From efef91047397fc65ed9eb77d5dff9561fadcc093 Mon Sep 17 00:00:00 2001
From: Brian DeHamer <bdehamer@github.com>
Date: Thu, 9 May 2024 15:35:32 -0700
Subject: [PATCH] bump @sigstore/oci from 0.3.0 to 0.3.2

Signed-off-by: Brian DeHamer <bdehamer@github.com>
---
 dist/index.js     | 99 +++++++++++++++++++++++++++++++++++++++++++++--
 package-lock.json | 20 +++++-----
 package.json      |  2 +-
 src/main.ts       |  6 ++-
 4 files changed, 113 insertions(+), 14 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 1a377d14..31be9b64 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -11575,6 +11575,96 @@ class OCIError extends Error {
 exports.OCIError = OCIError;
 
 
+/***/ }),
+
+/***/ 437:
+/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
+
+"use strict";
+
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+/*
+Copyright 2024 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const http2_1 = __nccwpck_require__(85158);
+const make_fetch_happen_1 = __importDefault(__nccwpck_require__(9525));
+const proc_log_1 = __nccwpck_require__(56528);
+const promise_retry_1 = __importDefault(__nccwpck_require__(54742));
+const { HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_REQUEST_TIMEOUT, } = http2_1.constants;
+const fetchWithRetry = async (url, options = {}) => {
+    return (0, promise_retry_1.default)(async (retry, attemptNum) => {
+        /* eslint-disable @typescript-eslint/no-explicit-any */
+        const logRetry = (reason) => {
+            proc_log_1.log.http('fetch', `${options.method} ${url} attempt ${attemptNum} failed with ${reason}`);
+        };
+        const response = await (0, make_fetch_happen_1.default)(url, {
+            ...options,
+            retry: false, // We're handling retries ourselves
+        }).catch((reason) => {
+            logRetry(reason);
+            return retry(reason);
+        });
+        if (retryable(response.status)) {
+            logRetry(response.status);
+            return retry(response);
+        }
+        return response;
+    }, retryOpts(options.retry)).catch((err) => {
+        // If we got an actual error, throw it
+        if (err instanceof Error) {
+            throw err;
+        }
+        // Otherwise, return the response (this is simply a retry-able response for
+        // which we exceeded the retry limit)
+        return err;
+    });
+};
+// Returns a wrapped fetch function with default options
+fetchWithRetry.defaults = (defaultOptions = {}, wrappedFetch = fetchWithRetry) => {
+    const defaultedFetch = (url, options = {}) => {
+        const finalOptions = {
+            ...defaultOptions,
+            ...options,
+            headers: { ...defaultOptions.headers, ...options.headers },
+        };
+        return wrappedFetch(url, finalOptions);
+    };
+    defaultedFetch.defaults = (newDefaults = {}) => fetchWithRetry.defaults(newDefaults, defaultedFetch);
+    return defaultedFetch;
+};
+// Determine if a status code is retryable. This includes 5xx errors, 408, and
+// 429.
+const retryable = (status) => [HTTP_STATUS_REQUEST_TIMEOUT, HTTP_STATUS_TOO_MANY_REQUESTS].includes(status) || status >= HTTP_STATUS_INTERNAL_SERVER_ERROR;
+// Normalize the retry options to the format expected by promise-retry
+const retryOpts = (retry) => {
+    if (typeof retry === 'boolean') {
+        return { retries: retry ? 1 : 0 };
+    }
+    else if (typeof retry === 'number') {
+        return { retries: retry };
+    }
+    else {
+        return { retries: 0, ...retry };
+    }
+};
+exports["default"] = fetchWithRetry;
+
+
 /***/ }),
 
 /***/ 79539:
@@ -11869,11 +11959,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(__nccwpck_require__(9525));
 const node_crypto_1 = __importDefault(__nccwpck_require__(6005));
 const constants_1 = __nccwpck_require__(61319);
 const credentials_1 = __nccwpck_require__(95475);
 const error_1 = __nccwpck_require__(60064);
+const fetch_1 = __importDefault(__nccwpck_require__(437));
 class RegistryClient {
     constructor(registry, repository, opts) {
         _RegistryClient_instances.add(this);
@@ -11881,7 +11971,7 @@ class RegistryClient {
         _RegistryClient_repository.set(this, void 0);
         _RegistryClient_fetch.set(this, void 0);
         __classPrivateFieldSet(this, _RegistryClient_repository, repository, "f");
-        __classPrivateFieldSet(this, _RegistryClient_fetch, make_fetch_happen_1.default.defaults(opts), "f");
+        __classPrivateFieldSet(this, _RegistryClient_fetch, fetch_1.default.defaults(opts), "f");
         // Use http for localhost registries, https otherwise
         const hostname = new URL(`http://${registry}`).hostname;
         /* istanbul ignore next */
@@ -79853,6 +79943,8 @@ const COLOR_GRAY = '\x1B[38;5;244m';
 const COLOR_DEFAULT = '\x1B[39m';
 const ATTESTATION_FILE_NAME = 'attestation.jsonl';
 const MAX_SUBJECT_COUNT = 64;
+const OCI_TIMEOUT = 2000;
+const OCI_RETRY = 3;
 /* istanbul ignore next */
 const logHandler = (level, ...args) => {
     // Send any HTTP-related log events to the GitHub Actions debug log
@@ -79957,7 +80049,8 @@ const createAttestation = async (subject, predicate, sigstoreInstance) => {
             annotations: {
                 'dev.sigstore.bundle.content': 'dsse-envelope',
                 'dev.sigstore.bundle.predicateType': core.getInput('predicate-type')
-            }
+            },
+            fetchOpts: { timeout: OCI_TIMEOUT, retry: OCI_RETRY }
         });
         core.info(highlight('Attestation uploaded to registry'));
         core.info(`${subject.name}@${artifact.digest}`);
diff --git a/package-lock.json b/package-lock.json
index e0b8def7..b5873394 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,7 @@
         "@actions/attest": "^1.2.1",
         "@actions/core": "^1.10.1",
         "@actions/glob": "^0.4.0",
-        "@sigstore/oci": "^0.3.0",
+        "@sigstore/oci": "^0.3.2",
         "csv-parse": "^5.5.5"
       },
       "devDependencies": {
@@ -1729,11 +1729,12 @@
       }
     },
     "node_modules/@sigstore/oci": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.0.tgz",
-      "integrity": "sha512-RZeirZtdSQvBC04j+rvPwBOnzMsc1NC3Ucx4krSh37Ch/Z1BwwAEV3QDQ18McXX2Guvc2pnWeGd6RXn+vpivww==",
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.2.tgz",
+      "integrity": "sha512-3UJC2SV+A4HuILse/jvodDI+0QIN13fErxu3roX5HU9wOeP31UHH/WMQBlN3l5DVewXTufNs3Q85DzOI1tQNLQ==",
       "dependencies": {
-        "make-fetch-happen": "^13.0.0"
+        "make-fetch-happen": "^13.0.1",
+        "proc-log": "^4.2.0"
       },
       "engines": {
         "node": "^16.14.0 || >=18.0.0"
@@ -9919,11 +9920,12 @@
       }
     },
     "@sigstore/oci": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.0.tgz",
-      "integrity": "sha512-RZeirZtdSQvBC04j+rvPwBOnzMsc1NC3Ucx4krSh37Ch/Z1BwwAEV3QDQ18McXX2Guvc2pnWeGd6RXn+vpivww==",
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.3.2.tgz",
+      "integrity": "sha512-3UJC2SV+A4HuILse/jvodDI+0QIN13fErxu3roX5HU9wOeP31UHH/WMQBlN3l5DVewXTufNs3Q85DzOI1tQNLQ==",
       "requires": {
-        "make-fetch-happen": "^13.0.0"
+        "make-fetch-happen": "^13.0.1",
+        "proc-log": "^4.2.0"
       }
     },
     "@sigstore/protobuf-specs": {
diff --git a/package.json b/package.json
index 7ac65f8f..d7da03d2 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "@actions/attest": "^1.2.1",
     "@actions/core": "^1.10.1",
     "@actions/glob": "^0.4.0",
-    "@sigstore/oci": "^0.3.0",
+    "@sigstore/oci": "^0.3.2",
     "csv-parse": "^5.5.5"
   },
   "devDependencies": {
diff --git a/src/main.ts b/src/main.ts
index f4e08ad3..64286c8b 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -19,6 +19,9 @@ const ATTESTATION_FILE_NAME = 'attestation.jsonl'
 
 const MAX_SUBJECT_COUNT = 64
 
+const OCI_TIMEOUT = 2000
+const OCI_RETRY = 3
+
 /* istanbul ignore next */
 const logHandler = (level: string, ...args: unknown[]): void => {
   // Send any HTTP-related log events to the GitHub Actions debug log
@@ -163,7 +166,8 @@ const createAttestation = async (
       annotations: {
         'dev.sigstore.bundle.content': 'dsse-envelope',
         'dev.sigstore.bundle.predicateType': core.getInput('predicate-type')
-      }
+      },
+      fetchOpts: { timeout: OCI_TIMEOUT, retry: OCI_RETRY }
     })
     core.info(highlight('Attestation uploaded to registry'))
     core.info(`${subject.name}@${artifact.digest}`)