From 399a85e42e0920d2d9d530da141c16335751af91 Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Thu, 29 Feb 2024 09:16:24 +0100
Subject: [PATCH] ci: match version of actions/download-artifact for slsa
 provenance

---
 .github/workflows/draft-release.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml
index fcce9c251..cf78ca5b9 100644
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@@ -345,7 +345,9 @@ jobs:
           name: constellation.spdx.sbom
 
       - name: Download provenance
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        # Need to use the same major version as slsa-github-generator to find uploaded artifacts
+        # https://github.com/slsa-framework/slsa-github-generator/issues/3068
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ needs.provenance.outputs.provenance-name }}
 
@@ -428,7 +430,9 @@ jobs:
           name: constellation.spdx.sbom.sig
 
       - name: Download Constellation provenance
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        # Need to use the same major version as slsa-github-generator to find uploaded artifacts
+        # https://github.com/slsa-framework/slsa-github-generator/issues/3068
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ needs.provenance.outputs.provenance-name }}