": "^20.11.17", "@typescript-eslint/parser": "^6.21.0", - "@types/make-fetch-happen": "^10.0.4", "@vercel/ncc": "^0.38.1", "eslint": "^8.56.0", "eslint-plugin-github": "^4.10.1", @@ -89,8 +89,5 @@ "prettier-eslint": "^16.3.0", "ts-jest": "^29.1.2", "typescript": "^5.3.3" - }, - "workspaces": [ - "./packages/*" - ] + } } diff --git a/packages/attest/jest.config.js b/packages/attest/jest.config.js deleted file mode 100644 index c149fcd7..00000000 --- a/packages/attest/jest.config.js +++ /dev/null @@ -1,5 +0,0 @@ -module.exports = { - preset: 'ts-jest', - testEnvironment: 'node', - testMatch: ['**/__tests__/*.test.ts'], -}; diff --git a/packages/attest/package.json b/packages/attest/package.json deleted file mode 100644 index 0e155aec..00000000 --- a/packages/attest/package.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "name": "@actions/attest", - "version": "0.0.0", - "description": "Base library for Sigstore", - "main": "dist/index.js", - "types": "dist/index.d.ts", - "scripts": { - "clean": "shx rm -rf dist *.tsbuildinfo", - "build": "tsc --build", - "test": "jest" - }, - "files": [ - "dist" - ], - "author": "bdehamer@github.com", - "license": "Apache-2.0", - "repository": { - "type": "git", - "url": "git+https://github.com/github/attest-js.git" - }, - "bugs": { - "url": "https://github.com/github/attest-js/issues" - }, - "homepage": "https://github.com/github/attest-js/tree/main/packages/core#readme", - "publishConfig": { - "provenance": true - }, - "devDependencies": { - "@sigstore/mock": "^0.6.4", - "@total-typescript/shoehorn": "^0.1.1", - "@tsconfig/node18": "^18.2.2", - "@types/make-fetch-happen": "^10.0.4", - "nock": "^13.5.1" - }, - "dependencies": { - "@actions/github": "^6.0.0", - "@sigstore/bundle": "^2.2.0", - "@sigstore/sign": "^2.2.3", - "make-fetch-happen": "^13.0.0" - }, - "engines": { - "node": "^18.17.0 || >=20.5.0" - } -} diff --git a/packages/attest/src/__tests__/__snapshots__/provenance.test.ts.snap b/packages/attest/src/__tests__/__snapshots__/provenance.test.ts.snap deleted file mode 100644 index bac77b96..00000000 --- a/packages/attest/src/__tests__/__snapshots__/provenance.test.ts.snap +++ /dev/null @@ -1,51 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`generateProvenance returns a provenance hydrated from env vars 1`] = ` -{ - "_type": "https://in-toto.io/Statement/v1", - "predicate": { - "buildDefinition": { - "buildType": "https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1", - "externalParameters": { - "workflow": { - "path": ".github/workflows/main.yml", - "ref": "main", - "repository": "https://github.com/owner/repo", - }, - }, - "internalParameters": { - "github": { - "event_name": "push", - "repository_id": "repo-id", - "repository_owner_id": "owner-id", - }, - }, - "resolvedDependencies": [ - { - "digest": { - "gitCommit": "babca52ab0c93ae16539e5923cb0d7403b9a093b", - }, - "uri": "git+https://github.com/owner/repo@refs/heads/main", - }, - ], - }, - "runDetails": { - "builder": { - "id": "https://github.com/actions/runner/github-hosted", - }, - "metadata": { - "invocationId": "https://github.com/owner/repo/actions/runs/run-id/attempts/run-attempt", - }, - }, - }, - "predicateType": "https://slsa.dev/provenance/v1", - "subject": [ - { - "digest": { - "sha256": "7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32", - }, - "name": "subjecty", - }, - ], -} -`; diff --git a/packages/attest/src/__tests__/attest.test.ts b/packages/attest/src/__tests__/attest.test.ts deleted file mode 100644 index a1d82ed7..00000000 --- a/packages/attest/src/__tests__/attest.test.ts +++ /dev/null @@ -1,154 +0,0 @@ -import { mockFulcio, mockRekor, mockTSA } from '@sigstore/mock' -import nock from 'nock' -import { attestProvenance } from '../attest' - -describe('attest functions', () => { - // Capture original environment variables and GitHub context so we can restore - // them after each test - const originalEnv = process.env - - // Fake an OIDC token - const subject = 'foo@bar.com' - const oidcPayload = { sub: subject, iss: '' } - const oidcToken = `.${Buffer.from(JSON.stringify(oidcPayload)).toString( - 'base64' - )}.}` - - const tokenURL = 'https://token.url' - const fulcioURL = 'https://fulcio.url' - const rekorURL = 'https://rekor.url' - const tsaServerURL = 'https://tsa.url' - const attestationID = '1234567890' - - beforeEach(async () => { - jest.clearAllMocks() - - nock(tokenURL) - .get('/') - .query({ audience: 'sigstore' }) - .reply(200, { value: oidcToken }) - - // Mock Fulcio endpoint - await mockFulcio({ baseURL: fulcioURL, strict: false }) - - // Set-up GHA environment variables - process.env = { - ...originalEnv, - ACTIONS_ID_TOKEN_REQUEST_URL: tokenURL, - ACTIONS_ID_TOKEN_REQUEST_TOKEN: 'token' - } - }) - - afterEach(() => { - // Restore the original environment - process.env = originalEnv - }) - - describe('#attestProvenance', () => { - const env = { - GITHUB_REPOSITORY: 'owner/repo', - GITHUB_REF: 'refs/heads/main', - GITHUB_SHA: 'babca52ab0c93ae16539e5923cb0d7403b9a093b', - GITHUB_WORKFLOW_REF: 'owner/repo/.github/workflows/main.yml@main', - GITHUB_SERVER_URL: 'https://github.com', - GITHUB_EVENT_NAME: 'push', - GITHUB_REPOSITORY_ID: 'repo-id', - GITHUB_REPOSITORY_OWNER_ID: 'owner-id', - GITHUB_RUN_ID: 'run-id', - GITHUB_RUN_ATTEMPT: 'run-attempt', - RUNNER_ENVIRONMENT: 'github-hosted' - } - - beforeEach(() => { - process.env = { ...process.env, ...env } - }) - - describe('when the timestamp authority URL is set', () => { - beforeEach(async () => { - await mockTSA({ baseURL: tsaServerURL }) - - // Mock GH attestations API - nock('https://api.github.com') - .post(/^\/repos\/.*\/.*\/attestations$/) - .reply(201, { id: attestationID }) - }) - - it('attests provenance', async () => { - const attestation = await attestProvenance({ - subjectName: 'subjective', - subjectDigest: { - sha256: - '7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32' - }, - token: 'token', - fulcioURL, - tsaServerURL - }) - - expect(attestation).toBeDefined() - expect(attestation.bundle).toBeDefined() - expect(attestation.certificate).toMatch(/-----BEGIN CERTIFICATE-----/) - expect(attestation.tlogID).toBeUndefined() - expect(attestation.attestationID).toBe(attestationID) - }) - }) - - describe('when the transparency log URL is set', () => { - beforeEach(async () => { - await mockRekor({ baseURL: rekorURL }) - - // Mock GH attestations API - nock('https://api.github.com') - .post(/^\/repos\/.*\/.*\/attestations$/) - .reply(201, { id: attestationID }) - }) - - it('attests provenance', async () => { - const attestation = await attestProvenance({ - subjectName: 'subjective', - subjectDigest: { - sha256: - '7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32' - }, - token: 'token', - fulcioURL, - rekorURL - }) - - expect(attestation).toBeDefined() - expect(attestation.bundle).toBeDefined() - expect(attestation.certificate).toMatch(/-----BEGIN CERTIFICATE-----/) - expect(attestation.tlogID).toBeDefined() - expect(attestation.attestationID).toBe(attestationID) - }) - }) - - describe('when skipWrite is set to true', () => { - beforeEach(async () => { - await mockRekor({ baseURL: rekorURL }) - await mockTSA({ baseURL: tsaServerURL }) - }) - - it('attests provenance', async () => { - const attestation = await attestProvenance({ - subjectName: 'subjective', - subjectDigest: { - sha256: - '7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32' - }, - token: 'token', - fulcioURL, - rekorURL, - tsaServerURL, - skipWrite: true - }) - - expect(attestation).toBeDefined() - expect(attestation.bundle).toBeDefined() - expect(attestation.certificate).toMatch(/-----BEGIN CERTIFICATE-----/) - expect(attestation.tlogID).toBeDefined() - expect(attestation.attestationID).toBeUndefined() - }) - }) - }) -}) diff --git a/packages/attest/src/__tests__/index.test.ts b/packages/attest/src/__tests__/index.test.ts deleted file mode 100644 index 8b883e37..00000000 --- a/packages/attest/src/__tests__/index.test.ts +++ /dev/null @@ -1,32 +0,0 @@ -import { fromPartial } from '@total-typescript/shoehorn' -import { - AttestOptions, - AttestProvenanceOptions, - Attestation, - Predicate, - Subject, - attest, - attestProvenance -} from '..' - -it('exports functions', () => { - expect(attestProvenance).toBeInstanceOf(Function) - expect(attest).toBeInstanceOf(Function) -}) - -it('exports types', async () => { - const attestation: Attestation = fromPartial({}) - expect(attestation).toBeDefined() - - const attestOptions: AttestOptions = fromPartial({}) - expect(attestOptions).toBeDefined() - - const attestProvenanceOptions: AttestProvenanceOptions = fromPartial({}) - expect(attestProvenanceOptions).toBeDefined() - - const subject: Subject = fromPartial({}) - expect(subject).toBeDefined() - - const predicate: Predicate = fromPartial({}) - expect(predicate).toBeDefined() -}) diff --git a/packages/attest/src/__tests__/provenance.test.ts b/packages/attest/src/__tests__/provenance.test.ts deleted file mode 100644 index fb325188..00000000 --- a/packages/attest/src/__tests__/provenance.test.ts +++ /dev/null @@ -1,30 +0,0 @@ -import { generateProvenance } from '../provenance' -import type { Subject } from '../shared.types' - -describe('generateProvenance', () => { - const subject: Subject = { - name: 'subjecty', - digest: { - sha256: '7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32' - } - } - - const env = { - GITHUB_REPOSITORY: 'owner/repo', - GITHUB_REF: 'refs/heads/main', - GITHUB_SHA: 'babca52ab0c93ae16539e5923cb0d7403b9a093b', - GITHUB_WORKFLOW_REF: 'owner/repo/.github/workflows/main.yml@main', - GITHUB_SERVER_URL: 'https://github.com', - GITHUB_EVENT_NAME: 'push', - GITHUB_REPOSITORY_ID: 'repo-id', - GITHUB_REPOSITORY_OWNER_ID: 'owner-id', - GITHUB_RUN_ID: 'run-id', - GITHUB_RUN_ATTEMPT: 'run-attempt', - RUNNER_ENVIRONMENT: 'github-hosted' - } - - it('returns a provenance hydrated from env vars', () => { - const provenance = generateProvenance(subject, env) - expect(provenance).toMatchSnapshot() - }) -}) diff --git a/packages/attest/src/__tests__/sign.test.ts b/packages/attest/src/__tests__/sign.test.ts deleted file mode 100644 index 0d2ce23d..00000000 --- a/packages/attest/src/__tests__/sign.test.ts +++ /dev/null @@ -1,105 +0,0 @@ -import { mockFulcio, mockRekor, mockTSA } from '@sigstore/mock' -import nock from 'nock' -import { Payload, signPayload } from '../sign' - -describe('signProvenance', () => { - const originalEnv = process.env - - // Fake an OIDC token - const subject = 'foo@bar.com' - const oidcPayload = { sub: subject, iss: '' } - const oidcToken = `.${Buffer.from(JSON.stringify(oidcPayload)).toString( - 'base64' - )}.}` - - // Dummy provenance to be signed - const provenance = { - _type: 'https://in-toto.io/Statement/v1', - subject: { - name: 'subjective', - digest: { - sha256: - '7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32' - } - } - } - - const payload: Payload = { - body: Buffer.from(JSON.stringify(provenance)), - type: 'application/vnd.in-toto+json' - } - - const fulcioURL = 'https://fulcio.url' - const rekorURL = 'https://rekor.url' - const tsaServerURL = 'https://tsa.url' - - beforeEach(() => { - // Mock OIDC token endpoint - const tokenURL = 'https://token.url' - - process.env = { - ...originalEnv, - ACTIONS_ID_TOKEN_REQUEST_URL: tokenURL, - ACTIONS_ID_TOKEN_REQUEST_TOKEN: 'token' - } - - nock(tokenURL) - .get('/') - .query({ audience: 'sigstore' }) - .reply(200, { value: oidcToken }) - }) - - afterEach(() => { - process.env = originalEnv - }) - - describe('when visibility is public', () => { - beforeEach(async () => { - await mockFulcio({ baseURL: fulcioURL, strict: false }) - await mockRekor({ baseURL: rekorURL }) - }) - - it('returns a bundle', async () => { - const att = await signPayload(payload, { fulcioURL, rekorURL }) - - expect(att).toBeDefined() - expect(att.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.2' - ) - - expect(att.content.$case).toEqual('dsseEnvelope') - expect(att.verificationMaterial.content.$case).toEqual( - 'x509CertificateChain' - ) - expect(att.verificationMaterial.tlogEntries).toHaveLength(1) - expect( - att.verificationMaterial.timestampVerificationData?.rfc3161Timestamps - ).toHaveLength(0) - }) - }) - - describe('when visibility is private', () => { - beforeEach(async () => { - await mockFulcio({ baseURL: fulcioURL, strict: false }) - await mockTSA({ baseURL: tsaServerURL }) - }) - - it('returns a bundle', async () => { - const att = await signPayload(payload, { fulcioURL, tsaServerURL }) - - expect(att).toBeDefined() - expect(att.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.2' - ) - - expect(att.content.$case).toEqual('dsseEnvelope') - expect(att.verificationMaterial.content.$case).toEqual( - 'x509CertificateChain' - ) - expect(att.verificationMaterial.tlogEntries).toHaveLength(0) - expect( - att.verificationMaterial.timestampVerificationData?.rfc3161Timestamps - ).toHaveLength(1) - }) - }) -}) diff --git a/packages/attest/src/__tests__/store.test.ts b/packages/attest/src/__tests__/store.test.ts deleted file mode 100644 index 19db1637..00000000 --- a/packages/attest/src/__tests__/store.test.ts +++ /dev/null @@ -1,45 +0,0 @@ -import nock from 'nock' -import { writeAttestation } from '../store' - -describe('writeAttestation', () => { - const originalEnv = process.env - const attestation = { foo: 'bar ' } - const token = 'token' - - beforeEach(() => { - process.env = { - ...originalEnv, - GITHUB_REPOSITORY: 'foo/bar' - } - }) - - afterEach(() => { - process.env = originalEnv - }) - - describe('when the api call is successful', () => { - beforeEach(() => { - nock('https://api.github.com') - .matchHeader('authorization', `token ${token}`) - .post('/repos/foo/bar/attestations', { bundle: attestation }) - .reply(201, { id: '123' }) - }) - - it('persists the attestation', async () => { - await expect(writeAttestation(attestation, token)).resolves.toEqual('123') - }) - }) - - describe('when the api call fails', () => { - beforeEach(() => { - nock('https://api.github.com') - .matchHeader('authorization', `token ${token}`) - .post('/repos/foo/bar/attestations', { bundle: attestation }) - .reply(500, 'oops') - }) - - it('persists the attestation', async () => { - await expect(writeAttestation(attestation, token)).rejects.toThrow(/oops/) - }) - }) -}) diff --git a/packages/attest/src/attest.ts b/packages/attest/src/attest.ts deleted file mode 100644 index 1a3f445e..00000000 --- a/packages/attest/src/attest.ts +++ /dev/null @@ -1,88 +0,0 @@ -import { Bundle, bundleToJSON } from '@sigstore/bundle' -import { generateProvenancePredicate } from './provenance' -import { Payload, SignOptions, signPayload } from './sign' -import { writeAttestation } from './store' - -import assert from 'assert' -import { X509Certificate } from 'crypto' -import type { Attestation, Subject } from './shared.types' - -const INTOTO_PAYLOAD_TYPE = 'application/vnd.in-toto+json' -const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1' - -type AttestBaseOptions = SignOptions & { - subjectName: string - subjectDigest: Record - token: string - skipWrite?: boolean -} - -export type AttestOptions = AttestBaseOptions & { - predicateType: string - predicate: object -} - -export type AttestProvenanceOptions = AttestBaseOptions - -export async function attest(options: AttestOptions): Promise { - const subject: Subject = { - name: options.subjectName, - digest: options.subjectDigest - } - - const statement = { - _type: INTOTO_STATEMENT_V1_TYPE, - subject: [subject], - predicateType: options.predicateType, - predicate: options.predicate - } - - // Sign the provenance statement - const payload: Payload = { - body: Buffer.from(JSON.stringify(statement)), - type: INTOTO_PAYLOAD_TYPE - } - const bundle = await signPayload(payload, options) - - // Store the attestation - let attestationID: string | undefined - if (options.skipWrite !== true) { - attestationID = await writeAttestation(bundleToJSON(bundle), options.token) - } - - return toAttestation(bundle, attestationID) -} - -export async function attestProvenance( - options: AttestProvenanceOptions -): Promise { - const predicate = generateProvenancePredicate(process.env) - return attest({ - ...options, - predicateType: predicate.type, - predicate: predicate.params - }) -} - -function toAttestation(bundle: Bundle, attestationID?: string): Attestation { - // Extract the signing certificate from the bundle - assert( - bundle.verificationMaterial.content.$case === 'x509CertificateChain', - 'Bundle must contain an x509 certificate chain' - ) - - const signingCert = new X509Certificate( - bundle.verificationMaterial.content.x509CertificateChain.certificates[0].rawBytes - ) - - // Determine if we can provide a link to the transparency log - const tlogEntries = bundle.verificationMaterial.tlogEntries - const tlogID = tlogEntries.length > 0 ? tlogEntries[0].logIndex : undefined - - return { - bundle: bundleToJSON(bundle), - certificate: signingCert.toString(), - tlogID, - attestationID - } -} diff --git a/packages/attest/src/index.ts b/packages/attest/src/index.ts deleted file mode 100644 index 275a6f22..00000000 --- a/packages/attest/src/index.ts +++ /dev/null @@ -1,10 +0,0 @@ -export { - AttestOptions, - AttestProvenanceOptions, - attest, - attestProvenance -} from './attest' -export { generateProvenancePredicate } from './provenance' -export { generateSBOMPredicate } from './sbom' - -export type { Attestation, Predicate, Subject, SBOM } from './shared.types' diff --git a/packages/attest/src/provenance.ts b/packages/attest/src/provenance.ts deleted file mode 100644 index bcc57dcb..00000000 --- a/packages/attest/src/provenance.ts +++ /dev/null @@ -1,72 +0,0 @@ -import type { Predicate, Subject } from './shared.types' - -const INTOTO_STATEMENT_V1_TYPE = 'https://in-toto.io/Statement/v1' -export const SLSA_PREDICATE_V1_TYPE = 'https://slsa.dev/provenance/v1' - -const GITHUB_BUILDER_ID_PREFIX = 'https://github.com/actions/runner' -const GITHUB_BUILD_TYPE = - 'https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1' - -export const generateProvenancePredicate = ( - env: NodeJS.ProcessEnv -): Predicate => { - const workflow = env.GITHUB_WORKFLOW_REF || /* istanbul ignore next */ '' - // Split just the path and ref from the workflow string. - // owner/repo/.github/workflows/main.yml@main => - // .github/workflows/main.yml, main - const [workflowPath, workflowRef] = workflow - .replace(`${env.GITHUB_REPOSITORY}/`, '') - .split('@') - - return { - type: SLSA_PREDICATE_V1_TYPE, - params: { - buildDefinition: { - buildType: GITHUB_BUILD_TYPE, - externalParameters: { - workflow: { - ref: workflowRef, - repository: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}`, - path: workflowPath - } - }, - internalParameters: { - github: { - event_name: env.GITHUB_EVENT_NAME, - repository_id: env.GITHUB_REPOSITORY_ID, - repository_owner_id: env.GITHUB_REPOSITORY_OWNER_ID - } - }, - resolvedDependencies: [ - { - uri: `git+${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}@${env.GITHUB_REF}`, - digest: { - gitCommit: env.GITHUB_SHA - } - } - ] - }, - runDetails: { - builder: { - id: `${GITHUB_BUILDER_ID_PREFIX}/${env.RUNNER_ENVIRONMENT}` - }, - metadata: { - invocationId: `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}/actions/runs/${env.GITHUB_RUN_ID}/attempts/${env.GITHUB_RUN_ATTEMPT}` - } - } - } - } -} - -export const generateProvenance = ( - subject: Subject, - env: NodeJS.ProcessEnv -): object => { - const predicate = generateProvenancePredicate(env) - return { - _type: INTOTO_STATEMENT_V1_TYPE, - subject: [subject], - predicateType: predicate.type, - predicate: predicate.params - } -} diff --git a/packages/attest/src/sbom.ts b/packages/attest/src/sbom.ts deleted file mode 100644 index 5dc996f4..00000000 --- a/packages/attest/src/sbom.ts +++ /dev/null @@ -1,34 +0,0 @@ -import type { SBOM, Predicate } from './shared.types' - -export const generateSBOMPredicate = (sbom: SBOM): Predicate => { - if (sbom.type === 'spdx') { - return generateSPDXIntoto(sbom.object) - } - if (sbom.type === 'cyclonedx') { - return generateCycloneDXIntoto(sbom.object) - } - throw new Error('Unsupported SBOM format') -} - -// ref: https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md -const generateSPDXIntoto = (sbom: object): Predicate => { - const spdxVersion = (sbom as { spdxVersion?: string })?.['spdxVersion'] - if (!spdxVersion) { - throw new Error('Cannot find spdxVersion in the SBOM') - } - - const version = spdxVersion.split('-')[1] - - return { - type: `https://spdx.dev/Document/v${version}`, - params: sbom - } -} - -// ref: https://github.com/in-toto/attestation/blob/main/spec/predicates/cyclonedx.md -const generateCycloneDXIntoto = (sbom: object): Predicate => { - return { - type: 'https://cyclonedx.org/bom', - params: sbom - } -} diff --git a/packages/attest/src/shared.types.ts b/packages/attest/src/shared.types.ts deleted file mode 100644 index ee629fb2..00000000 --- a/packages/attest/src/shared.types.ts +++ /dev/null @@ -1,22 +0,0 @@ -import type { SerializedBundle } from '@sigstore/bundle' -export type Subject = { - name: string - digest: Record -} - -export type Predicate = { - type: string - params: object -} - -export type Attestation = { - bundle: SerializedBundle - certificate: string - tlogID?: string - attestationID?: string -} - -export type SBOM = { - type: 'spdx' | 'cyclonedx' - object: object -} diff --git a/packages/attest/src/sign.ts b/packages/attest/src/sign.ts deleted file mode 100644 index 585bf4d2..00000000 --- a/packages/attest/src/sign.ts +++ /dev/null @@ -1,82 +0,0 @@ -import { Bundle } from '@sigstore/bundle' -import { - BundleBuilder, - CIContextProvider, - DSSEBundleBuilder, - FulcioSigner, - IdentityProvider, - RekorWitness, - TSAWitness, - Witness -} from '@sigstore/sign' - -const OIDC_AUDIENCE = 'sigstore' -const DEFAULT_TIMEOUT = 10000 -const DEFAULT_RETRIES = 3 - -export type Payload = { - body: Buffer - type: string -} - -export type SignOptions = { - fulcioURL: string - rekorURL?: string - tsaServerURL?: string - identityProvider?: IdentityProvider - timeout?: number - retry?: number -} - -// Signs the provided payload with Sigstore. -export const signPayload = async ( - payload: Payload, - options: SignOptions -): Promise => { - const artifact = { - data: payload.body, - type: payload.type - } - - // Sign the artifact and build the bundle - return initBundleBuilder(options).create(artifact) -} - -// Assembles the Sigstore bundle builder with the appropriate options -const initBundleBuilder = (opts: SignOptions): BundleBuilder => { - const identityProvider = - opts.identityProvider || new CIContextProvider(OIDC_AUDIENCE) - const timeout = opts.timeout || DEFAULT_TIMEOUT - const retry = opts.retry || DEFAULT_RETRIES - const witnesses: Witness[] = [] - - const signer = new FulcioSigner({ - identityProvider: identityProvider, - fulcioBaseURL: opts.fulcioURL, - timeout: timeout, - retry: retry - }) - - if (opts.rekorURL) { - witnesses.push( - new RekorWitness({ - rekorBaseURL: opts.rekorURL, - entryType: 'dsse', - timeout: timeout, - retry: retry - }) - ) - } - - if (opts.tsaServerURL) { - witnesses.push( - new TSAWitness({ - tsaBaseURL: opts.tsaServerURL, - timeout: timeout, - retry: retry - }) - ) - } - - return new DSSEBundleBuilder({ signer, witnesses }) -} diff --git a/packages/attest/src/store.ts b/packages/attest/src/store.ts deleted file mode 100644 index f6d41480..00000000 --- a/packages/attest/src/store.ts +++ /dev/null @@ -1,27 +0,0 @@ -import * as github from '@actions/github' -import fetch from 'make-fetch-happen' - -const CREATE_ATTESTATION_REQUEST = 'POST /repos/{owner}/{repo}/attestations' - -// Upload the attestation to the repository's attestations endpoint. Returns the -// ID of the uploaded attestation. -export const writeAttestation = async ( - attestation: unknown, - token: string -): Promise => { - const octokit = github.getOctokit(token, { request: { fetch } }) - - try { - const response = await octokit.request(CREATE_ATTESTATION_REQUEST, { - owner: github.context.repo.owner, - repo: github.context.repo.repo, - data: { bundle: attestation } - }) - - return response.data?.id - } catch (err) { - /* istanbul ignore next */ - const message = err instanceof Error ? err.message : err - throw new Error(`Failed to persist attestation: ${message}`) - } -} diff --git a/packages/attest/tsconfig.json b/packages/attest/tsconfig.json deleted file mode 100644 index 81e31542..00000000 --- a/packages/attest/tsconfig.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "extends": "@tsconfig/node18/tsconfig.json", - "compilerOptions": { - "composite": true, - "rootDir": "src", - "outDir": "dist", - "declaration": true, - "noFallthroughCasesInSwitch": true, - "noImplicitOverride": true, - "allowUnreachableCode": false, - "noImplicitReturns": true, - "noUnusedParameters": true - }, - "exclude": [ - "./dist", - "**/__tests__" - ] -} diff --git a/tsconfig.json b/tsconfig.json index 07ef3c20..2f26aac7 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -15,9 +15,5 @@ "skipLibCheck": true, "newLine": "lf" }, - "include": [ "/src/*" ], - "exclude": ["./dist", "./node_modules", "./__tests__", "./coverage"], - "references": [ - { "path": "./packages/attest" } - ] + "exclude": ["./dist", "./node_modules", "./__tests__", "./coverage"] }