Merged
Conversation
Signed-off-by: Brian DeHamer <bdehamer@github.com>
bdehamer
force-pushed
the
bdehamer/esm
branch
from
dc33a22 to
81670fa
Compare
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
bdehamer
force-pushed
the
bdehamer/esm
branch
from
81670fa to
628abde
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR migrates the action’s source and Jest test suite to full ESM, updates dependencies to newer major versions, and modernizes test mocking to use jest.unstable_mockModule for ESM-compatible module mocking.
Changes:
- Switch TypeScript + package configuration to ESM (
type: module, updated tsconfig/jest preset). - Refactor filesystem usage across the action to
fs/promisesand async APIs. - Update and refactor tests to ESM-friendly mocking/import patterns; bump core dependencies.
Reviewed changes
Copilot reviewed 13 out of 18 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tsconfig.json | Moves TS output to ESM-oriented settings (module: ESNext, moduleResolution: Bundler). |
| src/subject.ts | Converts sync FS operations to async and updates stream usage. |
| src/sbom.ts | Converts to fs/promises and adjusts missing-file behavior. |
| src/predicate.ts | Makes predicateFromInputs async and uses fs/promises APIs. |
| src/main.ts | Switches to async FS writes and async temp dir creation; updates imports accordingly. |
| src/attest.ts | Import ordering tweak (no behavioral change). |
| package.json | Sets type: module, updates Jest config for ESM, updates deps, adjusts test scripts. |
| package-lock.json | Lockfile updates reflecting dependency major bumps. |
| jest.setup.js | Converts setup to ESM (import { jest } from '@jest/globals'). |
| dist/package.json | Marks dist output as ESM (type: module). |
| dist/606.index.js | Updates bundled chunk output to ESM export form. |
| tests/sbom.test.ts | Updates expectations for missing SBOM error behavior. |
| tests/provenance.test.ts | Refactors mocks to jest.unstable_mockModule + dynamic import. |
| tests/predicate.test.ts | Updates tests for async predicateFromInputs. |
| tests/main.test.ts | Refactors to ESM mocks/dynamic imports; adjusts assertions. |
| tests/index.test.ts | Refactors index test to ESM mocks/dynamic import. |
| tests/attest.test.ts | Refactors attest tests to ESM mocks/dynamic import. |
Comments suppressed due to low confidence (2)
package.json:37
- Same portability concern as
ci-test:NODE_OPTIONS='--experimental-vm-modules'is not cross-platform in npm scripts. Consider a platform-agnostic invocation (orcross-env) to avoid Windows/local dev breakage.
"test": "NODE_OPTIONS='--experimental-vm-modules' jest",
"all": "npm run format:write && npm run lint && npm run test && npm run package"
tests/main.test.ts:364
- This test claims to cover a storage-record creation failure, but it doesn’t simulate an error: it just returns an attestation without
storageRecordIds(which is also a valid success path). To actually exercise the failure-handling behavior, either have the mockedcreateAttestationreject/throw and assertwarningbehavior, or rename the test to reflect the scenario being tested.
it('catches error when storage record creation fails and continues', async () => {
// Mock createAttestation to simulate storage record failure (but still succeed overall)
createAttestationMock.mockResolvedValue({
attestationID,
certificate:
'-----BEGIN CERTIFICATE-----\ntest\n-----END CERTIFICATE-----',
tlogID: 'tlog-123',
attestationDigest: 'sha256:123456',
bundle: { mediaType: 'application/vnd.dev.sigstore.bundle.v0.3+json' }
// No storageRecordIDs - simulates empty/failed storage record
})
await run(inputs)
expect(createAttestationMock).toHaveBeenCalled()
expect(setFailedMock).not.toHaveBeenCalled()
})
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Contributor
Contributor
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
malancas
approved these changes
Feb 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request migrates the codebase and test suite to full ECMAScript Module (ESM) support, modernizes test mocking patterns, and updates dependencies to their latest major versions.
The most significant changes are the adoption of ESM for both source and tests, refactoring of Jest test mocks to use
jest.unstable_mockModule, and updates to the Jest and dependency configuration to ensure compatibility with ESM. These changes improve maintainability, future-proof the project, and align with the latest best practices for Node.js and the GitHub Actions ecosystem.