action.yml

name: "TestifySec Action Wrapper with Witness"
description: "Downloads and executes another GitHub Action or direct command with Witness attestation for supply chain security"
inputs:
  # Action or Command (one is required)
  action-ref:
    description: "Reference to the nested action (e.g., owner/repo@ref or owner/repo@v1)"
    required: false
  command:
    description: "Command to run with Witness (use this or action-ref)"
    required: false

  # Witness Installation
  witness-version:
    description: "Version of Witness to use (check https://github.com/testifysec/witness/releases for valid versions)"
    required: false
    default: "0.8.1"
  witness-install-dir:
    description: "Directory to install Witness"
    required: false
    default: "./"
  
  # Witness Core Options
  step:
    description: "Step name for the attestation"
    required: true
  attestations:
    description: "Space-separated list of attestors to run"
    required: true
  outfile:
    description: "Path to output file for the attestation"
    required: false
  
  # Archivista Configuration
  enable-archivista:
    description: "Enable archivista for storing attestations"
    required: false
    default: "false"
  archivista-server:
    description: "Archivista server URL"
    required: false
  
  # Certificate & Signing Options
  certificate:
    description: "Path to certificate file"
    required: false
  key:
    description: "Path to key file"
    required: false
  intermediates:
    description: "Space-separated list of intermediate certificate paths"
    required: false
    default: ""

  # Sigstore Configuration
  enable-sigstore:
    description: "Enable sigstore for signing"
    required: false
    default: "false"
  fulcio:
    description: "Fulcio URL"
    required: false
  fulcio-oidc-client-id:
    description: "Fulcio OIDC client ID"
    required: false
  fulcio-oidc-issuer:
    description: "Fulcio OIDC issuer"
    required: false
  fulcio-token:
    description: "Fulcio token"
    required: false
  
  # Timestamp Configuration
  timestamp-servers:
    description: "Space-separated list of timestamp server URLs"
    required: false
    default: ""
  
  # Misc Options
  trace:
    description: "Enable tracing"
    required: false
  spiffe-socket:
    description: "Path to SPIFFE socket"
    required: false
  
  # Product Configuration
  product-exclude-glob:
    description: "Glob pattern for excluding products"
    required: false
  product-include-glob:
    description: "Glob pattern for including products"
    required: false
  
  # Attestor Export Options
  attestor-link-export:
    description: "Export link attestor"
    required: false
    default: "false"
  attestor-sbom-export:
    description: "Export SBOM attestor"
    required: false
    default: "false"
  attestor-slsa-export:
    description: "Export SLSA attestor"
    required: false
    default: "false"
  attestor-maven-pom-path:
    description: "Path to Maven POM file"
    required: false

  who-to-greet:
    description: "Who to greet"
    required: false
    default: "World"

outputs:
  git_oid:
    description: "GitOID of the attestation (if created)"
runs:
  using: "node20"
  main: "index.js"

branding:
  icon: 'lock'
  color: 'blue'