From 3119152b59607c0d91a135e8d80c0d339f241a12 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Wed, 12 Jun 2024 16:28:09 -0700 Subject: [PATCH] bump predicate and actions/attest (#116) * actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0 * actions/attest from 1.2.0 to 1.3.0 Signed-off-by: Brian DeHamer --- README.md | 2 +- action.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e25b8e91..3c1e2dc1 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ attest: ``` The `id-token` permission gives the action the ability to mint the OIDC token - permission is necessary to persist the attestation. The `attestations` + necessary to request a Sigstore signing certificate. The `attestations` permission is necessary to persist the attestation. 1. Add the following to your workflow after your artifact has been built: diff --git a/action.yml b/action.yml index daf97237..4930b4e0 100644 --- a/action.yml +++ b/action.yml @@ -44,9 +44,9 @@ outputs: runs: using: 'composite' steps: - - uses: actions/attest-build-provenance/predicate@db1dde0f270afe12073070ac7aa802958ae3ec04 # predicate@1.0.0 + - uses: actions/attest-build-provenance/predicate@46e4ff8b824dc6ae13c8f92c8ba69907e2d39b4e # predicate@1.1.0 id: generate-build-provenance-predicate - - uses: actions/attest@32795ed9174327efe1734fa6d09c9223658ef225 # v1.2.0 + - uses: actions/attest@b24527d9cbfd6c27196c10f8dccbacaa2a1c53f2 # v1.3.0 id: attest with: subject-path: ${{ inputs.subject-path }}