Compare commits

..

9 Commits

Author SHA1 Message Date
dependabot[bot]
07480ddaf5 build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
Bumps [@sigstore/verify](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 01:21:02 +00:00
CrazyMax
7b0a0dd78a Merge pull request #575 from crazy-max/fix-yarn-preapprove-actions-toolkit
chore: allow actions-toolkit to bypass yarn age gate
2026-07-01 12:50:03 +02:00
CrazyMax
a0e446b4dd Merge pull request #574 from crazy-max/dependabot-skip-update-dist
dependabot: skip for update-dist commits
2026-07-01 12:50:00 +02:00
CrazyMax
2bc18585f7 chore: allow actions-toolkit to bypass yarn age gate
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-01 11:43:33 +02:00
CrazyMax
bf6e25472a dependabot: skip for update-dist commits
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 11:09:22 +02:00
CrazyMax
bed9a68598 Merge pull request #572 from crazy-max/fix-esbuild
preserve names in esbuild bundle
2026-06-29 16:15:09 +02:00
CrazyMax
c6e2526453 preserve names in esbuild bundle
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-29 15:03:17 +02:00
temenuzhka-thede
c887d9748d Merge pull request #568 from docker/sec-cli/npm-ci-20260612-184913
fix: replace npm install with npm ci (20260612-184913)
2026-06-12 14:10:56 -05:00
securityeng-bot[bot]
cfdae34ead fix: use lockfile-aware install commands 2026-06-12 18:49:15 +00:00
8 changed files with 166 additions and 174 deletions

View File

@@ -488,7 +488,7 @@ jobs:
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Install k3s
uses: crazy-max/.github/.github/actions/install-k3s@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
uses: crazy-max/.github/.github/actions/install-k3s@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
-
name: Set up Docker Buildx
id: buildx

View File

@@ -50,7 +50,7 @@ jobs:
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add dist
git commit -m "chore: update generated content"
git commit -m "[dependabot skip] chore: update generated content"
git push
)
else

View File

@@ -14,6 +14,9 @@ logFilters:
- code: YN0086
level: discard
npmPreapprovedPackages:
- "@docker/actions-toolkit"
compressionLevel: mixed
enableGlobalCache: false
enableHardenedMode: true

View File

@@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /

312
dist/index.cjs generated vendored

File diff suppressed because one or more lines are too long

4
dist/index.cjs.map generated vendored

File diff suppressed because one or more lines are too long

View File

@@ -4,7 +4,7 @@
"type": "module",
"main": "src/main.ts",
"scripts": {
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify --keep-names && yarn run license",
"lint": "eslint --max-warnings=0 .",
"format": "eslint --fix .",
"test": "vitest run",

View File

@@ -1716,18 +1716,7 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/verify@npm:^3.1.0":
version: 3.1.0
resolution: "@sigstore/verify@npm:3.1.0"
dependencies:
"@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.1.0"
"@sigstore/protobuf-specs": "npm:^0.5.0"
checksum: 10/c85713cc326236ef39608e4b061c1192306fd3edd7a1334237d5d53dbb132f04e3f9d3cfd4bb2d521bf0c95a9f98945a748c97ecb06e5f36cfd09488a0d3d73f
languageName: node
linkType: hard
"@sigstore/verify@npm:^3.1.1":
"@sigstore/verify@npm:^3.1.0, @sigstore/verify@npm:^3.1.1":
version: 3.1.1
resolution: "@sigstore/verify@npm:3.1.1"
dependencies: