From e55b76ce421082dfa4b34a6ac3c5e59de0f3bb58 Mon Sep 17 00:00:00 2001 From: asraa Date: Wed, 7 Jun 2023 09:16:19 -0500 Subject: [PATCH] chore: update documentation and references to v1.7.0 (#2239) #label:release v1.7.0 Signed-off-by: Asra Ali --- .github/actions/generate-builder/action.yml | 2 +- .../secure-download-artifact/action.yml | 2 +- .../actions/secure-download-folder/action.yml | 4 +- .../actions/secure-upload-artifact/action.yml | 2 +- .../actions/secure-upload-folder/action.yml | 2 +- .../builder_container-based_slsa3.yml | 14 +++--- .github/workflows/builder_go_slsa3.yml | 14 +++--- .github/workflows/builder_gradle_slsa3.yml | 4 +- .github/workflows/builder_maven_slsa3.yml | 4 +- .github/workflows/builder_nodejs_slsa3.yml | 4 +- .github/workflows/delegator_generic_slsa3.yml | 24 +++++----- .../delegator_lowperms-generic_slsa3.yml | 24 +++++----- ...ate-container_based-predicate.schedule.yml | 2 +- .../workflows/generator_container_slsa3.yml | 4 +- .github/workflows/generator_generic_slsa3.yml | 6 +-- .github/workflows/release.yml | 8 ++-- .../secure-attestations-download/action.yml | 2 +- actions/nodejs/publish/action.yml | 6 +-- .../secure-attestations-download/action.yml | 2 +- internal/builders/container/README.md | 8 ++-- internal/builders/docker/README.md | 2 +- internal/builders/generic/README.md | 46 +++++++++---------- internal/builders/go/README.md | 6 +-- internal/builders/nodejs/README.md | 2 +- 24 files changed, 97 insertions(+), 97 deletions(-) diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index 979048c99a..422d3df9d5 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -62,7 +62,7 @@ runs: using: "composite" steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} diff --git a/.github/actions/secure-download-artifact/action.yml b/.github/actions/secure-download-artifact/action.yml index 0a25b4069d..fc8b8e990f 100644 --- a/.github/actions/secure-download-artifact/action.yml +++ b/.github/actions/secure-download-artifact/action.yml @@ -85,7 +85,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.7.0 with: path: "${{ steps.validate-path.outputs.file_path }}" diff --git a/.github/actions/secure-download-folder/action.yml b/.github/actions/secure-download-folder/action.yml index d2ad2cfb4b..9f38785e48 100644 --- a/.github/actions/secure-download-folder/action.yml +++ b/.github/actions/secure-download-folder/action.yml @@ -31,7 +31,7 @@ runs: steps: - name: Compute a random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0 - name: Download the artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -41,7 +41,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.7.0 with: path: "${{ steps.rng.outputs.random }}/folder.tgz" diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml index 9617095ac0..dca7f2df75 100644 --- a/.github/actions/secure-upload-artifact/action.yml +++ b/.github/actions/secure-upload-artifact/action.yml @@ -32,7 +32,7 @@ runs: steps: - name: Compute binary hash id: compute-digest - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.7.0 with: path: "${{ inputs.path }}" diff --git a/.github/actions/secure-upload-folder/action.yml b/.github/actions/secure-upload-folder/action.yml index 50334ee404..1af1e9dffc 100644 --- a/.github/actions/secure-upload-folder/action.yml +++ b/.github/actions/secure-upload-folder/action.yml @@ -60,7 +60,7 @@ runs: - name: Upload the artifact id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0 with: name: "${{ inputs.name }}" path: "${{ steps.create.outputs.tarball-path }}" diff --git a/.github/workflows/builder_container-based_slsa3.yml b/.github/workflows/builder_container-based_slsa3.yml index 97546c7669..b62e17fa73 100644 --- a/.github/workflows/builder_container-based_slsa3.yml +++ b/.github/workflows/builder_container-based_slsa3.yml @@ -165,7 +165,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0 # This detects the repository and ref of the reusable workflow. # For pull request, this gets the referenced slsa-github-generator workflow. @@ -180,7 +180,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0 ################################################################### # # @@ -197,7 +197,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -230,7 +230,7 @@ jobs: steps: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -357,7 +357,7 @@ jobs: docker login "${untrusted_registry}" -u "${username}" -p "${password}" - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -485,7 +485,7 @@ jobs: provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -575,7 +575,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 7fd2c13f1d..4a0e6e05d8 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -130,7 +130,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0 detect-env: outputs: @@ -142,7 +142,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0 ################################################################### # # @@ -157,7 +157,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -191,7 +191,7 @@ jobs: needs: [builder, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -238,7 +238,7 @@ jobs: needs: [builder, build-dry, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -320,7 +320,7 @@ jobs: go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -378,7 +378,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_gradle_slsa3.yml b/.github/workflows/builder_gradle_slsa3.yml index 6eae8ddc9f..1eddb85253 100644 --- a/.github/workflows/builder_gradle_slsa3.yml +++ b/.github/workflows/builder_gradle_slsa3.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.7.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -56,7 +56,7 @@ jobs: contents: read # For asset uploads. actions: read # For the entrypoint. packages: write # To publish to GitHub packages. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.7.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_maven_slsa3.yml b/.github/workflows/builder_maven_slsa3.yml index cf0e0d6383..312bc48023 100644 --- a/.github/workflows/builder_maven_slsa3.yml +++ b/.github/workflows/builder_maven_slsa3.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.7.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -56,7 +56,7 @@ jobs: contents: read # For asset uploads. actions: read # For the entrypoint. packages: write # To publish to GitHub packages. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.7.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_nodejs_slsa3.yml b/.github/workflows/builder_nodejs_slsa3.yml index 4f0003f55b..fa3b07cf26 100644 --- a/.github/workflows/builder_nodejs_slsa3.yml +++ b/.github/workflows/builder_nodejs_slsa3.yml @@ -89,7 +89,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.7.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -104,6 +104,6 @@ jobs: id-token: write # For signing. contents: read # For repo checkout of private repos. actions: read # For getting workflow run on private repos. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.7.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/delegator_generic_slsa3.yml b/.github/workflows/delegator_generic_slsa3.yml index d1d761256b..9dfd6bf27e 100644 --- a/.github/workflows/delegator_generic_slsa3.yml +++ b/.github/workflows/delegator_generic_slsa3.yml @@ -85,7 +85,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0 # verify-token verifies the slsa token. verify-token: @@ -101,7 +101,7 @@ jobs: steps: - name: Verify token id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.7.0 with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -110,7 +110,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -121,7 +121,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.7.0 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -148,7 +148,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -172,7 +172,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.7.0 with: fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} @@ -213,7 +213,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -229,14 +229,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -266,7 +266,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.7.0 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -275,14 +275,14 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.7.0 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" - name: Upload attestations id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-slsa-attestations" path: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/delegator_lowperms-generic_slsa3.yml b/.github/workflows/delegator_lowperms-generic_slsa3.yml index 2652221ce6..1ef9e1b6d4 100644 --- a/.github/workflows/delegator_lowperms-generic_slsa3.yml +++ b/.github/workflows/delegator_lowperms-generic_slsa3.yml @@ -90,7 +90,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.7.0 # verify-token verifies the slsa token. verify-token: @@ -106,7 +106,7 @@ jobs: steps: - name: Verify token id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.7.0 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -115,7 +115,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -126,7 +126,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.7.0 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -151,7 +151,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -175,7 +175,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.7.0 with: fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} @@ -216,7 +216,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -232,14 +232,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -269,7 +269,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.7.0 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -278,14 +278,14 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.7.0 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" - name: Upload attestations id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.7.0 with: name: "${{ needs.rng.outputs.value }}-slsa-attestations" path: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/e2e.create-container_based-predicate.schedule.yml b/.github/workflows/e2e.create-container_based-predicate.schedule.yml index fbbaa3a2f2..3a454e676a 100644 --- a/.github/workflows/e2e.create-container_based-predicate.schedule.yml +++ b/.github/workflows/e2e.create-container_based-predicate.schedule.yml @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0 - name: Update the build definition # We use a build definition hard-coded in testadata. To ensure validation against # workflow context, we must update the source references. diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml index b72ac5c9e5..f94349d561 100644 --- a/.github/workflows/generator_container_slsa3.yml +++ b/.github/workflows/generator_container_slsa3.yml @@ -94,7 +94,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0 - name: Final outcome id: final @@ -126,7 +126,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml index 15427ed41a..c5080affad 100644 --- a/.github/workflows/generator_generic_slsa3.yml +++ b/.github/workflows/generator_generic_slsa3.yml @@ -121,7 +121,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.7.0 - name: Final outcome id: final @@ -155,7 +155,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -230,7 +230,7 @@ jobs: - name: Checkout builder repository id: checkout-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.7.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9ceddf7efc..a102b899d8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: go-version: "1.20" config-file: .github/workflows/configs-container/config-release.yml @@ -73,7 +73,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: go-version: "1.20" config-file: .github/workflows/configs-generic/config-release.yml @@ -86,7 +86,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: go-version: "1.20" config-file: .github/workflows/configs-go/config-release.yml @@ -99,7 +99,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: go-version: "1.20" config-file: .github/workflows/configs-docker/config-release.yml diff --git a/actions/delegator/secure-attestations-download/action.yml b/actions/delegator/secure-attestations-download/action.yml index 213d829bcd..17a2af5a88 100644 --- a/actions/delegator/secure-attestations-download/action.yml +++ b/actions/delegator/secure-attestations-download/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.7.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/nodejs/publish/action.yml b/actions/nodejs/publish/action.yml index 3762a36609..3fc0bbcd53 100644 --- a/actions/nodejs/publish/action.yml +++ b/actions/nodejs/publish/action.yml @@ -50,7 +50,7 @@ runs: # TODO(#1897): Use upstream version of npm - name: Setup npm id: setup-npm - uses: slsa-framework/slsa-github-generator/actions/nodejs/setup-npm@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/actions/nodejs/setup-npm@v1.7.0 - name: Create temp dir id: temp-dir @@ -62,14 +62,14 @@ runs: echo "path=${temp_dir}" >>"${GITHUB_OUTPUT}" - name: Download tarball - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.7.0 with: name: ${{ inputs.package-download-name }} path: "${{ steps.temp-dir.outputs.path }}/${{ inputs.package-name }}" sha256: ${{ inputs.package-download-sha256 }} - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.7.0 with: name: ${{ inputs.provenance-download-name }} path: "${{ steps.temp-dir.outputs.path }}" diff --git a/actions/nodejs/secure-attestations-download/action.yml b/actions/nodejs/secure-attestations-download/action.yml index 4e3002008b..93c0198680 100644 --- a/actions/nodejs/secure-attestations-download/action.yml +++ b/actions/nodejs/secure-attestations-download/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.7.0-rc.1 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.7.0 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/internal/builders/container/README.md b/internal/builders/container/README.md index f1749a4788..34b72d4465 100644 --- a/internal/builders/container/README.md +++ b/internal/builders/container/README.md @@ -72,7 +72,7 @@ provenance: id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -143,7 +143,7 @@ jobs: id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -367,7 +367,7 @@ This section explains how to generate non-forgeable SLSA provenance with existin # contents: read packages: write if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -432,7 +432,7 @@ This section explains how to generate non-forgeable SLSA provenance with existin # contents: read packages: write if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.7.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} diff --git a/internal/builders/docker/README.md b/internal/builders/docker/README.md index dcf14e2030..e7cc72e47b 100644 --- a/internal/builders/docker/README.md +++ b/internal/builders/docker/README.md @@ -202,7 +202,7 @@ jobs: contents: write # To upload assets to release. actions: read # To read the workflow path. needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml@v1.7.0 with: builder-image: "bash" builder-digest: "sha256:9e2ba52487d945504d250de186cb4fe2e3ba023ed2921dd6ac8b97ed43e76af9" diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index 60fd1e125a..02470a090c 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -93,7 +93,7 @@ provenance: actions: read # Needed for detection of GitHub Actions environment. id-token: write # Needed for provenance signing and ID contents: write # Needed for release uploads - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" ``` @@ -150,7 +150,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" # Upload provenance to a new release @@ -391,7 +391,7 @@ generate SLSA3 provenance by updating your existing workflow with the steps indi actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release @@ -433,7 +433,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release @@ -493,7 +493,7 @@ generate SLSA3 provenance by updating your existing workflow with the steps indi actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: ${{ needs.release.outputs.hashes }} upload-assets: true # upload to a new release @@ -541,7 +541,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: ${{ needs.release.outputs.hashes }} upload-assets: true # upload to a new release @@ -598,7 +598,7 @@ If you use [Bazel](https://bazel.build/) to generate your artifacts, you can eas actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -640,7 +640,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -698,7 +698,7 @@ steps indicated in the workflow below: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -745,7 +745,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -794,7 +794,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -837,7 +837,7 @@ Jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -888,7 +888,7 @@ steps indicated in the workflow below: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -927,7 +927,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -984,7 +984,7 @@ workflow with the steps indicated in the workflow below. actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1029,7 +1029,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1094,7 +1094,7 @@ steps indicated in the workflow below: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1141,7 +1141,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1232,7 +1232,7 @@ Regardless of your choice, there's unfortunately a bit of necessary boilerplate. actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1285,7 +1285,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -1325,7 +1325,7 @@ provenance: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs[format('hash-{0}-{1}', matrix.color, matrix.flavor)] }}" upload-assets: true # Optional: Upload to a new release @@ -1370,7 +1370,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.build.outputs[format('hash-{0}-{1}', matrix.color, matrix.flavor)] }}" upload-assets: true # Optional: Upload to a new release @@ -1430,5 +1430,5 @@ downloading the latest release. Make sure you continue to reference the workflow using a release tag in order to allow verification by `slsa-verifier`. ```yaml -uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 +uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 ``` diff --git a/internal/builders/go/README.md b/internal/builders/go/README.md index 24c1b161e3..7ca88a7400 100644 --- a/internal/builders/go/README.md +++ b/internal/builders/go/README.md @@ -173,7 +173,7 @@ build: arch: - amd64 - arm64 - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: go-version: 1.19 config-file: .slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yml @@ -250,7 +250,7 @@ jobs: contents: write # To upload assets to release. actions: read # To read the workflow path. needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 with: go-version: 1.17 # Optional: only needed if using ldflags. @@ -419,5 +419,5 @@ the latest release. Make sure you continue to reference the workflow using a release tag in order to allow verification by `slsa-verifier`. ```yaml -uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0 +uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 ``` diff --git a/internal/builders/nodejs/README.md b/internal/builders/nodejs/README.md index fbff4c5e97..6cb5765c38 100644 --- a/internal/builders/nodejs/README.md +++ b/internal/builders/nodejs/README.md @@ -111,7 +111,7 @@ jobs: contents: read # For repo checkout. actions: read # For getting workflow run info. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.7.0 with: run-scripts: "ci, build" ```