diff --git a/.github/workflows/attest.yml b/.github/workflows/attest.yml index c179402..bc24985 100644 --- a/.github/workflows/attest.yml +++ b/.github/workflows/attest.yml @@ -20,6 +20,6 @@ jobs: - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.artifact }} - - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + - uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-path: "*" diff --git a/.github/workflows/build-pyfib.yml b/.github/workflows/build-pyfib.yml index 1355616..3a294bc 100644 --- a/.github/workflows/build-pyfib.yml +++ b/.github/workflows/build-pyfib.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: "3.x" @@ -23,7 +23,7 @@ jobs: run: tar -czf pyfib.tar.gz ./pyfib - name: Attest build provenance - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-path: "pyfib.tar.gz" diff --git a/.github/workflows/ghcr-publish.yml b/.github/workflows/ghcr-publish.yml index d557f56..fc3c4af 100644 --- a/.github/workflows/ghcr-publish.yml +++ b/.github/workflows/ghcr-publish.yml @@ -48,7 +48,7 @@ jobs: tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - name: Attest artifact - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build-and-push.outputs.digest }}