1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-18 13:22:55 -05:00
Commit graph

4 commits

Author SHA1 Message Date
Divy Srivastava
156950828e
fix(publish): permissionless dry-run in GHA (#22679)
Fixes https://github.com/denoland/deno/issues/22658
2024-03-06 18:26:20 +05:30
Divy Srivastava
9b5d2f8c1b
feat(publish): provenance attestation (#22573)
Supply chain security for JSR.

```
$ deno publish --provenance

Successfully published @divy/test_provenance@0.0.3
Provenance transparency log available at https://search.sigstore.dev/?logIndex=73657418
```

0. Package has been published.
1. Fetches the version manifest and verifies it's matching with uploaded
files and exports.
2. Builds the attestation SLSA payload using Github actions env.
3. Creates an ephemeral key pair for signing the github token
(aud=sigstore) and DSSE pre authentication tag.
4. Requests a X.509 signing certificate from Fulcio using the challenge
and ephemeral public key PEM.
5. Prepares a DSSE envelop for Rekor to witness. Posts an intoto entry
to Rekor and gets back the transparency log index.
6. Builds the provenance bundle and posts it to JSR.
2024-02-28 07:58:02 +05:30
David Sherret
7e72f3af61
chore: update copyright to 2024 (#21753) 2024-01-01 19:58:21 +00:00
Bartek Iwańczuk
19d52b9a55
refactor: split registry into multiple modules (#21572)
Co-authored-by: David Sherret <dsherret@gmail.com>
Co-authored-by: Luca Casonato <hello@lcas.dev>
2023-12-14 12:05:59 +01:00