From 5fad1eac305b4435804b14c992889cc81d3323ac Mon Sep 17 00:00:00 2001 From: JamBalaya56562 Date: Thu, 12 Dec 2024 17:34:39 +0900 Subject: [PATCH] Bump `actions/attest-build-provenance` GitHub Actions --- ...rtifact-attestations-to-establish-provenance-for-builds.md | 4 ++-- .../publishing-packages/publishing-docker-images.md | 4 ++-- data/reusables/package_registry/publish-docker-image.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md index a0fa57db6d49..75aec666760d 100644 --- a/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md +++ b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md @@ -76,7 +76,7 @@ When you run your updated workflows, they will build your artifacts and generate ```yaml - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-path: 'PATH/TO/ARTIFACT' ``` @@ -99,7 +99,7 @@ When you run your updated workflows, they will build your artifacts and generate ```yaml - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}{% endraw %} subject-digest: 'sha256:fedcba0...' diff --git a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md index adebfcbd13eb..653ea615c22f 100644 --- a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md +++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md @@ -114,7 +114,7 @@ jobs: {% ifversion artifact-attestations %} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} @@ -227,7 +227,7 @@ jobs: {% ifversion artifact-attestations %} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md index db5956f53b56..1b0a8043029e 100644 --- a/data/reusables/package_registry/publish-docker-image.md +++ b/data/reusables/package_registry/publish-docker-image.md @@ -57,7 +57,7 @@ jobs: {% ifversion artifact-attestations %} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}