From ea9376980d1b597d405f8340d08fd10f59435ebd Mon Sep 17 00:00:00 2001 From: Ramon Petgrave Date: Mon, 22 Apr 2024 21:19:02 +0000 Subject: [PATCH] back to main Signed-off-by: Ramon Petgrave --- .github/workflows/builder_high-perms-checkout_slsa3.yml | 6 +++--- .../workflows/builder_high-perms-checkout_slsa3_test.yml | 2 +- .github/workflows/builder_high-perms_slsa3.yml | 4 ++-- .github/workflows/builder_high-perms_slsa3_test.yml | 2 +- .github/workflows/builder_low-perms_slsa3.yml | 8 ++++---- .github/workflows/builder_low-perms_slsa3_test.yml | 2 +- .../actions/download/attestation/action.yml | 2 +- high-perms/actions/download/attestation/action.yml | 2 +- low-perms/actions/download/attestation/action.yml | 2 +- low-perms/internal/callback_action/action.yml | 4 ++-- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/builder_high-perms-checkout_slsa3.yml b/.github/workflows/builder_high-perms-checkout_slsa3.yml index c3c423e..f859215 100644 --- a/.github/workflows/builder_high-perms-checkout_slsa3.yml +++ b/.github/workflows/builder_high-perms-checkout_slsa3.yml @@ -89,7 +89,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -106,7 +106,7 @@ jobs: contents: write # For asset uploads. packages: write # For package uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@main with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} secrets: @@ -121,7 +121,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@main with: name: ${{ needs.slsa-run.outputs.attestations-download-name }} sha256: ${{ needs.slsa-run.outputs.attestations-download-sha256 }} diff --git a/.github/workflows/builder_high-perms-checkout_slsa3_test.yml b/.github/workflows/builder_high-perms-checkout_slsa3_test.yml index 3d2b503..6cf061a 100644 --- a/.github/workflows/builder_high-perms-checkout_slsa3_test.yml +++ b/.github/workflows/builder_high-perms-checkout_slsa3_test.yml @@ -28,7 +28,7 @@ jobs: contents: write # For asset release. packages: write # For package upload. actions: read # For getting workflow run info. - uses: slsa-framework/example-trw/.github/workflows/builder_high-perms-checkout_slsa3.yml@v2.0.0 + uses: slsa-framework/example-trw/.github/workflows/builder_high-perms-checkout_slsa3.yml@main with: artifact: my-artifact filename: high-perms-checkout/src/build.txt diff --git a/.github/workflows/builder_high-perms_slsa3.yml b/.github/workflows/builder_high-perms_slsa3.yml index 18a5748..7fdaf39 100644 --- a/.github/workflows/builder_high-perms_slsa3.yml +++ b/.github/workflows/builder_high-perms_slsa3.yml @@ -84,7 +84,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -100,7 +100,7 @@ jobs: contents: write # For asset uploads. packages: write # For package uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@main with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} secrets: diff --git a/.github/workflows/builder_high-perms_slsa3_test.yml b/.github/workflows/builder_high-perms_slsa3_test.yml index f83ca58..2766648 100644 --- a/.github/workflows/builder_high-perms_slsa3_test.yml +++ b/.github/workflows/builder_high-perms_slsa3_test.yml @@ -28,7 +28,7 @@ jobs: contents: write # For asset release. packages: write # For package upload. actions: read # For getting workflow run info. - uses: slsa-framework/example-trw/.github/workflows/builder_high-perms_slsa3.yml@v2.0.0 # v0.0.1 has all refs at main. + uses: slsa-framework/example-trw/.github/workflows/builder_high-perms_slsa3.yml@main # v0.0.1 has all refs at main. with: artifact: my-artifact content: "hello world" diff --git a/.github/workflows/builder_low-perms_slsa3.yml b/.github/workflows/builder_low-perms_slsa3.yml index 6f5b415..25e22da 100644 --- a/.github/workflows/builder_low-perms_slsa3.yml +++ b/.github/workflows/builder_low-perms_slsa3.yml @@ -94,7 +94,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-generic@main with: slsa-workflow-recipient: "delegator_lowperms-generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -109,7 +109,7 @@ jobs: id-token: write # For signing. contents: read # For code access. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@main with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} secrets: @@ -124,7 +124,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download provenance - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@main with: name: ${{ needs.slsa-run.outputs.attestations-download-name }} sha256: ${{ needs.slsa-run.outputs.attestations-download-sha256 }} @@ -152,7 +152,7 @@ jobs: # Artifacts are downloaded in the current directory. The downloaded folder # is the one uploaded by the TCA, which in our case is called "artifacts". - name: Download artifacts - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-download-folder@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-download-folder@main with: name: ${{ fromJson(needs.slsa-run.outputs.build-artifacts-outputs).artifact-download-name }} sha256: ${{ fromJson(needs.slsa-run.outputs.build-artifacts-outputs).artifact-download-sha256 }} diff --git a/.github/workflows/builder_low-perms_slsa3_test.yml b/.github/workflows/builder_low-perms_slsa3_test.yml index 54b3281..a8a0c48 100644 --- a/.github/workflows/builder_low-perms_slsa3_test.yml +++ b/.github/workflows/builder_low-perms_slsa3_test.yml @@ -27,7 +27,7 @@ jobs: id-token: write # For signing contents: write # For asset release. actions: read # For getting workflow run info. - uses: slsa-framework/example-trw/.github/workflows/builder_low-perms_slsa3.yml@v2.0.0 # v0.0.1 has all refs at main. + uses: slsa-framework/example-trw/.github/workflows/builder_low-perms_slsa3.yml@main # v0.0.1 has all refs at main. with: artifact: my-artifact content: "hello world" diff --git a/high-perms-checkout/actions/download/attestation/action.yml b/high-perms-checkout/actions/download/attestation/action.yml index 191192d..097d269 100644 --- a/high-perms-checkout/actions/download/attestation/action.yml +++ b/high-perms-checkout/actions/download/attestation/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@main with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/high-perms/actions/download/attestation/action.yml b/high-perms/actions/download/attestation/action.yml index 191192d..097d269 100644 --- a/high-perms/actions/download/attestation/action.yml +++ b/high-perms/actions/download/attestation/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@main with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/low-perms/actions/download/attestation/action.yml b/low-perms/actions/download/attestation/action.yml index 191192d..097d269 100644 --- a/low-perms/actions/download/attestation/action.yml +++ b/low-perms/actions/download/attestation/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Download the attestations - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-attestations-download@main with: name: ${{ inputs.name }} path: ${{ inputs.path }} diff --git a/low-perms/internal/callback_action/action.yml b/low-perms/internal/callback_action/action.yml index 436c3f2..f3c2cf0 100644 --- a/low-perms/internal/callback_action/action.yml +++ b/low-perms/internal/callback_action/action.yml @@ -83,7 +83,7 @@ runs: - name: Create random value id: rng # WARNING: This is not cryptographically secure and will show in logs! - uses: slsa-framework/slsa-github-generator/actions/delegator/random@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/random@main # Create the folder to share. # The folder is local, so need its name needs not be randomized. @@ -100,7 +100,7 @@ runs: # Share the artifacts folder, with a unique randomized name. - name: Share artifacts id: upload - uses: slsa-framework/slsa-github-generator/actions/delegator/secure-upload-folder@v2.0.0 + uses: slsa-framework/slsa-github-generator/actions/delegator/secure-upload-folder@main with: name: "${{ steps.rng.outputs.random }}-artifacts" path: artifacts \ No newline at end of file