From f8857cb03268b5b952b88b2acb3e11d9f0f7b6e4 Mon Sep 17 00:00:00 2001 From: David Lord Date: Sat, 23 Mar 2024 14:32:37 +0100 Subject: [PATCH] update slsa action temporarily pin to commit on main with fix for upload/download artifact watch slsa repo for next tagged release --- .github/workflows/publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 80397be90..73297cff5 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -33,7 +33,7 @@ jobs: id-token: write contents: write # Can't pin with hash due to how this workflow works. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@c747fe7769adf3656dc7d588b161cb614d7abfee # v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@1fee7c6fdaf1b8532bd4cad778556e42ac27affa # main with new upload/download with: base64-subjects: ${{ needs.build.outputs.hash }} create-release: