diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8d3dcb9..5f63125 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -33,7 +33,7 @@ jobs: uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Install bom - uses: kubernetes-sigs/release-actions/setup-bom@2f8b9ec22aedc9ce15039b6c7716aa6c2907df1c # v0.2.0 + uses: kubernetes-sigs/release-actions/setup-bom@a69972745f85aab4ba5d6c681e2a0e7f73eaff2b # v0.3.0 - uses: ko-build/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7 @@ -82,7 +82,7 @@ jobs: run: echo "tag_name=${GITHUB_REF#refs/*/}" >> "$GITHUB_OUTPUT" - name: Install tejolote - uses: kubernetes-sigs/release-actions/setup-tejolote@2f8b9ec22aedc9ce15039b6c7716aa6c2907df1c # v0.2.0 + uses: kubernetes-sigs/release-actions/setup-tejolote@a69972745f85aab4ba5d6c681e2a0e7f73eaff2b # v0.3.0 - run: | tejolote attest --artifacts github://openvex/vexctl/${{ steps.tag.outputs.tag_name }} github://openvex/vexctl/"${GITHUB_RUN_ID}" --output vexctl.intoto.json --sign diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 977983a..505894a 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -28,7 +28,7 @@ jobs: install-only: true - name: Install bom - uses: kubernetes-sigs/release-actions/setup-bom@2f8b9ec22aedc9ce15039b6c7716aa6c2907df1c # v0.2.0 + uses: kubernetes-sigs/release-actions/setup-bom@a69972745f85aab4ba5d6c681e2a0e7f73eaff2b # v0.3.0 - name: Run Snapshot run: make snapshot @@ -53,7 +53,7 @@ jobs: fetch-depth: 1 - name: Install tejolote - uses: kubernetes-sigs/release-actions/setup-tejolote@2f8b9ec22aedc9ce15039b6c7716aa6c2907df1c # v0.2.0 + uses: kubernetes-sigs/release-actions/setup-tejolote@a69972745f85aab4ba5d6c681e2a0e7f73eaff2b # v0.3.0 - run: | tejolote attest github://openvex/vexctl/"${GITHUB_RUN_ID}" --output vexctl.intoto.json