From 49f1ab47df7d88004f76975db5bb499c6216aa13 Mon Sep 17 00:00:00 2001 From: Ian Lewis Date: Wed, 5 Apr 2023 22:01:01 +0000 Subject: [PATCH] chore: Release v1.6.0-rc.0 Signed-off-by: Ian Lewis --- .github/actions/generate-builder/action.yml | 2 +- .../secure-download-artifact/action.yml | 2 +- .../actions/secure-download-folder/action.yml | 4 ++-- .../actions/secure-upload-artifact/action.yml | 2 +- .../actions/secure-upload-folder/action.yml | 2 +- .../workflows/builder_docker-based_slsa3.yml | 14 ++++++------ .github/workflows/builder_go_slsa3.yml | 14 ++++++------ .github/workflows/builder_nodejs_slsa3.yml | 6 ++--- .github/workflows/delegator_generic_slsa3.yml | 22 +++++++++---------- ...create-docker_based-predicate.schedule.yml | 2 +- .../workflows/generator_container_slsa3.yml | 4 ++-- .github/workflows/generator_generic_slsa3.yml | 6 ++--- .github/workflows/release.yml | 6 ++--- 13 files changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index 90ad135e3e..42cc8e778f 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -42,7 +42,7 @@ runs: using: "composite" steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} diff --git a/.github/actions/secure-download-artifact/action.yml b/.github/actions/secure-download-artifact/action.yml index c0353675e7..f4a05c069b 100644 --- a/.github/actions/secure-download-artifact/action.yml +++ b/.github/actions/secure-download-artifact/action.yml @@ -58,7 +58,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.6.0-rc.0 with: path: "${{ inputs.path }}" diff --git a/.github/actions/secure-download-folder/action.yml b/.github/actions/secure-download-folder/action.yml index 94bf35fdb9..dde1490596 100644 --- a/.github/actions/secure-download-folder/action.yml +++ b/.github/actions/secure-download-folder/action.yml @@ -17,7 +17,7 @@ runs: steps: - name: Compute a random value id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0 - name: Download the artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -27,7 +27,7 @@ runs: - name: Compute the hash id: compute - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.6.0-rc.0 with: path: "${{ steps.rng.outputs.random }}/folder.tgz" diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml index b4e93dcb09..6168f14e90 100644 --- a/.github/actions/secure-upload-artifact/action.yml +++ b/.github/actions/secure-upload-artifact/action.yml @@ -18,7 +18,7 @@ runs: steps: - name: Compute binary hash id: compute-digest - uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@main + uses: slsa-framework/slsa-github-generator/.github/actions/compute-sha256@v1.6.0-rc.0 with: path: "${{ inputs.path }}" diff --git a/.github/actions/secure-upload-folder/action.yml b/.github/actions/secure-upload-folder/action.yml index 72882ca7ea..0fd49cd257 100644 --- a/.github/actions/secure-upload-folder/action.yml +++ b/.github/actions/secure-upload-folder/action.yml @@ -46,7 +46,7 @@ runs: - name: Upload the artifact id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.6.0-rc.0 with: name: "${{ inputs.name }}" path: "${{ steps.create.outputs.tarball-path }}" diff --git a/.github/workflows/builder_docker-based_slsa3.yml b/.github/workflows/builder_docker-based_slsa3.yml index 8c4978ec22..9da32704f5 100644 --- a/.github/workflows/builder_docker-based_slsa3.yml +++ b/.github/workflows/builder_docker-based_slsa3.yml @@ -153,7 +153,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0 # This detects the repository and ref of the reusable workflow. # For pull request, this gets the referenced slsa-github-generator workflow. @@ -168,7 +168,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v1.6.0-rc.0 ################################################################### # # @@ -185,7 +185,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -218,7 +218,7 @@ jobs: steps: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -346,7 +346,7 @@ jobs: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -474,7 +474,7 @@ jobs: provenance-sha256: ${{ steps.upload-signed.outputs.sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -564,7 +564,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 64adec9884..cbd2b29603 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -100,7 +100,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0 detect-env: outputs: @@ -112,7 +112,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0 ################################################################### # # @@ -127,7 +127,7 @@ jobs: steps: - name: Generate builder binary id: generate - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -161,7 +161,7 @@ jobs: needs: [builder, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -207,7 +207,7 @@ jobs: needs: [builder, build-dry, rng, detect-env] steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -287,7 +287,7 @@ jobs: go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }} steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -345,7 +345,7 @@ jobs: if: inputs.upload-assets && (startsWith(github.ref, 'refs/tags/') || inputs.upload-tag-name != '') steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/builder_nodejs_slsa3.yml b/.github/workflows/builder_nodejs_slsa3.yml index 947a2e7232..da212f1562 100644 --- a/.github/workflows/builder_nodejs_slsa3.yml +++ b/.github/workflows/builder_nodejs_slsa3.yml @@ -67,7 +67,7 @@ jobs: steps: - name: Generate the token id: generate - uses: slsa-framework/slsa-github-generator/actions/delegator/setup-token@main + uses: slsa-framework/slsa-github-generator/actions/delegator/setup-token@v1.6.0-rc.0 with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-rekor-log-public: ${{ inputs.rekor-log-public }} @@ -83,7 +83,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. packages: write # For publishing to GitHub packages. - uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/delegator_generic_slsa3.yml@v1.6.0-rc.0 with: slsa-token: ${{ needs.slsa-setup.outputs.slsa-token }} @@ -111,7 +111,7 @@ jobs: # NOTE: secure-download-artifact ensures that the downloaded file doesn't overwrite an existing file. - name: Download package id: package-download - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.6.0-rc.0 with: name: ${{ fromJSON(needs.slsa-run.outputs.build-artifacts-outputs).package-download-name }} path: ${{ fromJSON(needs.slsa-run.outputs.build-artifacts-outputs).package-filename }} diff --git a/.github/workflows/delegator_generic_slsa3.yml b/.github/workflows/delegator_generic_slsa3.yml index bd15533fa0..bddee2ddee 100644 --- a/.github/workflows/delegator_generic_slsa3.yml +++ b/.github/workflows/delegator_generic_slsa3.yml @@ -77,7 +77,7 @@ jobs: steps: - name: Generate random 16-byte value (32-char hex encoded) id: rng - uses: slsa-framework/slsa-github-generator/.github/actions/rng@main + uses: slsa-framework/slsa-github-generator/.github/actions/rng@v1.6.0-rc.0 # verify-token verifies the slsa token. verify-token: @@ -91,7 +91,7 @@ jobs: steps: - name: Verify token with test action id: verify - uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@main + uses: slsa-framework/slsa-github-generator/.github/actions/verify-token@v1.6.0-rc.0 with: slsa-workflow-recipient: "delegator_generic_slsa3.yml" slsa-unverified-token: ${{ inputs.slsa-token }} @@ -99,7 +99,7 @@ jobs: - name: Upload predicate id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.6.0-rc.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -110,7 +110,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@main + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@v1.6.0-rc.0 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ fromJson(needs.verify-token.outputs.slsa-verified-token).builder.rekor_log_public }} @@ -138,7 +138,7 @@ jobs: echo "$RUNNER: $RUNNER" - name: Checkout the tool repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: ${{ needs.verify-token.outputs.tool-repository }} ref: ${{ needs.verify-token.outputs.tool-ref }} @@ -162,7 +162,7 @@ jobs: tree - name: Checkout the project repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@v1.6.0-rc.0 # NOTE: This calls the Action defined in the slsa-token. - name: Build artifacts @@ -188,7 +188,7 @@ jobs: - name: Upload artifact layout file id: upload - uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-upload-artifact@v1.6.0-rc.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" @@ -203,14 +203,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Download the artifact layout file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.6.0-rc.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_ARTIFACTS_FILE }}" path: "${{ env.SLSA_ARTIFACTS_FILE }}" sha256: ${{ needs.build-artifacts-ubuntu.outputs.artifacts-layout-sha256 }} - name: Download the predicate file - uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-artifact@v1.6.0-rc.0 with: name: "${{ needs.rng.outputs.value }}-${{ env.SLSA_PREDICATE_FILE }}" path: ${{ env.SLSA_PREDICATE_FILE }} @@ -240,7 +240,7 @@ jobs: - name: Generate attestations id: attestations - uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-attestations@v1.6.0-rc.0 with: slsa-layout-file: ${{ env.SLSA_ARTIFACTS_FILE }} predicate-type: ${{ steps.predicate-type.outputs.predicate-type }} @@ -249,7 +249,7 @@ jobs: - name: Sign attestations id: sign - uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@main + uses: slsa-framework/slsa-github-generator/.github/actions/sign-attestations@v1.6.0-rc.0 with: attestations: attestations output-folder: "${{ needs.rng.outputs.value }}-slsa-attestations" diff --git a/.github/workflows/e2e.create-docker_based-predicate.schedule.yml b/.github/workflows/e2e.create-docker_based-predicate.schedule.yml index 4eb367f930..d1dad210bd 100644 --- a/.github/workflows/e2e.create-docker_based-predicate.schedule.yml +++ b/.github/workflows/e2e.create-docker_based-predicate.schedule.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0 - name: Update the build definition # We use a build definition hard-coded in testadata. To ensure validation against # workflow context, we must update the source references. diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml index e27a54dcc5..f442f80cc7 100644 --- a/.github/workflows/generator_container_slsa3.yml +++ b/.github/workflows/generator_container_slsa3.yml @@ -94,7 +94,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0 - name: Final outcome id: final @@ -125,7 +125,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml index b533d3e1d2..eae3a3c58d 100644 --- a/.github/workflows/generator_generic_slsa3.yml +++ b/.github/workflows/generator_generic_slsa3.yml @@ -115,7 +115,7 @@ jobs: - name: Detect the generator ref id: detect continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@v1.6.0-rc.0 - name: Final outcome id: final @@ -148,7 +148,7 @@ jobs: - name: Generate builder id: generate-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@main + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -222,7 +222,7 @@ jobs: - name: Checkout builder repository id: checkout-builder continue-on-error: true - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@v1.6.0-rc.0 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15e0e9858a..9af38bfb81 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,7 +46,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0-rc.0 with: go-version: "1.20" config-file: .github/workflows/configs-container/config-release.yml @@ -59,7 +59,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0-rc.0 with: go-version: "1.20" config-file: .github/workflows/configs-generic/config-release.yml @@ -72,7 +72,7 @@ jobs: id-token: write # For signing. contents: write # For asset uploads. actions: read # For the entrypoint. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@main + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0-rc.0 with: go-version: "1.20" config-file: .github/workflows/configs-go/config-release.yml