diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index a249449..a36e782 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -16,8 +16,6 @@ on: release: types: [created] -permissions: read-all - jobs: build: runs-on: ubuntu-latest @@ -46,7 +44,7 @@ jobs: # provenance for. # # ======================================================== - - name: Generate subject + - name: Generate subject for provenance id: hash run: | set -euo pipefail @@ -54,7 +52,7 @@ jobs: # List the artifacts the provenance will refer to. files=$(ls artifact*) # Generate the subjects (base64 encoded). - echo "::set-output name=digests::$(sha256sum $files | base64 -w0)" + echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" provenance: needs: [build] @@ -62,7 +60,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 with: base64-subjects: "${{ needs.build.outputs.digests }}" upload-assets: true # Optional: Upload to a new release diff --git a/ci/go-ossf-slsa3-publish.yml b/ci/go-ossf-slsa3-publish.yml index b357cc0..79ea193 100644 --- a/ci/go-ossf-slsa3-publish.yml +++ b/ci/go-ossf-slsa3-publish.yml @@ -29,7 +29,7 @@ jobs: id-token: write # To sign. contents: write # To upload release assets. actions: read # To read workflow path. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.4.0 with: go-version: 1.17 # =============================================================================================================