Complete rewrite with improved parameter handling and Witness 0.8 support

Author: cole-rgb

.eslintrc.json

@@ -0,0 +1,19 @@
+{
+  "parser": "@typescript-eslint/parser",
+  "plugins": ["@typescript-eslint"],
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended"
+  ],
+  "rules": {
+    "semi": ["error", "always"],
+    "quotes": ["error", "double"],
+    "@typescript-eslint/explicit-function-return-type": "off",
+    "@typescript-eslint/no-explicit-any": "warn"
+  },
+  "env": {
+    "node": true,
+    "jest": true
+  },
+  "ignorePatterns": ["lib/**/*", "node_modules/**/*", "dist/**/*"]
+}

.github/workflows/build-dist.yml

@@ -0,0 +1,50 @@
+name: Build and Update Distribution
+
+on:
+  push:
+    branches: [ main ]
+    paths-ignore:
+      - 'dist/**'
+      - '**.md'
+
+jobs:
+  build-dist:
+    name: Build dist files
+    runs-on: ubuntu-latest
+    
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      
+      - name: Install dependencies
+        run: npm ci
+      
+      - name: Build
+        run: npm run build
+      
+      - name: Check for changes
+        id: git-check
+        run: |
+          git add dist/
+          if git diff --staged --quiet; then
+            echo "No changes detected"
+            echo "changes=false" >> $GITHUB_OUTPUT
+          else
+            echo "Changes detected"
+            echo "changes=true" >> $GITHUB_OUTPUT
+          fi
+      
+      - name: Commit and push changes
+        if: steps.git-check.outputs.changes == 'true'
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git commit -m "Update dist files [skip ci]" -a
+          git push

.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, feature/* ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          
+      - name: Install dependencies
+        run: npm ci
+        
+      - name: Run tests
+        run: NODE_ENV=test npm test
+        
+      # Temporarily disable coverage until we have better test coverage
+      # - name: Run test coverage
+      #   run: NODE_ENV=test npm run test:coverage
+      #   
+      # - name: Upload coverage report
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: coverage-report
+      #     path: coverage/
+      #     if-no-files-found: error
+        
+  build:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          
+      - name: Install dependencies
+        run: npm ci
+        
+      - name: Build
+        run: npm run build
+        
+      - name: Check build artifacts
+        run: |
+          if [ ! -f "dist/index.js" ]; then
+            echo "Build failed - dist/index.js does not exist"
+            exit 1
+          fi
+          
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: action-dist
+          path: dist/
+          if-no-files-found: error

.github/workflows/codeql.yml

@@ -0,0 +1,35 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '30 1 * * 1'  # Run at 1:30 AM UTC on Mondays
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/debug-environment.yml

@@ -0,0 +1,40 @@
+name: Debug Environment
+
+on:
+  workflow_dispatch:
+
+jobs:
+  debug:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        
+      - name: Debug Environment
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const fs = require('fs');
+            const { execSync } = require('child_process');
+            
+            // Print environment variables
+            console.log('===== ENVIRONMENT VARIABLES =====');
+            console.log(JSON.stringify(process.env, null, 2));
+            
+            // Print working directory
+            console.log('===== WORKING DIRECTORY =====');
+            console.log(`Current directory: ${process.cwd()}`);
+            console.log(`Directory contents: ${fs.readdirSync('.').join(', ')}`);
+            
+            // Print Git status
+            console.log('===== GIT STATUS =====');
+            try {
+              const gitStatus = execSync('git status').toString();
+              console.log(gitStatus);
+              
+              const gitLog = execSync('git log -3 --oneline').toString();
+              console.log('Recent commits:');
+              console.log(gitLog);
+            } catch (error) {
+              console.error(`Git error: ${error.message}`);
+            }

.github/workflows/test-action-wrapping.yml

@@ -0,0 +1,55 @@
+name: Test Action Wrapping
+
+on:
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+permissions:
+  id-token: write # Required for requesting JWT
+  contents: read  # Required for actions/checkout
+
+jobs:
+  test-action-wrapper:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+
+      - name: Install dependencies
+        run: npm ci
+      
+          
+      - name: Test Sigstore Archivista (Original Example)
+        id: sigstore-attestation
+        uses: ./
+        with:
+          action-ref: "actions/hello-world-javascript-action@main"
+          who-to-greet: "SigstoreNoPrefix"
+          step: test-sigstore
+          attestations: "environment github slsa"
+          attestor-slsa-export: "true"
+          enable-sigstore: "true"
+          enable-archivista: "true"
+
+
+  test-action:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Run your action with sigstore and Archivista
+        uses: ./ # Replace this with the path to your action if different
+        with:
+          step: test
+          command: echo hello > hello.txt
+          enable-sigstore: true
+          enable-archivista: true
+          attestations: environment git github slsa
+          attestor-slsa-export: true

.github/workflows/test-boolean-handling.yml

@@ -0,0 +1,47 @@
+name: Test Boolean Input Handling
+
+on:
+  workflow_dispatch:
+
+jobs:
+  test-boolean-handling:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        
+      - name: Debug with Boolean Parameters
+        uses: ./
+        with:
+          step: boolean-test
+          action-ref: actions/github-script@v6
+          string-input: "String value test"
+          boolean-input: false
+          install-only: true
+          script: |
+            console.log("=== BOOLEAN INPUT TEST ===");
+            console.log("All environment variables:");
+            Object.keys(process.env)
+              .filter(key => key.startsWith('INPUT_'))
+              .forEach(key => {
+                console.log(`${key}=${process.env[key]} (type: ${typeof process.env[key]})`);
+                
+                // Check if this is a boolean-like value
+                if (process.env[key] === 'true' || process.env[key] === 'false') {
+                  console.log(`  BOOLEAN VALUE DETECTED: ${key}`);
+                }
+              });
+              
+            // Test boolean handling
+            console.log("\nBoolean Input Test:");
+            console.log(`INPUT_BOOLEAN_INPUT=${process.env.INPUT_BOOLEAN_INPUT}`);
+            console.log(`INPUT_INSTALL_ONLY=${process.env.INPUT_INSTALL_ONLY}`);
+            
+            // Test what happens when converting these values
+            console.log("\nBoolean conversion test:");
+            // Using explicit boolean conversion
+            console.log(`String 'true' to Boolean: ${Boolean('true')}`);
+            console.log(`String 'false' to Boolean: ${Boolean('false')}`);
+            // Using implicit conversion
+            console.log(`if('true'): ${('true') ? 'truthy' : 'falsy'}`);
+            console.log(`if('false'): ${('false') ? 'truthy' : 'falsy'}`);