diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index 8a52363342..0c44b7967d 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -62,7 +62,7 @@ runs: using: "composite" steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} diff --git a/.github/actions/secure-download-artifact/action.yml b/.github/actions/secure-download-artifact/action.yml index f8cf151298..a67464798c 100644 --- a/.github/actions/secure-download-artifact/action.yml +++ b/.github/actions/secure-download-artifact/action.yml @@ -85,7 +85,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.8.0-rc.2 with: path: "${{ steps.validate-path.outputs.file_path }}" diff --git a/.github/actions/secure-download-folder/action.yml b/.github/actions/secure-download-folder/action.yml index a4d81f0bd6..c3764238e3 100644 --- a/.github/actions/secure-download-folder/action.yml +++ b/.github/actions/secure-download-folder/action.yml @@ -31,7 +31,7 @@ runs: steps: - name: Compute a random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 - name: Download the artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -41,7 +41,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.8.0-rc.2 with: path: "${{ steps.rng.outputs.random }}/folder.tgz" diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml index c4d54ad604..770faa8222 100644 --- a/.github/actions/secure-upload-artifact/action.yml +++ b/.github/actions/secure-upload-artifact/action.yml @@ -32,7 +32,7 @@ runs: steps: - name: Compute binary hash id: compute-digest - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.8.0-rc.2 with: path: "${{ inputs.path }}" diff --git a/.github/actions/secure-upload-folder/action.yml b/.github/actions/secure-upload-folder/action.yml index 11294b3be6..7d5970ad43 100644 --- a/.github/actions/secure-upload-folder/action.yml +++ b/.github/actions/secure-upload-folder/action.yml @@ -60,7 +60,7 @@ runs: - name: Upload the artifact id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.8.0-rc.2 with: name: "${{ inputs.name }}" path: "${{ steps.create.outputs.tarball-path }}" diff --git a/.github/workflows/builder_bazel_slsa3.yml b/.github/workflows/builder_bazel_slsa3.yml index 129a13f922..4dbf2fa624 100644 --- a/.github/workflows/builder_bazel_slsa3.yml +++ b/.github/workflows/builder_bazel_slsa3.yml @@ -86,7 +86,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.8.0-rc.2 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -100,6 +100,6 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.8.0-rc.2 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_container-based_slsa3.yml b/.github/workflows/builder_container-based_slsa3.yml index b812e57f4e..f665264929 100644 --- a/.github/workflows/builder_container-based_slsa3.yml +++ b/.github/workflows/builder_container-based_slsa3.yml @@ -165,7 +165,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 # This detects the repository and ref of the reusable workflow. # For pull request, this gets the referenced slsa-github-generator workflow. @@ -180,7 +180,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.8.0-rc.2 ################################################################### # # @@ -197,7 +197,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -230,7 +230,7 @@ jobs: steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -357,7 +357,7 @@ jobs: docker login "${untrusted_registry}" -u "${username}" -p "${password}" - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -485,7 +485,7 @@ jobs: provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -575,7 +575,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 8ed81f4dd1..1ed96fece1 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -130,7 +130,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 detect-env: outputs: @@ -142,7 +142,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.8.0-rc.2 ################################################################### # # @@ -157,7 +157,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -191,7 +191,7 @@ jobs: needs: [builder, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -238,7 +238,7 @@ jobs: needs: [builder, build-dry, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -320,7 +320,7 @@ jobs: go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -378,7 +378,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_gradle_slsa3.yml b/.github/workflows/builder_gradle_slsa3.yml index 9866c03b20..ecd7346b63 100644 --- a/.github/workflows/builder_gradle_slsa3.yml +++ b/.github/workflows/builder_gradle_slsa3.yml @@ -59,7 +59,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.8.0-rc.2 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -73,7 +73,7 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.8.0-rc.2 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/builder_maven_slsa3.yml b/.github/workflows/builder_maven_slsa3.yml index b604ca2d5c..717cf9d1fe 100644 --- a/.github/workflows/builder_maven_slsa3.yml +++ b/.github/workflows/builder_maven_slsa3.yml @@ -55,7 +55,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.8.0-rc.2 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: "${{ inputs.rekor-log-public }}" @@ -69,7 +69,7 @@ jobs: id-token: write # For signing. contents: read # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.8.0-rc.2 with: slsa-token: "${{ needs.slsa-setup.outputs.slsa-token }}" diff --git a/.github/workflows/builder_nodejs_slsa3.yml b/.github/workflows/builder_nodejs_slsa3.yml index 93cd9c2bbd..310715a342 100644 --- a/.github/workflows/builder_nodejs_slsa3.yml +++ b/.github/workflows/builder_nodejs_slsa3.yml @@ -89,7 +89,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v1.8.0-rc.2 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -104,6 +104,6 @@ jobs: id-token: write # For signing. contents: read # For repo checkout of private repos. actions: read # For getting workflow run on private repos. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v1.8.0-rc.2 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} diff --git a/.github/workflows/delegator_generic_slsa3.yml b/.github/workflows/delegator_generic_slsa3.yml index ede70d957d..d22d957500 100644 --- a/.github/workflows/delegator_generic_slsa3.yml +++ b/.github/workflows/delegator_generic_slsa3.yml @@ -84,7 +84,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 # verify-token verifies the slsa token. verify-token: @@ -100,7 +100,7 @@ jobs: steps: - name: Verify token id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@main + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.8.0-rc.2 with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -109,7 +109,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -120,7 +120,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@main + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.8.0-rc.2 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -147,7 +147,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -171,7 +171,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.8.0-rc.2 with: fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }} @@ -213,7 +213,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -229,14 +229,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -266,7 +266,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.8.0-rc.2 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -275,14 +275,14 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@main + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.8.0-rc.2 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" - name: Upload attestations id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-slsa-attestations" path: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/delegator_lowperms-generic_slsa3.yml b/.github/workflows/delegator_lowperms-generic_slsa3.yml index b3d0a68ad1..f36b90da64 100644 --- a/.github/workflows/delegator_lowperms-generic_slsa3.yml +++ b/.github/workflows/delegator_lowperms-generic_slsa3.yml @@ -89,7 +89,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 # verify-token verifies the slsa token. verify-token: @@ -105,7 +105,7 @@ jobs: steps: - name: Verify token id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@main + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.8.0-rc.2 with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -114,7 +114,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -125,7 +125,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@main + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.8.0-rc.2 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -150,7 +150,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -174,7 +174,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.8.0-rc.2 with: fetch-depth: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.fetch_depth }} checkout-sha1: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).source.checkout.sha1 }} @@ -216,7 +216,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -232,14 +232,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -269,7 +269,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.8.0-rc.2 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -278,14 +278,14 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@main + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.8.0-rc.2 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" - name: Upload attestations id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.8.0-rc.2 with: name: "${{ needs.rng.outputs.value }}-slsa-attestations" path: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/e2e.create-container_based-predicate.schedule.yml b/.github/workflows/e2e.create-container_based-predicate.schedule.yml index 632685337f..ea4b6588cc 100644 --- a/.github/workflows/e2e.create-container_based-predicate.schedule.yml +++ b/.github/workflows/e2e.create-container_based-predicate.schedule.yml @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.8.0-rc.2 - name: Update the build definition # We use a build definition hard-coded in testadata. To ensure validation against # workflow context, we must update the source references. diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml index 371c33c89c..bf4a627875 100644 --- a/.github/workflows/generator_container_slsa3.yml +++ b/.github/workflows/generator_container_slsa3.yml @@ -94,7 +94,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.8.0-rc.2 - name: Final outcome id: final @@ -126,7 +126,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml index 49182c4ad9..de88d3638d 100644 --- a/.github/workflows/generator_generic_slsa3.yml +++ b/.github/workflows/generator_generic_slsa3.yml @@ -128,7 +128,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.8.0-rc.2 - name: Final outcome id: final @@ -163,7 +163,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -196,7 +196,7 @@ jobs: id: download-file continue-on-error: true if: inputs.base64-subjects-as-file != '' - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: "${{ steps.metadata.outputs.artifact_name }}" path: "${{ steps.metadata.outputs.filename }}" @@ -281,7 +281,7 @@ jobs: - name: Checkout builder repository id: checkout-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be6ab6840d..d8ac88e5ab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0-rc.2 with: go-version: "1.20" config-file: .github/workflows/configs-container/config-release.yml @@ -73,7 +73,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0-rc.2 with: go-version: "1.20" config-file: .github/workflows/configs-generic/config-release.yml @@ -86,7 +86,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0-rc.2 with: go-version: "1.20" config-file: .github/workflows/configs-go/config-release.yml @@ -99,7 +99,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0-rc.2 with: go-version: "1.20" config-file: .github/workflows/configs-docker/config-release.yml diff --git a/actions/delegator/random/action.yml b/actions/delegator/random/action.yml index 9f4c93cead..ae291c5ab8 100644 --- a/actions/delegator/random/action.yml +++ b/actions/delegator/random/action.yml @@ -31,4 +31,4 @@ runs: steps: - name: Generate random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 diff --git a/actions/delegator/secure-attestations-download/action.yml b/actions/delegator/secure-attestations-download/action.yml index bc0ba8e63d..a4ff02b07f 100644 --- a/actions/delegator/secure-attestations-download/action.yml +++ b/actions/delegator/secure-attestations-download/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/delegator/secure-download-folder/action.yml b/actions/delegator/secure-download-folder/action.yml index 2d7d4ff18a..08b0d25ea1 100644 --- a/actions/delegator/secure-download-folder/action.yml +++ b/actions/delegator/secure-download-folder/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the folder - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/delegator/secure-upload-folder/action.yml b/actions/delegator/secure-upload-folder/action.yml index 3e673b970c..65edcf4108 100644 --- a/actions/delegator/secure-upload-folder/action.yml +++ b/actions/delegator/secure-upload-folder/action.yml @@ -34,7 +34,7 @@ runs: steps: - name: Upload the folder id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-folder@v1.8.0-rc.2 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/generator/generic/create-base64-subjects-from-file/action.yml b/actions/generator/generic/create-base64-subjects-from-file/action.yml index 5e953c73cb..c59a0f6524 100644 --- a/actions/generator/generic/create-base64-subjects-from-file/action.yml +++ b/actions/generator/generic/create-base64-subjects-from-file/action.yml @@ -28,7 +28,7 @@ runs: steps: - name: Generate random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.8.0-rc.2 - name: Generate random name id: name @@ -49,7 +49,7 @@ runs: - name: Upload file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.8.0-rc.2 with: name: "${{ steps.name.outputs.artifact_name }}" path: "${{ inputs.path }}" diff --git a/actions/gradle/publish/action.yml b/actions/gradle/publish/action.yml index dc217d3d1a..987388c2e4 100644 --- a/actions/gradle/publish/action.yml +++ b/actions/gradle/publish/action.yml @@ -62,14 +62,14 @@ runs: gpg-private-key: ${{ inputs.gpg-private-key }} gpg-passphrase: GPG_KEY_PASS - name: Download the slsa attestation - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: "${{ inputs.provenance-download-name }}" path: ./ sha256: "${{ inputs.provenance-download-sha256 }}" - name: Download the target dir - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: build path: ./ diff --git a/actions/maven/publish/action.yml b/actions/maven/publish/action.yml index f4b071cd7b..2c5e949e5a 100644 --- a/actions/maven/publish/action.yml +++ b/actions/maven/publish/action.yml @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - inputs: provenance-download-name: description: "The artifact name for the package provenance." @@ -42,7 +41,7 @@ runs: using: "composite" steps: - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main # needed because we run javadoc and sources. + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.8.0-rc.2 # needed because we run javadoc and sources. - name: Set up Java for publishing to Maven Central Repository uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3 env: @@ -50,8 +49,8 @@ runs: MAVEN_PASSWORD: ${{ inputs.maven-password }} GPG_KEY_PASS: ${{ inputs.gpg-key-pass }} with: - java-version: '11' - distribution: 'temurin' + java-version: "11" + distribution: "temurin" server-id: ossrh server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD @@ -59,24 +58,24 @@ runs: gpg-passphrase: GPG_KEY_PASS - name: Download the slsa attestation - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: "${{ inputs.provenance-download-name }}" path: slsa-attestations sha256: "${{ inputs.provenance-download-sha256 }}" - name: Download the target dir - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: target path: ./ sha256: "${{ inputs.target-download-sha256 }}" - name: Checkout the framework repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.8.0-rc.2 with: repository: slsa-framework/slsa-github-generator - ref: main + ref: v1.8.0-rc.2 path: __BUILDER_CHECKOUT_DIR__ - name: Publish to the Maven Central Repository diff --git a/actions/nodejs/publish/action.yml b/actions/nodejs/publish/action.yml index cd1c40e84a..c554c26dfd 100644 --- a/actions/nodejs/publish/action.yml +++ b/actions/nodejs/publish/action.yml @@ -70,14 +70,14 @@ runs: echo "path=${temp_dir}" >>"${GITHUB_OUTPUT}" - name: Download tarball - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: ${{ inputs.package-download-name }} path: "${{ steps.temp-dir.outputs.path }}/${{ inputs.package-name }}" sha256: ${{ inputs.package-download-sha256 }} - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@main + uses: slsa-framework/slsa-github-generator/actions/nodejs/secure-attestations-download@v1.8.0-rc.2 with: name: ${{ inputs.provenance-download-name }} path: "${{ steps.temp-dir.outputs.path }}" diff --git a/actions/nodejs/secure-attestations-download/action.yml b/actions/nodejs/secure-attestations-download/action.yml index eeaa067c81..f8faeeb9c4 100644 --- a/actions/nodejs/secure-attestations-download/action.yml +++ b/actions/nodejs/secure-attestations-download/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@v1.8.0-rc.2 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/actions/nodejs/secure-package-download/action.yml b/actions/nodejs/secure-package-download/action.yml index c3c83b166e..83baa0a45f 100644 --- a/actions/nodejs/secure-package-download/action.yml +++ b/actions/nodejs/secure-package-download/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Download the package - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.8.0-rc.2 with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/internal/builders/maven/action.yml b/internal/builders/maven/action.yml index 70b814ebc4..3e529b3ec0 100644 --- a/internal/builders/maven/action.yml +++ b/internal/builders/maven/action.yml @@ -17,11 +17,11 @@ inputs: # BYOB-provided inputs slsa-workflow-inputs: # Inputs in JSON format. - description: 'All the onputs' + description: "All the onputs" type: string required: true slsa-layout-file: - description: 'Location to store the layout content' + description: "Location to store the layout content" type: string required: true slsa-workflow-secret1: {} @@ -50,7 +50,7 @@ outputs: on: workflow_call: runs: - using: 'composite' + using: "composite" steps: - uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5 # v 3.5.2 - name: Set up JDK @@ -62,7 +62,7 @@ runs: uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main with: repository: slsa-framework/slsa-github-generator - ref: main + ref: v1.8.0-rc.2 path: __BUILDER_CHECKOUT_DIR__ - name: Run mvn package shell: bash