From 94d0d431319c614f3488028b10307900a22802ae Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Mon, 9 Dec 2024 09:56:33 -0800 Subject: [PATCH] add attestation-id and attestation-url outputs (#181) Signed-off-by: Brian DeHamer --- README.md | 22 ++++++++++++---------- __tests__/main.test.ts | 20 ++++++++++++++++++++ action.yml | 4 ++++ dist/index.js | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- src/main.ts | 5 +++++ 7 files changed, 48 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index daaaf28d..9a233a04 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ attest: 1. Add the following to your workflow after your artifact has been built: ```yaml - - uses: actions/attest@v1 + - uses: actions/attest@v2 with: subject-path: '' predicate-type: '' @@ -61,7 +61,7 @@ attest: See [action.yml](action.yml) ```yaml -- uses: actions/attest@v1 +- uses: actions/attest@v2 with: # Path to the artifact serving as the subject of the attestation. Must # specify exactly one of "subject-path" or "subject-digest". May contain @@ -109,9 +109,11 @@ See [action.yml](action.yml) -| Name | Description | Example | -| ------------- | -------------------------------------------------------------- | ----------------------- | -| `bundle-path` | Absolute path to the file containing the generated attestation | `/tmp/attestation.json` | +| Name | Description | Example | +| ----------------- | -------------------------------------------------------------- | ------------------------------------------------ | +| `attestation-id` | GitHub ID for the attestation | `123456` | +| `attestation-url` | Absolute path to the file containing the generated attestation | `https://github.com/foo/bar/attestations/123456` | +| `bundle-path` | Absolute path to the file containing the generated attestation | `/tmp/attestation.json` | @@ -157,7 +159,7 @@ jobs: - name: Build artifact run: make my-app - name: Attest - uses: actions/attest@v1 + uses: actions/attest@v2 with: subject-path: '${{ github.workspace }}/my-app' predicate-type: 'https://example.com/predicate/v1' @@ -170,7 +172,7 @@ If you are generating multiple artifacts, you can attest all of them at the same time by using a wildcard in the `subject-path` input. ```yaml -- uses: actions/attest@v1 +- uses: actions/attest@v2 with: subject-path: 'dist/**/my-bin-*' predicate-type: 'https://example.com/predicate/v1' @@ -184,13 +186,13 @@ Alternatively, you can explicitly list multiple subjects with either a comma or newline delimited list: ```yaml -- uses: actions/attest@v1 +- uses: actions/attest@v2 with: subject-path: 'dist/foo, dist/bar' ``` ```yaml -- uses: actions/attest@v1 +- uses: actions/attest@v2 with: subject-path: | dist/foo @@ -247,7 +249,7 @@ jobs: push: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - name: Attest - uses: actions/attest@v1 + uses: actions/attest@v2 id: attest with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts index f809d441..2b48b570 100644 --- a/__tests__/main.test.ts +++ b/__tests__/main.test.ts @@ -199,6 +199,16 @@ describe('action', () => { 'bundle-path', expect.stringMatching('attestation.json') ) + expect(setOutputMock).toHaveBeenNthCalledWith( + 2, + 'attestation-id', + expect.stringMatching(attestationID) + ) + expect(setOutputMock).toHaveBeenNthCalledWith( + 3, + 'attestation-url', + expect.stringContaining(`foo/bar/attestations/${attestationID}`) + ) expect(setFailedMock).not.toHaveBeenCalled() }) }) @@ -285,6 +295,16 @@ describe('action', () => { 'bundle-path', expect.stringMatching('attestation.json') ) + expect(setOutputMock).toHaveBeenNthCalledWith( + 2, + 'attestation-id', + expect.stringMatching(attestationID) + ) + expect(setOutputMock).toHaveBeenNthCalledWith( + 3, + 'attestation-url', + expect.stringContaining(`foo/bar/attestations/${attestationID}`) + ) expect(setFailedMock).not.toHaveBeenCalled() }) }) diff --git a/action.yml b/action.yml index e24451e7..6dad2ebe 100644 --- a/action.yml +++ b/action.yml @@ -61,6 +61,10 @@ inputs: outputs: bundle-path: description: 'The path to the file containing the attestation bundle.' + attestation-id: + description: 'The ID of the attestation.' + attestation-url: + description: 'The URL for the attestation summary.' runs: using: node20 diff --git a/dist/index.js b/dist/index.js index f6d9726b..1c57d47d 100644 --- a/dist/index.js +++ b/dist/index.js @@ -70970,6 +70970,10 @@ async function run(inputs) { encoding: 'utf-8', flag: 'a' }); + if (att.attestationID) { + core.setOutput('attestation-id', att.attestationID); + core.setOutput('attestation-url', attestationURL(att.attestationID)); + } if (inputs.showSummary) { logSummary(att); } diff --git a/package-lock.json b/package-lock.json index a55b8c8a..c45799c8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "actions/attest", - "version": "2.0.1", + "version": "2.1.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "actions/attest", - "version": "2.0.1", + "version": "2.1.0", "license": "MIT", "dependencies": { "@actions/attest": "^1.5.0", diff --git a/package.json b/package.json index ea6375d4..3182153b 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "actions/attest", "description": "Generate signed attestations for workflow artifacts", - "version": "2.0.1", + "version": "2.1.0", "author": "", "private": true, "homepage": "https://github.com/actions/attest", diff --git a/src/main.ts b/src/main.ts index b77839fe..0b525d8c 100644 --- a/src/main.ts +++ b/src/main.ts @@ -79,6 +79,11 @@ export async function run(inputs: RunInputs): Promise { flag: 'a' }) + if (att.attestationID) { + core.setOutput('attestation-id', att.attestationID) + core.setOutput('attestation-url', attestationURL(att.attestationID)) + } + if (inputs.showSummary) { logSummary(att) }