update

slsa-framework · Oct 20, 2022 · 0b41106 · 0b41106
1 parent 0f6d5c9
commit 0b41106
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 19 deletions.
diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml
@@ -112,7 +112,7 @@ jobs:
     steps:
       - name: Generate builder binary
         id: generate
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -145,7 +145,7 @@ jobs:
     needs: [privacy-check, builder, rng]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -176,8 +176,8 @@ jobs:
 
           # Note: this outputs information about resolved arguments, etc.
           # the values are trusted because the compiler is not invoked.
-          echo "../$BUILDER_BINARY" build --dry "$CONFIG_FILE" "$UNTRUSTED_ENVS"
-          "../$BUILDER_BINARY" build --dry "$CONFIG_FILE" "$UNTRUSTED_ENVS"
+          echo "$GITHUB_WORKSPACE/$BUILDER_BINARY" build --dry "$CONFIG_FILE" "$UNTRUSTED_ENVS"
+          "$GITHUB_WORKSPACE/$BUILDER_BINARY" build --dry "$CONFIG_FILE" "$UNTRUSTED_ENVS"
 
   ###################################################################
   #                                                                 #
@@ -191,7 +191,7 @@ jobs:
     needs: [privacy-check, builder, build-dry, rng]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -241,12 +241,12 @@ jobs:
           # Disable set-output command.
           echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`"
 
-          echo "../$BUILDER_BINARY" build "$CONFIG_FILE" "$UNTRUSTED_ENVS"
+          echo "$GITHUB_WORKSPACE/$BUILDER_BINARY" build "$CONFIG_FILE" "$UNTRUSTED_ENVS"
           # Note: We need to provide the asbolute path to the output binary.
           export OUTPUT_BINARY="$PWD/${{ env.GENERATED_BINARY_NAME }}"
-          ../"$BUILDER_BINARY" build "$CONFIG_FILE" "$UNTRUSTED_ENVS"
+          "$GITHUB_WORKSPACE/$BUILDER_BINARY" build "$CONFIG_FILE" "$UNTRUSTED_ENVS"
 
-          mv "${{ env.GENERATED_BINARY_NAME }}" "../$UNTRUSTED_BINARY_NAME"
+          mv "${{ env.GENERATED_BINARY_NAME }}" "$GITHUB_WORKSPACE/$UNTRUSTED_BINARY_NAME"
 
       - name: Upload generated binary
         id: upload
@@ -272,7 +272,7 @@ jobs:
       go-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }}
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -330,7 +330,7 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/') && inputs.upload-assets == true
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

diff --git a/.github/workflows/builder_node_slsa3.yml b/.github/workflows/builder_node_slsa3.yml
@@ -172,7 +172,7 @@ jobs:
     steps:
       - name: Generate builder
         id: generate
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -203,7 +203,7 @@ jobs:
     needs: [privacy-check, builder, rng]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -271,7 +271,7 @@ jobs:
           # files and their hashes, so that we can identify the new file without the need to parse
           # the manifest.json.
           # echo "npm pack --pack-destination="./out"
-          ../"$BUILDER_BINARY" pack \
+          "$GITHUB_WORKSPACE/$BUILDER_BINARY" pack \
             --directory "$UNTRUSTED_DIR"
 
           # cp output into upper folder to make the tarball accessible to
@@ -302,7 +302,7 @@ jobs:
       node-provenance-sha256: ${{ steps.sign-prov.outputs.signed-provenance-sha256 }}
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -359,7 +359,7 @@ jobs:
     needs: [build, provenance]
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -406,6 +406,6 @@ jobs:
           set -euo pipefail
 
           # echo "npm publish ${{ inputs.publish-arguments }}"
-          ../"$BUILDER_BINARY" publish \
+          "$GITHUB_WORKSPACE/$BUILDER_BINARY" publish \
             --publish-arguments "$UNTRUSTED_PUBLISH_ARGUMENTS" \
             --directory "$UNTRUSTED_DIR"
diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml
@@ -91,7 +91,7 @@ jobs:
       packages: write # Needed to login and upload attestations to ghcr.io.
     steps:
       - name: Generate builder
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"

diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml
@@ -108,7 +108,7 @@ jobs:
       actions: read # Needed to read workflow info.
     steps:
       - name: Generate builder
-        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"
@@ -169,7 +169,7 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/') && inputs.upload-assets == true
     steps:
       - name: Checkout builder repository
-        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@3a3bee691c20c5c0ccc6bbd28df5e14bb7c63d53
+        uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@ae7b9550bb87beb718163df78e66ee8267b803ac
         with:
           repository: "${{ needs.detect-env.outputs.repository }}"
           ref: "${{ needs.detect-env.outputs.ref }}"