Skip to content

Commit e972734

Browse files
authored
Merge branch 'main' into 1110-release-docs
2 parents f5dd32f + 4876e96 commit e972734

33 files changed

Lines changed: 65 additions & 94 deletions

.github/actions/generate-builder/action.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ runs:
7676
token: ${{ inputs.token }}
7777

7878
- name: Set up Go environment
79-
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
79+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
8080
with:
8181
go-version: ${{ inputs.go-version }}
8282

@@ -91,8 +91,8 @@ runs:
9191
# release binaries when the compile-builder input is false.
9292
VERIFIER_REPOSITORY: slsa-framework/slsa-verifier # The repository to download the pre-built verifier binary from.
9393
VERIFIER_RELEASE_BINARY: slsa-verifier-linux-amd64 # The name of the verifier binary in the release assets.
94-
VERIFIER_RELEASE_BINARY_SHA256: 499befb675efcca9001afe6e5156891b91e71f9c07ab120a8943979f85cc82e6 # The expected hash of the verifier binary.
95-
VERIFIER_RELEASE: v2.7.0 # The version of the verifier to download.
94+
VERIFIER_RELEASE_BINARY_SHA256: 946dbec729094195e88ef78e1734324a27869f03e2c6bd2f61cbc06bd5350339 # The expected hash of the verifier binary.
95+
VERIFIER_RELEASE: v2.7.1 # The version of the verifier to download.
9696

9797
COMPILE_BUILDER: "${{ inputs.compile-builder }}"
9898
# NOTE: If a builder reference is specified, then we will download this version of the builder.

.github/actions/secure-download-artifact/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ runs:
7878
echo "folder_path=${folder_path}" >> "${GITHUB_OUTPUT}"
7979
8080
- name: Download the artifact
81-
uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
81+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
8282
with:
8383
name: "${{ inputs.name }}"
8484
path: "${{ steps.validate-path.outputs.folder_path }}"

.github/actions/secure-download-folder/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ runs:
3434
uses: slsa-framework/slsa-github-generator/.github/actions/rng@main
3535

3636
- name: Download the artifact
37-
uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
37+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
3838
with:
3939
name: "${{ inputs.name }}"
4040
path: "${{ steps.rng.outputs.random }}"

.github/actions/secure-project-checkout-go/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ runs:
6565
fi
6666
6767
- name: Set up Go environment
68-
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
68+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
6969
with:
7070
go-version: ${{ steps.validate.outputs.go_version }}
7171
go-version-file: ${{ steps.validate.outputs.go_version_file }}

.github/actions/secure-project-checkout-node/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,6 @@ runs:
4141
path: ${{ inputs.path }}
4242

4343
- name: Set up Node environment
44-
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
44+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
4545
with:
4646
node-version: ${{ inputs.node-version }}

.github/actions/secure-upload-artifact/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ runs:
3737
path: "${{ inputs.path }}"
3838

3939
- name: Upload the artifact
40-
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
40+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
4141
with:
4242
name: "${{ inputs.name }}"
4343
path: "${{ inputs.path }}"

.github/actions/verify-token/dist/index.js

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -158,9 +158,8 @@ function run() {
158158
(0, validate_1.validateGitHubFields)(rawTokenObj.github);
159159
// Validate the build Action is not empty.
160160
(0, validate_1.validateFieldNonEmpty)("tool.actions.build_artifacts.path", rawTokenObj.tool.actions.build_artifacts.path);
161-
// No validation needed for the builder inputs,
161+
// NOTE: No validation needed for the builder inputs,
162162
// they may be empty.
163-
// TODO(#1780): test empty inputs.
164163
// Extract certificate information.
165164
const [toolURI, toolRepository, toolRef, toolSha, toolPath] = (0, utils_1.parseCertificate)(bundle);
166165
// Extract the inputs.

.github/actions/verify-token/dist/index.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.github/actions/verify-token/src/index.ts

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -141,9 +141,8 @@ async function run(): Promise<void> {
141141
rawTokenObj.tool.actions.build_artifacts.path,
142142
);
143143

144-
// No validation needed for the builder inputs,
144+
// NOTE: No validation needed for the builder inputs,
145145
// they may be empty.
146-
// TODO(#1780): test empty inputs.
147146

148147
// Extract certificate information.
149148
const [toolURI, toolRepository, toolRef, toolSha, toolPath] =

.github/workflows/builder_container-based_slsa3.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,7 @@ jobs:
209209
allow-private-repository: ${{ inputs.rekor-log-public }}
210210

211211
- name: Upload builder
212-
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
212+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
213213
with:
214214
name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}"
215215
path: "${{ env.BUILDER_BINARY }}"
@@ -306,7 +306,7 @@ jobs:
306306
- id: auth
307307
name: Authenticate to Google Cloud
308308
if: inputs.gcp-workload-identity-provider != ''
309-
uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
309+
uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
310310
with:
311311
token_format: "access_token"
312312
workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }}
@@ -462,7 +462,7 @@ jobs:
462462
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/1655): Use a
463463
# secure upload or verify this against the SLSA layout file.
464464
id: upload-artifacts
465-
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
465+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
466466
with:
467467
name: ${{ steps.build.outputs.build-outputs-name }}
468468
path: /tmp/build-outputs-${{ needs.rng.outputs.value }}
@@ -535,7 +535,7 @@ jobs:
535535
- name: Upload unsigned intoto attestations file for pull request
536536
if: ${{ github.event_name == 'pull_request' }}
537537
id: upload-unsigned
538-
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
538+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
539539
with:
540540
name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
541541
path: "attestations-${{ needs.rng.outputs.value }}"
@@ -556,7 +556,7 @@ jobs:
556556
- name: Upload the signed attestations
557557
id: upload-signed
558558
if: ${{ github.event_name != 'pull_request' }}
559-
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
559+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
560560
with:
561561
name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
562562
path: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
@@ -584,21 +584,21 @@ jobs:
584584
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/1655): Use the SLSA
585585
# layout files and their checksums to validate the artifacts.
586586
- name: Download artifacts
587-
uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
587+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
588588
with:
589589
name: "${{ needs.build.outputs.build-outputs-name }}"
590590
path: "${{ needs.build.outputs.build-outputs-name }}"
591591

592592
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/1655): Use the
593593
# secure-folder-download action.
594594
- name: Download provenance
595-
uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
595+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
596596
with:
597597
name: "${{ needs.provenance.outputs.provenance-name }}"
598598
path: "${{ needs.provenance.outputs.provenance-name }}"
599599

600600
- name: Upload provenance new tag
601-
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
601+
uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
602602
if: startsWith(github.ref, 'refs/tags/') && inputs.upload-tag-name == ''
603603
id: release-new-tags
604604
with:
@@ -609,7 +609,7 @@ jobs:
609609
draft: ${{ inputs.draft-release }}
610610

611611
- name: Upload provenance tag name
612-
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
612+
uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
613613
if: inputs.upload-tag-name != ''
614614
with:
615615
prerelease: ${{ inputs.prerelease }}

0 commit comments

Comments
 (0)