Bump all GitHub actions. Fix SLSA generator.

All actions are now at their latest versions. Fixes the broken workflows resulting from GitHub deprecating `set-ouput` in actions. Signed-off-by: Mihai Maruseac <[email protected]>
mihaimaruseac · Dec 23, 2022 · 11fab87 · 11fab87
1 parent fbaf143
commit 11fab87
Showing 1 changed file with 17 additions and 8 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -12,30 +12,37 @@ jobs:
       hashes: ${{ steps.hash.outputs.hashes }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
+        with:
+          persist-credentials: false
+
       - name: Setup bazelisk
         uses:  bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0
         with:
           bazelisk-version: "1.11"
+
       - name: Build artifacts
         run: |
           bazel build //...
           cp bazel-bin/src/{fib,hello} .
+
       - name: Generate subject for provenance
         id: hash
         run: |
           set -euo pipefail
           sha256sum fib hello > checksums
-          echo "::set-output name=hashes::$(cat checksums | base64 -w0)"
+          echo "hashes=$(cat checksums | base64 -w0)" >> "${GITHUB_OUTPUT}"
+
       - name: Upload artifacts (1/2)
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
         with:
           name: fib
           path: fib
           if-no-files-found: error
           retention-days: 5
+
       - name: Upload artifacts (2/2)
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
         with:
           name: hello
           path: hello
@@ -48,7 +55,7 @@ jobs:
       actions: read
       id-token: write
       contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
       upload-assets: true
@@ -59,15 +66,17 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/')
     steps:
       - name: Download fib artifact
-        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0
+        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
         with:
           name: fib
+
       - name: Download hello artifact
-        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0
+        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
         with:
           name: hello
+
       - name: Upload assets
-        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
         with:
           files: |
             fib