File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -36,7 +36,7 @@ const maybeIdToken = runTest && process.env.ACTIONS_ID_TOKEN_REQUEST_URL ? descr
3636beforeAll ( async ( ) => {
3737 const cosignInstall = new CosignInstall ( ) ;
3838 const cosignBinPath = await cosignInstall . download ( {
39- version : 'v3.0.4 '
39+ version : 'v3.0.6 '
4040 } ) ;
4141 await cosignInstall . install ( cosignBinPath ) ;
4242} , 100000 ) ;
Original file line number Diff line number Diff line change @@ -55,6 +55,8 @@ export interface SigstoreOpts {
5555 imageTools ?: ImageTools ;
5656}
5757
58+ const COSIGN_PREDICATE_SLSA_PROVENANCE_V1 = 'slsaprovenance1' ;
59+
5860export class Sigstore {
5961 private readonly cosign : Cosign ;
6062 private readonly imageTools : ImageTools ;
@@ -352,7 +354,8 @@ export class Sigstore {
352354 'verify-blob-attestation' ,
353355 '--new-bundle-format' ,
354356 '--certificate-oidc-issuer' , 'https://token.actions.githubusercontent.com' ,
355- '--certificate-identity-regexp' , opts . certificateIdentityRegexp
357+ '--certificate-identity-regexp' , opts . certificateIdentityRegexp ,
358+ '--type' , opts . predicateType ?? COSIGN_PREDICATE_SLSA_PROVENANCE_V1
356359 ]
357360 if ( opts . noTransparencyLog || ! signedRes . tlogID ) {
358361 // if there is no tlog entry, we skip tlog verification but still verify the signed timestamp
Original file line number Diff line number Diff line change @@ -73,6 +73,7 @@ export interface SignProvenanceBlobsResult extends ParsedBundle {
7373}
7474
7575export interface VerifySignedArtifactsOpts {
76+ predicateType ?: string ;
7677 certificateIdentityRegexp : string ;
7778 noTransparencyLog ?: boolean ;
7879}
You can’t perform that action at this time.
0 commit comments