mirror of https://github.com/hashicorp/setup-copywrite synced 2026-04-05 19:06:28 +00:00

No description

JavaScript 100%

Find a file

Blake Ryder a04637e6e7 fix: Upgrade octokit plugins to resolve ReDoS vulnerabilities (#105 ) - Upgrade @octokit/plugin-retry from 4.1.3 to 8.0.3 - Upgrade @octokit/plugin-throttling from 5.0.1 to 11.0.3 - Replace deprecated onAbuseLimit with onSecondaryRateLimit handler - Fixes GHSA-rmvr-2pp2-xj38 (@octokit/request ReDoS) - Fixes GHSA-xx4v-prfh-6cgc (@octokit/request-error ReDoS) - All tests passing, zero production vulnerabilities		2026-01-08 15:08:25 +05:30
.github	[Compliance] - PR Template Changes Required (#98 )	2025-09-10 17:34:25 +05:30
dist	fix: Upgrade octokit plugins to resolve ReDoS vulnerabilities (#105 )	2026-01-08 15:08:25 +05:30
META.d	[COMPLIANCE] Update Copyright and License Headers (#103 )	2025-11-04 04:18:25 +05:30
.copywrite.hcl	🌱 Initial Commit 🌱	2023-01-19 17:22:30 -08:00
.eslintignore	🌱 Initial Commit 🌱	2023-01-19 17:22:30 -08:00
.eslintrc.json	🌱 Initial Commit 🌱	2023-01-19 17:22:30 -08:00
.gitignore	🌱 Initial Commit 🌱	2023-01-19 17:22:30 -08:00
action.js	fix: Resolve CVE-2025-25288 by migrating to ESM and upgrading dependencies (#104 )	2025-12-10 11:27:10 +05:30
action.test.js	fix: Resolve CVE-2025-25288 by migrating to ESM and upgrading dependencies (#104 )	2025-12-10 11:27:10 +05:30
action.yml	fix: Resolve CVE-2025-25288 by migrating to ESM and upgrading dependencies (#104 )	2025-12-10 11:27:10 +05:30
build.js	fix: Resolve CVE-2025-25288 by migrating to ESM and upgrading dependencies (#104 )	2025-12-10 11:27:10 +05:30
CODEOWNERS	Transfer to IP Compliance team and add Heimdall config (#97 )	2025-06-18 12:19:17 +05:30
index.js	fix: Resolve CVE-2025-25288 by migrating to ESM and upgrading dependencies (#104 )	2025-12-10 11:27:10 +05:30
LICENSE	[COMPLIANCE] Update Copyright and License Headers (#103 )	2025-11-04 04:18:25 +05:30
octokit.js	fix: Upgrade octokit plugins to resolve ReDoS vulnerabilities (#105 )	2026-01-08 15:08:25 +05:30
package-lock.json	fix: Upgrade octokit plugins to resolve ReDoS vulnerabilities (#105 )	2026-01-08 15:08:25 +05:30
package.json	fix: Upgrade octokit plugins to resolve ReDoS vulnerabilities (#105 )	2026-01-08 15:08:25 +05:30
README.md	Maintenance and Testing (#73 )	2024-05-06 08:43:55 -07:00
test.zip	🌱 Initial Commit 🌱	2023-01-19 17:22:30 -08:00
vitest.config.js	fix: Resolve CVE-2025-25288 by migrating to ESM and upgrading dependencies (#104 )	2025-12-10 11:27:10 +05:30

README.md

setup-copywrite

Download and configure the copywrite CLI tool.

Originally based off of setup-signore.

Usage

Note: see action.yml for detailed information about configuration and defaults.

Install the latest copywrite client release and validate headers

- name: Checkout Repo
  uses: actions/checkout@v4

- name: Install copywrite
  uses: hashicorp/setup-copywrite@v1.1.2
  
- name: Validate Header Compliance
  run: copywrite headers --plan

Install a specific copywrite client release

- name: Install copywrite v0.18.0
  uses: hashicorp/setup-copywrite@v1.1.2
  with:
    version: v0.18.0

Install a specific copywrite client release, verifying its archive checksum

- name: Install copywrite v0.18.0 and verify checksum
  uses: hashicorp/setup-copywrite@v1.1.2
  with:
    version: v0.18.0
    # https://github.com/hashicorp/copywrite/releases/download/v0.18.0/copywrite_0.18.0_darwin_x86_64.tar.gz sha256 hash
    archive-checksum: 88f135d752782447fcb34efee1c3bef64096cd8e1d26c921b0a54cf5ab13d573

FAQ

What checksum are we verifying?
- After downloading the OS/arch specific tar or zip archive that contains the copywrite binary, we compare its SHA256 hash against the user supplied archive-checksum