actions
diff --git a/‎dist/index.js‎
Lines changed: 96 additions & 3 deletions b/‎dist/index.js‎
Lines changed: 96 additions & 3 deletions
diff --git a/‎package-lock.json‎
Lines changed: 11 additions & 9 deletions b/‎package-lock.json‎
Lines changed: 11 additions & 9 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main.ts‎
Lines changed: 5 additions & 1 deletion b/‎src/main.ts‎
Lines changed: 5 additions & 1 deletion
@@ -72,7 +72,7 @@
     "@actions/attest": "^1.2.1",
     "@actions/core": "^1.10.1",
     "@actions/glob": "^0.4.0",
-    "@sigstore/oci": "^0.3.0",
+    "@sigstore/oci": "^0.3.2",
     "csv-parse": "^5.5.5"
   },
   "devDependencies": {
 
@@ -19,6 +19,9 @@ const ATTESTATION_FILE_NAME = 'attestation.jsonl'
 
 const MAX_SUBJECT_COUNT = 64
 
+const OCI_TIMEOUT = 2000
+const OCI_RETRY = 3
+
 /* istanbul ignore next */
 const logHandler = (level: string, ...args: unknown[]): void => {
   // Send any HTTP-related log events to the GitHub Actions debug log
@@ -163,7 +166,8 @@ const createAttestation = async (
       annotations: {
         'dev.sigstore.bundle.content': 'dsse-envelope',
         'dev.sigstore.bundle.predicateType': core.getInput('predicate-type')
-      }
+      },
+      fetchOpts: { timeout: OCI_TIMEOUT, retry: OCI_RETRY }
     })
     core.info(highlight('Attestation uploaded to registry'))
     core.info(`${subject.name}@${artifact.digest}`)