From 5ba5d9d68368969a40915614869148afabd34b4a Mon Sep 17 00:00:00 2001
From: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Date: Tue, 6 Dec 2022 17:07:27 +0100
Subject: [PATCH] ci: unpin slsa-github-generator action digest (#734)

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---
 .github/workflows/release-cli.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml
index fb9e16e87..d6f76e743 100644
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@@ -157,7 +157,7 @@ jobs:
       - provenance-subjects
     # This must not be pinned to digest. See:
     # https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@vc3a3e407b10cc6dbbb44d01e0ebdded5c6b22f12 # v1.2.2
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.2
     with:
       base64-subjects: "${{ needs.provenance-subjects.outputs.provenance-subjects }}"