From 07e64b653f10a80b6510f4568f685f8b7b9ea830 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Tue, 22 Aug 2023 15:48:27 -0700 Subject: [PATCH] chore: v1.9.0 ref updates (#2673) #label:release v1.9.0 --------- Signed-off-by: laurentsimon --- .github/actions/generate-builder/action.yml | 2 +- .../secure-download-artifact/action.yml | 2 +- .../actions/secure-download-folder/action.yml | 4 +- .../actions/secure-upload-artifact/action.yml | 2 +- .../actions/secure-upload-folder/action.yml | 2 +- .github/workflows/builder_bazel_slsa3.yml | 4 +- .../builder_container-based_slsa3.yml | 14 +++--- .github/workflows/builder_go_slsa3.yml | 14 +++--- .github/workflows/builder_gradle_slsa3.yml | 4 +- .github/workflows/builder_maven_slsa3.yml | 4 +- .github/workflows/builder_nodejs_slsa3.yml | 4 +- .github/workflows/delegator_generic_slsa3.yml | 24 ++++----- .../delegator_lowperms-generic_slsa3.yml | 24 ++++----- ...ate-container_based-predicate.schedule.yml | 2 +- .../workflows/generator_container_slsa3.yml | 4 +- .github/workflows/generator_generic_slsa3.yml | 8 +-- .github/workflows/release.yml | 8 +-- BYOB.md | 8 +-- actions/delegator/random/action.yml | 2 +- .../secure-attestations-download/action.yml | 2 +- .../secure-download-folder/action.yml | 2 +- .../delegator/secure-upload-folder/action.yml | 2 +- .../action.yml | 4 +- actions/gradle/publish/README.md | 4 +- actions/gradle/publish/action.yml | 4 +- .../secure-download-attestations/action.yml | 2 +- .../gradle/secure-download-target/action.yml | 2 +- actions/maven/publish/README.md | 4 +- actions/maven/publish/action.yml | 10 ++-- .../secure-download-attestations/action.yml | 2 +- .../maven/secure-download-target/action.yml | 2 +- actions/nodejs/publish/README.md | 4 +- actions/nodejs/publish/action.yml | 4 +- .../secure-attestations-download/README.md | 4 +- .../secure-attestations-download/action.yml | 2 +- .../nodejs/secure-package-download/README.md | 4 +- .../nodejs/secure-package-download/action.yml | 2 +- internal/builders/bazel/README.md | 6 +-- internal/builders/bazel/action.yml | 4 +- internal/builders/container/README.md | 8 +-- internal/builders/docker/README.md | 2 +- internal/builders/generic/README.md | 50 +++++++++---------- internal/builders/go/README.md | 6 +-- internal/builders/gradle/README.md | 2 +- internal/builders/gradle/action.yml | 4 +- internal/builders/maven/README.md | 2 +- internal/builders/maven/action.yml | 8 +-- internal/builders/nodejs/README.md | 8 +-- internal/builders/nodejs/action.yml | 4 +- 49 files changed, 150 insertions(+), 150 deletions(-) diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index 4142800cdb..e905dc10d0 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -62,7 +62,7 @@ runs: using: "composite" steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} diff --git a/.github/actions/secure-download-artifact/action.yml b/.github/actions/secure-download-artifact/action.yml index bc468a5ec3..0db5b78c72 100644 --- a/.github/actions/secure-download-artifact/action.yml +++ b/.github/actions/secure-download-artifact/action.yml @@ -85,7 +85,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.0 with: path: "${{ steps.validate-path.outputs.file_path }}" diff --git a/.github/actions/secure-download-folder/action.yml b/.github/actions/secure-download-folder/action.yml index 1ca42374f8..601e7bb56c 100644 --- a/.github/actions/secure-download-folder/action.yml +++ b/.github/actions/secure-download-folder/action.yml @@ -31,7 +31,7 @@ runs: steps: - name: Compute a random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 - name: Download the artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -41,7 +41,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.0 with: path: "${{ steps.rng.outputs.random }}/folder.tgz" diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml index 7a5ac4e3d2..69bb8fa7a0 100644 --- a/.github/actions/secure-upload-artifact/action.yml +++ b/.github/actions/secure-upload-artifact/action.yml @@ -32,7 +32,7 @@ runs: steps: - name: Compute binary hash id: compute-digest - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.9.0 with: path: "${{ inputs.path }}" diff --git a/.github/actions/secure-upload-folder/action.yml b/.github/actions/secure-upload-folder/action.yml index 8cf56e7066..b9838d839e 100644 --- a/.github/actions/secure-upload-folder/action.yml +++ b/.github/actions/secure-upload-folder/action.yml @@ -60,7 +60,7 @@ runs: - name: Upload the artifact id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 with: name: "${{ inputs.name }}" path: "${{ steps.create.outputs.tarball-path }}" diff --git a/.github/workflows/builder_bazel_slsa3.yml b/.github/workflows/builder_bazel_slsa3.yml index 94c28ace0a..3549a6c996 100644 --- a/.github/workflows/builder_bazel_slsa3.yml +++ b/.github/workflows/builder_bazel_slsa3.yml @@ -86,7 +86,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -100,6 +100,6 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_container-based_slsa3.yml b/.github/workflows/builder_container-based_slsa3.yml index 7ae31a79dc..25b4571a6a 100644 --- a/.github/workflows/builder_container-based_slsa3.yml +++ b/.github/workflows/builder_container-based_slsa3.yml @@ -165,7 +165,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 # This detects the repository and ref of the reusable workflow. # For pull request, this gets the referenced slsa-github-generator workflow. @@ -180,7 +180,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0 ################################################################### # # @@ -197,7 +197,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -230,7 +230,7 @@ jobs: steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -357,7 +357,7 @@ jobs: docker login "${untrusted_registry}" -u "${username}" -p "${password}" - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -485,7 +485,7 @@ jobs: provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -575,7 +575,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 8322a9915f..6476468cb6 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -130,7 +130,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 detect-env: outputs: @@ -142,7 +142,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0 ################################################################### # # @@ -157,7 +157,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -191,7 +191,7 @@ jobs: needs: [builder, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -238,7 +238,7 @@ jobs: needs: [builder, build-dry, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -320,7 +320,7 @@ jobs: go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -378,7 +378,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_gradle_slsa3.yml b/.github/workflows/builder_gradle_slsa3.yml index 6aa4956551..90253b0403 100644 --- a/.github/workflows/builder_gradle_slsa3.yml +++ b/.github/workflows/builder_gradle_slsa3.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -85,7 +85,7 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_maven_slsa3.yml b/.github/workflows/builder_maven_slsa3.yml index 7b13e1ec47..34e04dd18b 100644 --- a/.github/workflows/builder_maven_slsa3.yml +++ b/.github/workflows/builder_maven_slsa3.yml @@ -67,7 +67,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: "${{ inputs.rekor-log-public }}" @@ -81,7 +81,7 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0 with: slsa-token: "${{ needs.slsa-setup.outputs.slsa-token }}" diff --git a/.github/workflows/builder_nodejs_slsa3.yml b/.github/workflows/builder_nodejs_slsa3.yml index abf0210378..8e18d8f917 100644 --- a/.github/workflows/builder_nodejs_slsa3.yml +++ b/.github/workflows/builder_nodejs_slsa3.yml @@ -89,7 +89,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -104,6 +104,6 @@ jobs: id-token: write # For signing. contents: read # For repo checkout of private repos. actions: read # For getting workflow run on private repos. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.9.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/delegator_generic_slsa3.yml b/.github/workflows/delegator_generic_slsa3.yml index 0837de9cd0..d9c4d1ee50 100644 --- a/.github/workflows/delegator_generic_slsa3.yml +++ b/.github/workflows/delegator_generic_slsa3.yml @@ -84,7 +84,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 # verify-token verifies the slsa token. verify-token: @@ -100,7 +100,7 @@ jobs: steps: - name: Verify token id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.9.0 with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -109,7 +109,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -120,7 +120,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.9.0 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -147,7 +147,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -171,7 +171,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.0 with: fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }} @@ -213,7 +213,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -229,14 +229,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -266,7 +266,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.9.0 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -275,14 +275,14 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.9.0 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" - name: Upload attestations id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-slsa-attestations" path: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/delegator_lowperms-generic_slsa3.yml b/.github/workflows/delegator_lowperms-generic_slsa3.yml index ac6ce9ee4b..63fd7d7d67 100644 --- a/.github/workflows/delegator_lowperms-generic_slsa3.yml +++ b/.github/workflows/delegator_lowperms-generic_slsa3.yml @@ -89,7 +89,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 # verify-token verifies the slsa token. verify-token: @@ -105,7 +105,7 @@ jobs: steps: - name: Verify token id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.9.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -114,7 +114,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -125,7 +125,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.9.0 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -150,7 +150,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -174,7 +174,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.0 with: fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }} @@ -216,7 +216,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -232,14 +232,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -269,7 +269,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.9.0 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -278,14 +278,14 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.9.0 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" - name: Upload attestations id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0 with: name: "${{ needs.rng.outputs.value }}-slsa-attestations" path: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/e2e.create-container_based-predicate.schedule.yml b/.github/workflows/e2e.create-container_based-predicate.schedule.yml index 38a41a1f80..7dc30c9f72 100644 --- a/.github/workflows/e2e.create-container_based-predicate.schedule.yml +++ b/.github/workflows/e2e.create-container_based-predicate.schedule.yml @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0 - name: Update the build definition # We use a build definition hard-coded in testadata. To ensure validation against # workflow context, we must update the source references. diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml index 3b9e43ad9e..c9de561651 100644 --- a/.github/workflows/generator_container_slsa3.yml +++ b/.github/workflows/generator_container_slsa3.yml @@ -94,7 +94,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0 - name: Final outcome id: final @@ -126,7 +126,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml index 1fc1acf7a6..6f5eedb961 100644 --- a/.github/workflows/generator_generic_slsa3.yml +++ b/.github/workflows/generator_generic_slsa3.yml @@ -128,7 +128,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.9.0 - name: Final outcome id: final @@ -163,7 +163,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -196,7 +196,7 @@ jobs: id: download-file continue-on-error: true if: inputs.base64-subjects-as-file != '' - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: "${{ steps.metadata.outputs.artifact_name }}" path: "${{ steps.metadata.outputs.filename }}" @@ -281,7 +281,7 @@ jobs: - name: Checkout builder repository id: checkout-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0b57cb54c2..fa0ba21350 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 with: go-version: "1.20" config-file: .github/workflows/configs-container/config-release.yml @@ -73,7 +73,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 with: go-version: "1.20" config-file: .github/workflows/configs-generic/config-release.yml @@ -86,7 +86,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 with: go-version: "1.20" config-file: .github/workflows/configs-go/config-release.yml @@ -99,7 +99,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 with: go-version: "1.20" config-file: .github/workflows/configs-docker/config-release.yml diff --git a/BYOB.md b/BYOB.md index 1b46a97c27..c69a4b6026 100644 --- a/BYOB.md +++ b/BYOB.md @@ -80,7 +80,7 @@ The [slsa-github-generator](https://github.com/slsa-framework/slsa-github-genera The [setup-generic](https://github.com/slsa-framework/slsa-github-generator/blob/main/actions/delegator/setup-generic) Action is used to initialize the BYOB framework. It returns a so-called "SLSA token" which is used in later steps: ```yaml -- uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0-rc.0 +- uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0 ``` #### SLSA Reusable Workflow (SRW) @@ -88,7 +88,7 @@ The [setup-generic](https://github.com/slsa-framework/slsa-github-generator/blob The SLSA Reuseable Workflow (SRW) acts as the build's orchestrator. It calls the TCA, generates provenance, and returns the provenance to its TRW caller. A TRW would typically call the SRW as follows: ```yaml -- uses: slsa-framework/slsa-github-generator/.github/workflow/delegator_generic_slsa3.yml@v1.9.0-rc.0 +- uses: slsa-framework/slsa-github-generator/.github/workflow/delegator_generic_slsa3.yml@v1.9.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} ``` @@ -159,7 +159,7 @@ One key difference between the Action and reusable workflow is isolation. The SR Our next step is to initialize the SRW framework. To do this, the TRW must invoke the [setup-generic Action](https://github.com/slsa-framework/slsa-github-generator/blob/main/actions/delegator/setup-generic/action.yml). The [relevant code](https://github.com/laurentsimon/byob-doc/blob/v0.0.1/.github/workflows/builder_example_slsa3.yml#L85-L94) calls the SSA as follows: ```yaml -uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0-rc.0 +uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.9.0 with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -190,7 +190,7 @@ slsa-run: contents: write # For asset uploads. packages: write # For package uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@v1.9.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} secrets: diff --git a/actions/delegator/random/action.yml b/actions/delegator/random/action.yml index b7ec6d8b4c..33287cb527 100644 --- a/actions/delegator/random/action.yml +++ b/actions/delegator/random/action.yml @@ -31,4 +31,4 @@ runs: steps: - name: Generate random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 diff --git a/actions/delegator/secure-attestations-download/action.yml b/actions/delegator/secure-attestations-download/action.yml index a624799e16..1b13e8b302 100644 --- a/actions/delegator/secure-attestations-download/action.yml +++ b/actions/delegator/secure-attestations-download/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/delegator/secure-download-folder/action.yml b/actions/delegator/secure-download-folder/action.yml index 29b6cafac3..6d5c73e727 100644 --- a/actions/delegator/secure-download-folder/action.yml +++ b/actions/delegator/secure-download-folder/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the folder - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/delegator/secure-upload-folder/action.yml b/actions/delegator/secure-upload-folder/action.yml index 172efd6f8e..7f642d6f5b 100644 --- a/actions/delegator/secure-upload-folder/action.yml +++ b/actions/delegator/secure-upload-folder/action.yml @@ -34,7 +34,7 @@ runs: steps: - name: Upload the folder id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/generator/generic/create-base64-subjects-from-file/action.yml b/actions/generator/generic/create-base64-subjects-from-file/action.yml index 93edf25e26..9f1df60c31 100644 --- a/actions/generator/generic/create-base64-subjects-from-file/action.yml +++ b/actions/generator/generic/create-base64-subjects-from-file/action.yml @@ -28,7 +28,7 @@ runs: steps: - name: Generate random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 - name: Generate random name id: name @@ -49,7 +49,7 @@ runs: - name: Upload file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 with: name: "${{ steps.name.outputs.artifact_name }}" path: "${{ inputs.path }}" diff --git a/actions/gradle/publish/README.md b/actions/gradle/publish/README.md index 912f5115f0..4afd13c49e 100644 --- a/actions/gradle/publish/README.md +++ b/actions/gradle/publish/README.md @@ -237,7 +237,7 @@ jobs: contents: read actions: read packages: read - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@v1.9.0 with: rekor-log-public: true artifact-list: build/libs/artifact1-0.1.18.jar,build/libs/artifact-0.1.18-javadoc.jar,build/libs/artifact-0.1.18-sources.jar @@ -256,7 +256,7 @@ publish: steps: - name: publish id: publish - uses: slsa-framework/slsa-github-generator/actions/gradle/publish@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/gradle/publish@v1.9.0 with: provenance-download-name: "${{ needs.build.outputs.provenance-download-name }}" provenance-download-sha256: "${{ needs.build.outputs.provenance-download-sha256 }}" diff --git a/actions/gradle/publish/action.yml b/actions/gradle/publish/action.yml index b490eaf13a..298c37e054 100644 --- a/actions/gradle/publish/action.yml +++ b/actions/gradle/publish/action.yml @@ -66,14 +66,14 @@ runs: gpg-private-key: ${{ inputs.gpg-private-key }} gpg-passphrase: GPG_KEY_PASS - name: Download the slsa attestation - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: "${{ inputs.provenance-download-name }}" path: ./ sha256: "${{ inputs.provenance-download-sha256 }}" - name: Download the build dir - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: "${{ inputs.build-download-name }}" path: ./ diff --git a/actions/gradle/secure-download-attestations/action.yml b/actions/gradle/secure-download-attestations/action.yml index 38bda015d3..9da3f2a287 100644 --- a/actions/gradle/secure-download-attestations/action.yml +++ b/actions/gradle/secure-download-attestations/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Download the attestation directory - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/gradle/secure-download-target/action.yml b/actions/gradle/secure-download-target/action.yml index c66ef70aaf..5548055926 100644 --- a/actions/gradle/secure-download-target/action.yml +++ b/actions/gradle/secure-download-target/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Download the target directory - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/maven/publish/README.md b/actions/maven/publish/README.md index dbd64c271b..4b254ce4b2 100644 --- a/actions/maven/publish/README.md +++ b/actions/maven/publish/README.md @@ -27,7 +27,7 @@ jobs: id-token: write contents: read actions: read - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@v1.9.0 with: rekor-log-public: true ``` @@ -45,7 +45,7 @@ publish: steps: - name: publish id: publish - uses: slsa-framework/slsa-github-generator/actions/maven/publish@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/maven/publish@v1.9.0 with: provenance-download-name: "${{ needs.build.outputs.provenance-download-name }}" provenance-download-sha256: "${{ needs.build.outputs.provenance-download-sha256 }}" diff --git a/actions/maven/publish/action.yml b/actions/maven/publish/action.yml index a43451e474..0ecec22c23 100644 --- a/actions/maven/publish/action.yml +++ b/actions/maven/publish/action.yml @@ -45,7 +45,7 @@ runs: using: "composite" steps: - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.0-rc.0 # needed because we run javadoc and sources. + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.9.0 # needed because we run javadoc and sources. - name: Set up Java for publishing to Maven Central Repository uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 env: @@ -62,24 +62,24 @@ runs: gpg-passphrase: GPG_KEY_PASS - name: Download the slsa attestation - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: "${{ inputs.provenance-download-name }}" path: slsa-attestations sha256: "${{ inputs.provenance-download-sha256 }}" - name: Download the target dir - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: "${{ inputs.target-download-name }}" path: ./ sha256: "${{ inputs.target-download-sha256 }}" - name: Checkout the framework repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: slsa-framework/slsa-github-generator - ref: v1.9.0-rc.0 + ref: v1.9.0 path: __BUILDER_CHECKOUT_DIR__ - name: Publish to the Maven Central Repository diff --git a/actions/maven/secure-download-attestations/action.yml b/actions/maven/secure-download-attestations/action.yml index 38bda015d3..9da3f2a287 100644 --- a/actions/maven/secure-download-attestations/action.yml +++ b/actions/maven/secure-download-attestations/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Download the attestation directory - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/maven/secure-download-target/action.yml b/actions/maven/secure-download-target/action.yml index c66ef70aaf..5548055926 100644 --- a/actions/maven/secure-download-target/action.yml +++ b/actions/maven/secure-download-target/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Download the target directory - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/nodejs/publish/README.md b/actions/nodejs/publish/README.md index fde0a0789e..253b755a5e 100644 --- a/actions/nodejs/publish/README.md +++ b/actions/nodejs/publish/README.md @@ -18,7 +18,7 @@ jobs: contents: read actions: read if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0 with: run-scripts: "ci, build" @@ -34,7 +34,7 @@ jobs: - name: publish id: publish - uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@v1.9.0 with: access: public node-auth-token: ${{ secrets.NPM_TOKEN }} diff --git a/actions/nodejs/publish/action.yml b/actions/nodejs/publish/action.yml index d7bb6fce10..5ca3b7a1f6 100644 --- a/actions/nodejs/publish/action.yml +++ b/actions/nodejs/publish/action.yml @@ -56,14 +56,14 @@ runs: echo "path=${temp_dir}" >>"${GITHUB_OUTPUT}" - name: Download tarball - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: ${{ inputs.package-download-name }} path: "${{ steps.temp-dir.outputs.path }}/${{ inputs.package-name }}" sha256: ${{ inputs.package-download-sha256 }} - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.9.0 with: name: ${{ inputs.provenance-download-name }} path: "${{ steps.temp-dir.outputs.path }}" diff --git a/actions/nodejs/secure-attestations-download/README.md b/actions/nodejs/secure-attestations-download/README.md index da4d04fb60..07129564fd 100644 --- a/actions/nodejs/secure-attestations-download/README.md +++ b/actions/nodejs/secure-attestations-download/README.md @@ -15,7 +15,7 @@ jobs: contents: read actions: read if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0 with: run-scripts: "ci, build" @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.9.0 with: name: ${{ needs.build.outputs.provenance-download-name }} path: "attestations" diff --git a/actions/nodejs/secure-attestations-download/action.yml b/actions/nodejs/secure-attestations-download/action.yml index a82465eded..5701c389d3 100644 --- a/actions/nodejs/secure-attestations-download/action.yml +++ b/actions/nodejs/secure-attestations-download/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/nodejs/secure-package-download/README.md b/actions/nodejs/secure-package-download/README.md index 7f5ef94021..2eacf99f6e 100644 --- a/actions/nodejs/secure-package-download/README.md +++ b/actions/nodejs/secure-package-download/README.md @@ -15,7 +15,7 @@ jobs: contents: read actions: read if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0 with: run-scripts: "ci, build" @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download tarball - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-package-download@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-package-download@v1.9.0 with: name: ${{ needs.build.outputs.package-download-name }} path: ${{ needs.build.outputs.package-name }} diff --git a/actions/nodejs/secure-package-download/action.yml b/actions/nodejs/secure-package-download/action.yml index 8198ed59d1..4c2fabab3a 100644 --- a/actions/nodejs/secure-package-download/action.yml +++ b/actions/nodejs/secure-package-download/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Download the package - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.9.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/internal/builders/bazel/README.md b/internal/builders/bazel/README.md index 7f1fe302d4..3cbafcc2e1 100644 --- a/internal/builders/bazel/README.md +++ b/internal/builders/bazel/README.md @@ -87,7 +87,7 @@ jobs: contents: read # For repo checkout. actions: read # For getting workflow run info. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@v1.9.0 with: targets: "//src:fib //src:hello" flags: "--strip=always" @@ -113,7 +113,7 @@ jobs: contents: read # For repo checkout. actions: read # For getting workflow run info. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@v1.9.0 with: targets: "//src:fib //src:hello" flags: "--strip=always" @@ -137,7 +137,7 @@ jobs: contents: read # For repo checkout. actions: read # For getting workflow run info. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_bazel_slsa3.yml@v1.9.0 with: targets: "//src:fib //src:hello" flags: "--strip=always" diff --git a/internal/builders/bazel/action.yml b/internal/builders/bazel/action.yml index 5437057c7d..7adc8aec59 100644 --- a/internal/builders/bazel/action.yml +++ b/internal/builders/bazel/action.yml @@ -71,11 +71,11 @@ runs: # when multiple workflows run concurrently. - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 - name: Generate Artifacts id: generate-artifacts - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0 with: name: "${{ steps.rng.outputs.random }}-binaries" path: "./bazel_builder_binaries_to_upload_to_gh_7bc972367cb286b7f36ab4457f06e369" # path-to-artifact(s) diff --git a/internal/builders/container/README.md b/internal/builders/container/README.md index 2144403d0b..859c78a9ce 100644 --- a/internal/builders/container/README.md +++ b/internal/builders/container/README.md @@ -72,7 +72,7 @@ provenance: id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -143,7 +143,7 @@ jobs: id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -367,7 +367,7 @@ This section explains how to generate non-forgeable SLSA provenance with existin # contents: read packages: write if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -432,7 +432,7 @@ This section explains how to generate non-forgeable SLSA provenance with existin # contents: read packages: write if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} diff --git a/internal/builders/docker/README.md b/internal/builders/docker/README.md index a12b03f5b9..94512c6052 100644 --- a/internal/builders/docker/README.md +++ b/internal/builders/docker/README.md @@ -202,7 +202,7 @@ jobs: contents: write # To upload assets to release. actions: read # To read the workflow path. needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml@v1.9.0 with: builder-image: "bash" builder-digest: "sha256:9e2ba52487d945504d250de186cb4fe2e3ba023ed2921dd6ac8b97ed43e76af9" diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index ec94c6c080..9b7de83363 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -94,7 +94,7 @@ provenance: actions: read # Needed for detection of GitHub Actions environment. id-token: write # Needed for provenance signing and ID contents: write # Needed for release uploads - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" ``` @@ -112,7 +112,7 @@ build: outputs: subjects-as-file: ${{ steps.hashes.outputs.handle }} ... - uses: slsa-framework/slsa-github-generator/actions/generator/generic/create-base64-subjects-from-file@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/generator/generic/create-base64-subjects-from-file@v1.9.0 id: hashes with: path: large_digests_file.text @@ -121,7 +121,7 @@ provenance: actions: read # Needed for detection of GitHub Actions environment. id-token: write # Needed for provenance signing and ID contents: write # Needed for release uploads - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects-as-file: "${{ needs.build.outputs.subjects-as-file }}" ``` @@ -178,7 +178,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" # Upload provenance to a new release @@ -420,7 +420,7 @@ generate SLSA3 provenance by updating your existing workflow with the steps indi actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release @@ -462,7 +462,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release @@ -522,7 +522,7 @@ generate SLSA3 provenance by updating your existing workflow with the steps indi actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: ${{ needs.release.outputs.hashes }} upload-assets: true # upload to a new release @@ -570,7 +570,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: ${{ needs.release.outputs.hashes }} upload-assets: true # upload to a new release @@ -627,7 +627,7 @@ If you use [Bazel](https://bazel.build/) to generate your artifacts, you can eas actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -669,7 +669,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -727,7 +727,7 @@ steps indicated in the workflow below: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -774,7 +774,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -823,7 +823,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -866,7 +866,7 @@ Jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -917,7 +917,7 @@ steps indicated in the workflow below: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -956,7 +956,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1013,7 +1013,7 @@ workflow with the steps indicated in the workflow below. actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1058,7 +1058,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1123,7 +1123,7 @@ steps indicated in the workflow below: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1170,7 +1170,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1261,7 +1261,7 @@ Regardless of your choice, there's unfortunately a bit of necessary boilerplate. actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1314,7 +1314,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1354,7 +1354,7 @@ provenance: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs[format('hash-{0}-{1}', matrix.color, matrix.flavor)] }}" upload-assets: true # Optional: Upload to a new release @@ -1399,7 +1399,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.build.outputs[format('hash-{0}-{1}', matrix.color, matrix.flavor)] }}" upload-assets: true # Optional: Upload to a new release @@ -1463,5 +1463,5 @@ downloading the latest release. Make sure you continue to reference the workflow using a release tag in order to allow verification by `slsa-verifier`. ```yaml -uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0-rc.0 +uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 ``` diff --git a/internal/builders/go/README.md b/internal/builders/go/README.md index ce5e966a1f..045ba2140b 100644 --- a/internal/builders/go/README.md +++ b/internal/builders/go/README.md @@ -173,7 +173,7 @@ build: arch: - amd64 - arm64 - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 with: go-version: 1.19 config-file: .slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yml @@ -250,7 +250,7 @@ jobs: contents: write # To upload assets to release. actions: read # To read the workflow path. needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 with: go-version: 1.17 # Optional: only needed if using ldflags. @@ -419,5 +419,5 @@ the latest release. Make sure you continue to reference the workflow using a release tag in order to allow verification by `slsa-verifier`. ```yaml -uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0-rc.0 +uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 ``` diff --git a/internal/builders/gradle/README.md b/internal/builders/gradle/README.md index b639dca185..f925bb4150 100644 --- a/internal/builders/gradle/README.md +++ b/internal/builders/gradle/README.md @@ -80,7 +80,7 @@ jobs: id-token: write contents: read actions: read - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_gradle_slsa3.yml@v1.9.0 with: artifact-list: ./artifact1.jar,./artifact2.jar ``` diff --git a/internal/builders/gradle/action.yml b/internal/builders/gradle/action.yml index 30be3f3e85..cece75f2aa 100644 --- a/internal/builders/gradle/action.yml +++ b/internal/builders/gradle/action.yml @@ -101,7 +101,7 @@ runs: # when multiple workflows run concurrently. - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 - name: Put release artifacts in one directory shell: bash @@ -127,7 +127,7 @@ runs: mv "${PROJECT_ROOT}"/build "${GITHUB_WORKSPACE}"/ - name: Upload build dir id: upload-build-dir - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0 with: name: "${{ steps.rng.outputs.random }}-build" path: build diff --git a/internal/builders/maven/README.md b/internal/builders/maven/README.md index 759c85dd3e..bc1937c3fe 100644 --- a/internal/builders/maven/README.md +++ b/internal/builders/maven/README.md @@ -83,7 +83,7 @@ jobs: id-token: write contents: read actions: read - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_maven_slsa3.yml@v1.9.0 ``` Now, when you invoke this workflow, the Maven builder will build both your artifacts and the provenance files for them. diff --git a/internal/builders/maven/action.yml b/internal/builders/maven/action.yml index 2a7934e255..496214c050 100644 --- a/internal/builders/maven/action.yml +++ b/internal/builders/maven/action.yml @@ -63,10 +63,10 @@ runs: distribution: temurin java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }} - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.9.0 with: repository: slsa-framework/slsa-github-generator - ref: v1.9.0-rc.0 + ref: v1.9.0 path: __BUILDER_CHECKOUT_DIR__ - name: Run mvn package shell: bash @@ -112,11 +112,11 @@ runs: # when multiple workflows run concurrently. - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 - name: Upload target id: upload-target - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.9.0 with: name: "${{ steps.rng.outputs.random }}-target" path: target diff --git a/internal/builders/nodejs/README.md b/internal/builders/nodejs/README.md index 7868d55c60..e26d51fdf3 100644 --- a/internal/builders/nodejs/README.md +++ b/internal/builders/nodejs/README.md @@ -121,7 +121,7 @@ jobs: contents: read # For repo checkout. actions: read # For getting workflow run info. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.9.0 with: run-scripts: "ci, test, build" ``` @@ -154,7 +154,7 @@ publish: - name: publish id: publish - uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@e55b76ce421082dfa4b34a6ac3c5e59de0f3bb58 # v1.7.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@v1.9.0 with: access: public node-auth-token: ${{ secrets.NPM_TOKEN }} @@ -197,14 +197,14 @@ jobs: registry-url: "https://registry.npmjs.org" - name: Download tarball - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-package-download@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-package-download@v1.9.0 with: name: ${{ needs.build.outputs.package-download-name }} path: ${{ needs.build.outputs.package-name }} sha256: ${{ needs.build.outputs.package-download-sha256 }} - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.9.0 with: name: ${{ needs.build.outputs.provenance-download-name }} path: "attestations" diff --git a/internal/builders/nodejs/action.yml b/internal/builders/nodejs/action.yml index 67f7b2352b..ca02819196 100644 --- a/internal/builders/nodejs/action.yml +++ b/internal/builders/nodejs/action.yml @@ -85,9 +85,9 @@ runs: # when multiple workflows run concurrently. - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0-rc.0 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.9.0 - - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0-rc.0 + - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.9.0 id: upload with: name: "${{ steps.rng.outputs.random }}-package.tgz"