Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sigstore/sigstore-js
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: sigstore@1.6.0
Choose a base ref
...
head repository: sigstore/sigstore-js
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: sigstore@1.7.0
Choose a head ref
4 contributors
Loading
Showing with 4,652 additions and 1,082 deletions.
  1. +1 −1 .github/workflows/auto-merge.yml
  2. +2 −2 .github/workflows/ci.yml
  3. +2 −2 .github/workflows/release.yml
  4. +3 −3 .github/workflows/scorecard.yml
  5. +1 −1 .github/workflows/smoke-test.yml
  6. +2 −1 README.md
  7. +1,147 −457 package-lock.json
  8. +10 −8 package.json
  9. +1 −3 packages/cli/package.json
  10. +14 −0 packages/client/CHANGELOG.md
  11. +1 −1 packages/client/jest.config.js
  12. +0 −70 packages/client/jest.setup.ts
  13. +5 −12 packages/client/package.json
  14. +3 −2 packages/client/src/__tests__/__fixtures__/trust.ts
  15. +1 −1 packages/client/src/__tests__/ca/verify/index.test.ts
  16. +5 −0 packages/client/src/__tests__/index.test.ts
  17. +0 −56 packages/client/src/__tests__/merkle/digest.test.ts
  18. +0 −94 packages/client/src/__tests__/merkle/verify.test.ts
  19. +38 −2 packages/client/src/__tests__/sign.test.ts
  20. +63 −10 packages/client/src/__tests__/sigstore.test.ts
  21. +3 −3 packages/client/src/__tests__/tlog/verify/index.test.ts
  22. +197 −0 packages/client/src/__tests__/tlog/verify/merkle.test.ts
  23. +27 −42 packages/client/src/__tests__/types/sigstore/index.test.ts
  24. +2 −3 packages/client/src/__tests__/types/sigstore/serialized.test.ts
  25. +4 −3 packages/client/src/__tests__/types/sigstore/validate.test.ts
  26. +3 −3 packages/client/src/__tests__/x509/cert.test.ts
  27. +3 −3 packages/client/src/__tests__/x509/sct.test.ts
  28. +4 −0 packages/client/src/config.ts
  29. +6 −4 packages/client/src/external/rekor.ts
  30. +0 −49 packages/client/src/merkle/digest.ts
  31. +0 −110 packages/client/src/merkle/verify.ts
  32. +1 −1 packages/client/src/sigstore-utils.ts
  33. +27 −2 packages/client/src/sigstore.ts
  34. +14 −2 packages/client/src/tlog/verify/index.ts
  35. +128 −0 packages/client/src/tlog/verify/merkle.ts
  36. +77 −48 packages/client/src/types/sigstore/index.ts
  37. +3 −12 packages/client/src/types/sigstore/serialized.ts
  38. +8 −4 packages/client/src/types/sigstore/validate.ts
  39. +4 −4 packages/client/src/verify.ts
  40. +0 −1 packages/client/store/public-good-instance-root.json
  41. +1 −1 packages/client/tsconfig.json
  42. +202 −0 packages/jest/LICENSE
  43. +40 −0 packages/jest/README.md
  44. +16 −0 packages/jest/all.js
  45. +27 −0 packages/jest/package.json
  46. +28 −0 packages/jest/src/all/index.ts
  47. +2 −4 packages/{client/src/merkle → jest/src}/index.ts
  48. +16 −0 packages/jest/src/matchers/index.ts
  49. +76 −0 packages/jest/src/matchers/toThrowWithCode.ts
  50. +14 −0 packages/jest/tsconfig.json
  51. +11 −0 packages/mock/CHANGELOG.md
  52. +202 −0 packages/mock/LICENSE
  53. +79 −0 packages/mock/README.md
  54. +22 −0 packages/mock/jest.config.js
  55. +48 −0 packages/mock/package.json
  56. +27 −0 packages/mock/src/constants.ts
  57. +198 −0 packages/mock/src/fulcio/ca.test.ts
  58. +182 −0 packages/mock/src/fulcio/ca.ts
  59. +52 −0 packages/mock/src/fulcio/ctlog.test.ts
  60. +131 −0 packages/mock/src/fulcio/ctlog.ts
  61. +102 −0 packages/mock/src/fulcio/handler.test.ts
  62. +125 −0 packages/mock/src/fulcio/handler.ts
  63. +19 −0 packages/mock/src/fulcio/index.ts
  64. +75 −0 packages/mock/src/index.test.ts
  65. +77 −0 packages/mock/src/index.ts
  66. +58 −0 packages/mock/src/mock.test.ts
  67. +41 −0 packages/mock/src/mock.ts
  68. +96 −0 packages/mock/src/rekor/handler.test.ts
  69. +52 −0 packages/mock/src/rekor/handler.ts
  70. +18 −0 packages/mock/src/rekor/index.ts
  71. +56 −0 packages/mock/src/rekor/tlog.test.ts
  72. +93 −0 packages/mock/src/rekor/tlog.ts
  73. +27 −0 packages/mock/src/shared.types.ts
  74. +74 −0 packages/mock/src/timestamp/handler.test.ts
  75. +95 −0 packages/mock/src/timestamp/handler.ts
  76. +18 −0 packages/mock/src/timestamp/index.ts
  77. +59 −0 packages/mock/src/timestamp/tsa.test.ts
  78. +180 −0 packages/mock/src/timestamp/tsa.ts
  79. +80 −0 packages/mock/src/trust-root.ts
  80. +67 −0 packages/mock/src/util/root-cert.ts
  81. +16 −0 packages/mock/tsconfig.json
  82. +2 −4 packages/rekor-types/package.json
  83. +6 −0 packages/tuf/CHANGELOG.md
  84. +1 −1 packages/tuf/README.md
  85. +2 −1 packages/tuf/jest.config.js
  86. +5 −9 packages/tuf/package.json
  87. +4 −9 packages/tuf/src/__tests__/client.test.ts
  88. +15 −33 packages/tuf/src/__tests__/target.test.ts
  89. +3 −0 packages/tuf/tsconfig.json
  90. +2 −0 tsconfig.build.json
2 changes: 1 addition & 1 deletion .github/workflows/auto-merge.yml
View file
Original file line number Diff line number Diff line change
@@ -17,7 +17,7 @@ jobs:
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@cd6e996708b8cfe0b639401134a3b9a3177be7b2 # v1.5.1
uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # v1.6.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
with:
@@ -56,7 +56,7 @@ jobs:
shell: ${{ matrix.platform.shell }}
steps:
- name: Checkout source
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
with:
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@ jobs:
id-token: write
steps:
- name: Checkout source
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3

- name: Setup node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
@@ -36,7 +36,7 @@ jobs:
run: npm ci

- name: Create Release Pull Request
uses: changesets/action@d89c1de63c7f28ac47ec85ed395f5f1d045d4697 # v1.4.4
uses: changesets/action@f13b1baaa620fde937751f5d2c3572b9da32af23 # v1.4.5
with:
publish: npm run release
env:
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yml
View file
Original file line number Diff line number Diff line change
@@ -32,12 +32,12 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.1.0
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.1.0
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
with:
results_file: results.sarif
results_format: sarif
@@ -67,6 +67,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/smoke-test.yml
View file
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@ jobs:
id-token: write
steps:
- name: Checkout source
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- name: Setup node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
with:
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,8 @@ JavaScript libraries for interacting with [Sigstore][6] services.
* [`sigstore`](./packages/client) - Client library implementing Sigstore signing/verification workflows.
* [`@sigstore/cli`](./packages/cli) - Command line interface for signing/verifying artifacts with Sigstore.
* [`@sigstore/tuf`](./packages/tuf) - Library for interacting with the Sigstore TUF repository.
* [`@sigstore/rekor-types`](./packages/tuf) - TypeScript types for the Sigstore Rekor REST API.
* [`@sigstore/rekor-types`](./packages/rekor-types) - TypeScript types for the Sigstore Rekor REST API.
* [`@sigstore/mock`](./packages/mock) - Mocking library for Sigstore services.

## Development

Loading