diff --git a/attest/action.yml b/attest/action.yml index 5f4fcb1..71feb65 100644 --- a/attest/action.yml +++ b/attest/action.yml @@ -86,6 +86,14 @@ inputs: required: false default: 'false' +outputs: + cimon-path: + description: | + Absolute path to the installed cimon (or cimon.exe) binary used by + this action invocation. Downstream steps in the same job can also + reach the binary via the CIMON_PATH env var, or call `cimon` / + `cimon.exe` directly since the action adds the install dir to PATH. + runs: using: node20 main: 'dist/index.js' diff --git a/attest/dist/index.js b/attest/dist/index.js index 5c0db1c..d9106b7 100644 --- a/attest/dist/index.js +++ b/attest/dist/index.js @@ -127761,6 +127761,18 @@ async function run(config) { releasePath = CIMON_EXECUTABLE_PATH; } + // Expose the installed binary location to downstream workflow steps so + // they don't have to reconstruct the per-job tmpdir layout. Three + // surfaces, each for a different consumption pattern: + // - PATH: a later `cimon.exe attest verify ...` step just works. + // - CIMON_PATH env var: an absolute path for callers that bypass PATH + // (e.g. self-hosted runners with locked-down PATH lookup). + // - step output `cimon-path`: chains cleanly into another job via + // ${{ steps..outputs.cimon-path }}. + _actions_core__WEBPACK_IMPORTED_MODULE_0__.addPath(path__WEBPACK_IMPORTED_MODULE_5__.dirname(releasePath)); + _actions_core__WEBPACK_IMPORTED_MODULE_0__.exportVariable('CIMON_PATH', releasePath); + _actions_core__WEBPACK_IMPORTED_MODULE_0__.setOutput('cimon-path', releasePath); + if (config.attest.imageRef !== '') { _actions_core__WEBPACK_IMPORTED_MODULE_0__.warning( 'image-ref parameter is deprecated and will be removed in future versions. Please use subjects parameter instead.' diff --git a/attest/index.js b/attest/index.js index f2ae59d..7d3f7fc 100644 --- a/attest/index.js +++ b/attest/index.js @@ -201,6 +201,18 @@ async function run(config) { releasePath = CIMON_EXECUTABLE_PATH; } + // Expose the installed binary location to downstream workflow steps so + // they don't have to reconstruct the per-job tmpdir layout. Three + // surfaces, each for a different consumption pattern: + // - PATH: a later `cimon.exe attest verify ...` step just works. + // - CIMON_PATH env var: an absolute path for callers that bypass PATH + // (e.g. self-hosted runners with locked-down PATH lookup). + // - step output `cimon-path`: chains cleanly into another job via + // ${{ steps..outputs.cimon-path }}. + core.addPath(path.dirname(releasePath)); + core.exportVariable('CIMON_PATH', releasePath); + core.setOutput('cimon-path', releasePath); + if (config.attest.imageRef !== '') { core.warning( 'image-ref parameter is deprecated and will be removed in future versions. Please use subjects parameter instead.'