foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-26 16:09:27 -05:00
Code Issues Packages 1 Wiki Activity
10886 commits 128 branches 353 tags 306 MiB
Commit graph

19 commits

Author SHA1 Message Date
Divy Srivastava
9b5d2f8c1b
feat(publish): provenance attestation (#22573) 
Supply chain security for JSR.

```
$ deno publish --provenance

Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```

0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
 2024-02-28 07:58:02 +05:30
Luca Casonato
8d5c231349
feat(publish): support sloppy imports and bare node built-ins (#22588) 2024-02-27 15:13:16 +00:00
Divy Srivastava
f49abcc1ac
feat(publish): respect .gitignore during deno publish (#22514) 
Files from `.gitignore`, global git config, `.git/info/exclude` and
`deno.json`'s `exclude` are ignored.
 2024-02-23 07:56:34 +05:30
Luca Casonato
54a3eb585d
fix(publish): print files that will be published (#22495) 2024-02-20 13:30:34 +01:00
Luca Casonato
ef43d51497
fix(publish): ignore .DS_Store while publishing (#22478) 2024-02-19 10:48:35 -05:00
David Sherret
e5e2c45998
fix: upgrade to deno_ast 0.33 (#22341) 
* Uses diagnostics from deno_ast
* Real fix for https://github.com/denoland/deno/pull/22310
* Moves `deno lint --json` code here
* Upgrades swc
   
 Closes #22117
 Closes #22109
 Closes #21927
 Closes #20993
 2024-02-09 01:40:26 +00:00
David Sherret
c6def993e0
fix(publish): lazily parse sources (#22301) 
Closes #22290
 2024-02-06 15:57:10 -05:00
Luca Casonato
52ad1ef154
feat(publish): give diagnostic on invalid package files (#22082) 2024-01-24 21:24:52 +00:00
Luca Casonato
176118a046
feat(publish): exclude and include (#22055) 2024-01-24 20:30:08 +00:00
Luca Casonato
745333f073
chore: improve unanalyzable dynamic import diagnostic (#22051) 2024-01-24 14:49:33 +01:00
Luca Casonato
052fd78690
refactor: use parsed source cache when unfurling import map (#22001) 2024-01-23 12:40:23 +01:00
David Sherret
4e72ca313a
refactor: use globbing from deno_config (#21925) 2024-01-15 19:15:39 -05:00
David Sherret
0efb17b2cb
fix(unstable/tar): skip node_modules, .git, and config "exclude" (#21816) 2024-01-08 18:51:49 -05:00
David Sherret
7e72f3af61
chore: update copyright to 2024 (#21753) 2024-01-01 19:58:21 +00:00
Bartek Iwańczuk
8fbac67395
refactor: change cli/ to use hyper 1.1 (#21705) 2023-12-26 14:32:21 +01:00
David Sherret
4b6fc64646
chore(unstable/publish): ordered publish of packages in workspace (#21550) 
Co-authored-by: Luca Casonato <hello@lcas.dev>
 2023-12-14 10:55:56 +01:00
Bartek Iwańczuk
ece78cfb8a
refactor: nicer warning display (#21547) 2023-12-12 23:45:45 +09:00
Luca Casonato
ffa09541d7
fix: batch upload authentication (#21397) 2023-11-30 19:54:54 +01:00
Bartek Iwańczuk
585cf2de89
feat(unstable): tar up directory with deno.json (#21228) 
Co-authored-by: David Sherret <dsherret@gmail.com>
Co-authored-by: Luca Casonato <lucacasonato@yahoo.com>
Co-authored-by: Luca Casonato <hello@lcas.dev>
 2023-11-23 23:38:07 +00:00