From ab63402e2b6ac3b2c2a135516372ceedbd21816b Mon Sep 17 00:00:00 2001 From: Jam Balaya Date: Fri, 13 Dec 2024 05:47:47 +0900 Subject: [PATCH] Bump `actions/attest-build-provenance` GitHub Actions (#35635) Co-authored-by: Alex Nguyen <150945400+nguyenalex836@users.noreply.github.com> --- ...rtifact-attestations-to-establish-provenance-for-builds.md | 4 ++-- .../publishing-packages/publishing-docker-images.md | 4 ++-- data/reusables/package_registry/publish-docker-image.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md index 84edd58697cc..e2c3d495978f 100644 --- a/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md +++ b/content/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.md @@ -76,7 +76,7 @@ When you run your updated workflows, they will build your artifacts and generate ```yaml - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-path: 'PATH/TO/ARTIFACT' ``` @@ -99,7 +99,7 @@ When you run your updated workflows, they will build your artifacts and generate ```yaml - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}{% endraw %} subject-digest: 'sha256:fedcba0...' diff --git a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md index 5d0502e7aed5..1987e5c61a38 100644 --- a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md +++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md @@ -114,7 +114,7 @@ jobs: {% ifversion artifact-attestations %} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} @@ -227,7 +227,7 @@ jobs: {% ifversion artifact-attestations %} - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md index db5956f53b56..1b0a8043029e 100644 --- a/data/reusables/package_registry/publish-docker-image.md +++ b/data/reusables/package_registry/publish-docker-image.md @@ -57,7 +57,7 @@ jobs: {% ifversion artifact-attestations %} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}