From 0d9b02adccb69e9e0dbe399f7f3cb43dcb35f77e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Wed, 15 May 2024 09:06:12 +0200 Subject: [PATCH] Update slsa generator action to v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/draft-release.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index ef1327ae1..0d623e21b 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -316,7 +316,7 @@ jobs: - provenance-subjects # This must not be pinned to digest. See: # https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.provenance-subjects.outputs.provenance-subjects }}" @@ -345,8 +345,6 @@ jobs: name: constellation.spdx.sbom - name: Download provenance - # Need to use the same major version as slsa-github-generator to find uploaded artifacts - # https://github.com/slsa-framework/slsa-github-generator/issues/3068 uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: ${{ needs.provenance.outputs.provenance-name }} @@ -430,8 +428,6 @@ jobs: name: constellation.spdx.sbom.sig - name: Download Constellation provenance - # Need to use the same major version as slsa-github-generator to find uploaded artifacts - # https://github.com/slsa-framework/slsa-github-generator/issues/3068 uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: ${{ needs.provenance.outputs.provenance-name }}