From 36d0687e23e028fa45acf823677eb6621017eb32 Mon Sep 17 00:00:00 2001
From: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Date: Sat, 11 May 2024 10:33:44 +0900
Subject: [PATCH] fix: update softprops/action-gh-release to v2.0.5

To resolve the deprecation warning of Node.js v16.
softprops/action-gh-release updated Node.js to v20 at v2.0.0.

https://github.com/softprops/action-gh-release/releases/tag/v2.0.0

Node.js 16 was deprecated.

https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/

So we need to update softprops/action-gh-release to v2.0.0 or newer.

Currently, slsa-framework/slsa-github-generator outputs the following warning.

```
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
---
 .github/workflows/builder_container-based_slsa3.yml | 4 ++--
 .github/workflows/builder_go_slsa3.yml              | 2 +-
 .github/workflows/generator_generic_slsa3.yml       | 2 +-
 SPECIFICATIONS.md                                   | 2 +-
 internal/builders/generic/README.md                 | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/builder_container-based_slsa3.yml b/.github/workflows/builder_container-based_slsa3.yml
index f952b29d52..9e2cb93bf1 100644
--- a/.github/workflows/builder_container-based_slsa3.yml
+++ b/.github/workflows/builder_container-based_slsa3.yml
@@ -598,7 +598,7 @@ jobs:
           path: "${{ needs.provenance.outputs.provenance-name }}"
 
       - name: Upload provenance new tag
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         if: startsWith(github.ref, 'refs/tags/') && inputs.upload-tag-name == ''
         id: release-new-tags
         with:
@@ -609,7 +609,7 @@ jobs:
           draft: ${{ inputs.draft-release }}
 
       - name: Upload provenance tag name
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         if: inputs.upload-tag-name != ''
         with:
           prerelease: ${{ inputs.prerelease }}
diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml
index 4f41c3f1e9..0de010767b 100644
--- a/.github/workflows/builder_go_slsa3.yml
+++ b/.github/workflows/builder_go_slsa3.yml
@@ -399,7 +399,7 @@ jobs:
           sha256: "${{ needs.provenance.outputs.go-provenance-sha256 }}"
 
       - name: Upload provenance
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         with:
           tag_name: ${{ inputs.upload-tag-name }}
           prerelease: ${{ inputs.prerelease }}
diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml
index d92724ea17..4e1902904a 100644
--- a/.github/workflows/generator_generic_slsa3.yml
+++ b/.github/workflows/generator_generic_slsa3.yml
@@ -284,7 +284,7 @@ jobs:
           sha256: "${{ needs.generator.outputs.provenance-sha256 }}"
 
       - name: Upload provenance
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         id: release
         with:
           draft: ${{ inputs.draft-release }}
diff --git a/SPECIFICATIONS.md b/SPECIFICATIONS.md
index 219d761d6d..38d80d271a 100644
--- a/SPECIFICATIONS.md
+++ b/SPECIFICATIONS.md
@@ -200,7 +200,7 @@ jobs:
         with:
           name: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl
       - name: Release
-        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         if: startsWith(github.ref, 'refs/tags/')
         with:
           files: |
diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md
index dfc598fa3a..e0d9671aa7 100644
--- a/internal/builders/generic/README.md
+++ b/internal/builders/generic/README.md
@@ -203,7 +203,7 @@ jobs:
           name: artifact2
 
       - name: Upload assets
-        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
         with:
           files: |
             artifact1