File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3636 steps :
3737 # Install go with specific version
3838 - name : Set up Go
39- uses : actions/setup-go@v5
39+ uses : actions/setup-go@v6
4040 with :
4141 go-version : ${{ inputs.go-version }} # same version than the one in the go.mod or in the .go-version
4242 # Register to ghcr.io container Registry
@@ -48,10 +48,10 @@ runs:
4848 password : ${{ inputs.registry_password }}
4949 # Install ko to publish container images
5050 - name : Set up Ko
51- uses : ko-build/setup-ko@v0.7
51+ uses : ko-build/setup-ko@v0.9
5252 # Install cosign to sign artfacts with goreleaser
5353 - name : Install Cosign
54- uses : sigstore/cosign-installer@v3.5 .0
54+ uses : sigstore/cosign-installer@v3.10 .0
5555 # Get LDFLAGS with a makefile command
5656 - shell : bash
5757 name : Get LDFLAGS
Original file line number Diff line number Diff line change @@ -25,18 +25,18 @@ runs:
2525 steps :
2626 # Install go with specific version
2727 - name : Set up Go
28- uses : actions/setup-go@v5
28+ uses : actions/setup-go@v6
2929 with :
3030 go-version : ${{ inputs.go-version }} # same version than the one in the go.mod or in the .go-version
3131
3232 - shell : bash
3333 name : Install dependencies
3434 run : |
35- go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.5 .1
35+ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.7 .1
3636 - shell : bash
3737 name : verify image provenance
3838 id : image-provenance
3939 run : |
4040 slsa-verifier verify-image ${{ inputs.image }} \
4141 --source-uri github.com/${{github.repository}} \
42- --builder-id https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@refs/tags/v1.10 .0
42+ --builder-id https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@refs/tags/v2.1 .0
Original file line number Diff line number Diff line change 2222 digest : ${{ steps.publish-artifacts.outputs.digest }}
2323 steps :
2424 - name : Checkout
25- uses : actions/checkout@v4
25+ uses : actions/checkout@v5
2626 with :
2727 fetch-depth : 0
2828 - name : Publish Artifacts
4343 actions : read # To read the workflow path.
4444 id-token : write # To sign the provenance.
4545 contents : write # To add assets to a release.
46- uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10 .0
46+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1 .0
4747 with :
4848 base64-subjects : " ${{ needs.goreleaser.outputs.hashes }}"
4949 upload-assets : true
5454 actions : read
5555 id-token : write
5656 packages : write
57- uses : slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10 .0
57+ uses : slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1 .0
5858 with :
5959 image : ${{ needs.goreleaser.outputs.image }}
6060 digest : ${{ needs.goreleaser.outputs.digest }}
7272 packages : write
7373 steps :
7474 - name : Checkout
75- uses : actions/checkout@v4
75+ uses : actions/checkout@v5
7676 with :
7777 fetch-depth : 0
7878 - name : Verify provenance attestations
You can’t perform that action at this time.
0 commit comments